Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa
File:                     3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa (raw, json)
Hash identifier:          af+pTrKBPoiK3of/hn7o/u76moYn+AMGnAoNy+m47CA=
Subject key identifier:   9D:FA:D2:B9:E6:5B:06:1B:25:0E:F3:BB:5C:12:69:C1:AC:E8:11:D5
Certificate issuer:       /CN=d40581ca9ddaca9e110165b11dd2820dd7f532c0
Certificate serial:       02E573E9C13CA772501CECBF8070C0E44F416891
Authority key identifier: D4:05:81:CA:9D:DA:CA:9E:11:01:65:B1:1D:D2:82:0D:D7:F5:32:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa
Signing time:             Fri 01 Sep 2023 11:14:35 +0000
ROA not before:           Fri 01 Sep 2023 11:09:35 +0000
ROA not after:            Fri 30 Aug 2024 11:14:35 +0000
asID:                     39588
IP address blocks:        194.104.108.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:e5:73:e9:c1:3c:a7:72:50:1c:ec:bf:80:70:c0:e4:4f:41:68:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d40581ca9ddaca9e110165b11dd2820dd7f532c0
        Validity
            Not Before: Sep  1 11:09:35 2023 GMT
            Not After : Aug 30 11:14:35 2024 GMT
        Subject: CN=9DFAD2B9E65B061B250EF3BB5C1269C1ACE811D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ea:46:28:11:3d:2c:37:85:e6:2c:c3:ac:e3:
                    6e:5e:aa:a8:c5:c1:28:1d:6d:a2:f0:3d:b9:15:6f:
                    92:06:52:48:1d:57:c0:fe:e1:ed:f1:aa:b3:5c:5c:
                    27:be:47:00:f8:e3:b2:3d:49:48:81:ec:cf:b4:73:
                    f4:50:17:60:0f:be:e2:1a:db:df:ea:d0:f9:f2:f3:
                    7c:30:5c:33:4d:75:d1:ab:0c:e3:cb:99:41:ea:4c:
                    d4:11:e3:d7:ef:14:b6:3f:2a:a6:33:95:05:dd:08:
                    e9:11:90:47:48:6e:d9:6b:e6:86:35:14:cd:83:19:
                    cb:e9:40:6c:e9:83:53:9d:83:aa:c0:9f:a3:30:1d:
                    72:06:ff:62:30:80:c2:16:a2:ad:0e:65:26:92:2a:
                    ea:34:9b:24:f9:f2:e9:26:a8:55:04:78:b4:dd:32:
                    b7:6b:43:51:92:c3:54:bf:cf:78:f8:a0:b0:57:51:
                    20:d8:8b:fe:98:b1:ba:18:f8:1b:b0:45:cd:67:93:
                    1c:ae:ab:6b:5a:ed:09:e9:52:00:15:f1:90:22:ca:
                    67:66:b5:e5:85:56:b6:bd:c1:d4:13:c3:22:53:71:
                    4b:b6:38:d4:f2:77:19:3f:ac:cb:14:85:25:38:19:
                    01:31:da:32:92:80:20:91:8a:81:48:1f:6c:e8:01:
                    3a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:FA:D2:B9:E6:5B:06:1B:25:0E:F3:BB:5C:12:69:C1:AC:E8:11:D5
            X509v3 Authority Key Identifier:
                keyid:D4:05:81:CA:9D:DA:CA:9E:11:01:65:B1:1D:D2:82:0D:D7:F5:32:C0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:cf:e0:b9:0d:03:f8:e1:0b:39:90:a4:35:81:65:cd:c1:e2:
         cc:26:b1:27:aa:6f:d1:9d:cf:ee:b8:4d:cb:48:bd:07:d2:0e:
         43:ec:96:21:e2:89:aa:6c:17:91:bc:15:76:53:19:da:3f:fd:
         29:fb:5c:3c:5f:c0:32:1c:96:67:64:48:d4:2a:56:f6:57:3e:
         73:b3:87:7a:f4:ec:70:ea:ab:58:84:04:db:fb:e3:60:78:ff:
         3c:39:bc:6c:8e:60:0b:09:a2:e1:41:8f:cf:43:3b:3c:dc:0b:
         07:39:57:be:2a:83:ea:18:40:07:6c:e5:85:a7:b9:3a:a4:03:
         c9:59:4b:30:6b:1e:dd:9d:fc:35:3d:59:ec:e8:5f:e5:aa:b3:
         00:72:43:70:56:a7:6c:d7:b4:fb:69:8f:9a:e1:7c:6e:14:d1:
         8f:07:62:6a:d9:0d:45:9a:08:49:d4:50:15:d1:a5:9d:5a:b7:
         8e:12:54:b1:38:7e:f2:ca:39:3b:0e:96:f0:23:8f:8b:03:b5:
         91:43:5d:d0:f3:fd:8d:f5:b3:41:af:29:05:f8:60:7a:87:09:
         45:27:2a:45:21:96:2b:4d:8b:07:45:48:06:93:3b:15:ba:36:
         39:52:a4:00:a3:28:47:1c:48:f9:83:70:49:3b:e1:af:bd:b2:
         00:2b:0c:3b
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIUAuVz6cE8p3JQHOy/gHDA5E9BaJEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQwNTgxY2E5ZGRhY2E5ZTExMDE2NWIxMWRkMjgyMGRk
N2Y1MzJjMDAeFw0yMzA5MDExMTA5MzVaFw0yNDA4MzAxMTE0MzVaMDMxMTAvBgNV
BAMTKDlERkFEMkI5RTY1QjA2MUIyNTBFRjNCQjVDMTI2OUMxQUNFODExRDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu6kYoET0sN4XmLMOs425eqqjF
wSgdbaLwPbkVb5IGUkgdV8D+4e3xqrNcXCe+RwD447I9SUiB7M+0c/RQF2APvuIa
29/q0Pny83wwXDNNddGrDOPLmUHqTNQR49fvFLY/KqYzlQXdCOkRkEdIbtlr5oY1
FM2DGcvpQGzpg1Odg6rAn6MwHXIG/2IwgMIWoq0OZSaSKuo0myT58ukmqFUEeLTd
MrdrQ1GSw1S/z3j4oLBXUSDYi/6YsboY+BuwRc1nkxyuq2ta7QnpUgAV8ZAiymdm
teWFVra9wdQTwyJTcUu2ONTydxk/rMsUhSU4GQEx2jKSgCCRioFIH2zoATpDAgMB
AAGjggH6MIIB9jAdBgNVHQ4EFgQUnfrSueZbBhslDvO7XBJpwazoEdUwHwYDVR0j
BBgwFoAU1AWByp3ayp4RAWWxHdKCDdf1MsAwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzEvRDQwNTgxQ0E5RERBQ0E5RTExMDE2NUIxMUREMjgy
MEREN0Y1MzJDMC5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFBV0J5cDNheXA0
UkFXV3hIZEtDRGRmMU1zQS5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzEvMzEzOTM0MmUzMTMwMzQyZTMxMzAzODJlMzAyZjMyMzMyZDMyMzMy
MDNkM2UyMDMzMzkzNTM4Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHCaGwwDQYJKoZIhvcNAQELBQAD
ggEBABbP4LkNA/jhCzmQpDWBZc3B4swmsSeqb9Gdz+64TctIvQfSDkPsliHiiaps
F5G8FXZTGdo//Sn7XDxfwDIclmdkSNQqVvZXPnOzh3r07HDqq1iEBNv742B4/zw5
vGyOYAsJouFBj89DOzzcCwc5V74qg+oYQAds5YWnuTqkA8lZSzBrHt2d/DU9Wezo
X+WqswByQ3BWp2zXtPtpj5rhfG4U0Y8HYmrZDUWaCEnUUBXRpZ1at44SVLE4fvLK
OTsOlvAjj4sDtZFDXdDz/Y31s0GvKQX4YHqHCUUnKkUhlitNiwdFSAaTOxW6NjlS
pACjKEccSPmDcEk74a+9sgArDDs=
-----END CERTIFICATE-----