Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3131302e302f32332d3233203d3e203339353838.roa
File:                     3139342e3130342e3131302e302f32332d3233203d3e203339353838.roa (raw, json)
Hash identifier:          FdUbZ3jmqgPfe+K0dS/rm+Mgi/oXoYc47XQ0u8ugCcU=
Subject key identifier:   6B:F8:C5:5E:78:2F:67:04:D4:38:FA:83:71:9D:5D:90:BE:3A:E0:67
Certificate issuer:       /CN=d40581ca9ddaca9e110165b11dd2820dd7f532c0
Certificate serial:       0AE099EFDBA3D22B98755AD2CD3156CC7A578D2D
Authority key identifier: D4:05:81:CA:9D:DA:CA:9E:11:01:65:B1:1D:D2:82:0D:D7:F5:32:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3131302e302f32332d3233203d3e203339353838.roa
Signing time:             Fri 01 Sep 2023 11:14:36 +0000
ROA not before:           Fri 01 Sep 2023 11:09:36 +0000
ROA not after:            Fri 30 Aug 2024 11:14:36 +0000
asID:                     39588
IP address blocks:        194.104.110.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 08:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:e0:99:ef:db:a3:d2:2b:98:75:5a:d2:cd:31:56:cc:7a:57:8d:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d40581ca9ddaca9e110165b11dd2820dd7f532c0
        Validity
            Not Before: Sep  1 11:09:36 2023 GMT
            Not After : Aug 30 11:14:36 2024 GMT
        Subject: CN=6BF8C55E782F6704D438FA83719D5D90BE3AE067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:d6:54:47:55:d8:d2:ab:48:91:dc:fe:db:11:
                    a7:c6:e5:fd:1c:09:62:da:ce:82:aa:72:c9:58:36:
                    ac:97:b0:1d:25:4c:3b:ef:cd:8e:b7:c3:1b:5c:8e:
                    e0:81:d7:9f:a5:4c:a0:6d:15:2a:ee:2e:b5:d6:b9:
                    12:54:5e:1d:f9:4a:d3:66:e8:3d:04:97:82:b4:cd:
                    36:4b:7c:ad:36:8f:6b:07:84:5f:47:d7:aa:2e:0b:
                    5d:21:18:e0:cb:63:9d:18:70:e1:d3:fc:d8:c2:da:
                    1f:72:c0:fa:d0:4e:16:2d:dc:ee:8e:cb:69:dd:23:
                    7d:5c:14:9e:36:e0:d2:e4:31:54:7e:63:d5:09:6f:
                    46:f7:f2:d3:75:49:0e:f2:a9:ec:9d:8d:70:f7:15:
                    fb:57:34:1c:0e:56:da:0c:6a:a1:71:09:41:49:04:
                    b7:b6:2e:89:98:26:e5:ab:16:64:79:75:da:76:13:
                    83:98:99:80:92:93:07:b9:b9:43:71:5d:25:e5:7e:
                    27:52:65:5f:73:51:8a:0a:63:77:f2:59:11:a6:2e:
                    16:19:bf:8f:53:de:76:04:84:f4:6e:2f:40:fd:07:
                    89:74:75:f2:14:44:0d:9b:d2:f4:25:fe:71:6a:bc:
                    c3:e6:e1:4d:e2:a8:6f:14:8e:33:93:bf:05:57:34:
                    f2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F8:C5:5E:78:2F:67:04:D4:38:FA:83:71:9D:5D:90:BE:3A:E0:67
            X509v3 Authority Key Identifier:
                keyid:D4:05:81:CA:9D:DA:CA:9E:11:01:65:B1:1D:D2:82:0D:D7:F5:32:C0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3131302e302f32332d3233203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:79:5e:2b:b9:04:52:f0:bf:4c:0a:10:ab:53:9e:27:c1:9c:
         fe:3d:39:9d:c0:5d:75:63:8a:be:e6:c7:e2:24:f9:e5:80:8c:
         8c:b4:99:04:e3:e2:81:f6:32:bc:87:3b:d1:f4:94:16:ab:28:
         5e:e4:a7:2d:5c:6b:c1:8e:13:ec:8b:bd:d3:3d:21:44:79:68:
         d4:45:9d:e1:90:c1:77:ed:a0:a1:8e:e8:9a:d5:ed:02:6b:f1:
         2e:67:83:08:33:74:25:25:99:1a:ac:8c:88:9e:5c:73:9e:e9:
         d7:e6:3a:eb:81:17:8e:0e:40:dd:e9:9e:a1:fd:e5:a4:0d:3e:
         0d:e1:1e:d3:4c:94:91:3f:98:c9:50:ff:8e:f2:aa:dd:99:cb:
         17:38:58:2c:67:54:40:26:53:9c:47:57:2d:10:b6:16:c6:43:
         d1:1f:f4:1a:23:d4:80:29:dc:7e:c0:60:b5:84:f6:9b:6b:27:
         e3:b5:12:00:28:20:b7:95:3b:ea:56:59:d0:fb:14:4e:ce:5c:
         99:fe:16:6b:1d:12:d6:3b:a9:da:2e:41:bd:c1:aa:72:ba:37:
         5b:e7:31:f2:8b:47:1f:41:98:01:90:99:a7:72:b3:56:fe:ff:
         e1:18:de:44:b8:f2:c0:7e:9c:b6:60:af:4e:93:fa:5d:2d:65:
         b9:07:1b:92
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIUCuCZ79uj0iuYdVrSzTFWzHpXjS0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQwNTgxY2E5ZGRhY2E5ZTExMDE2NWIxMWRkMjgyMGRk
N2Y1MzJjMDAeFw0yMzA5MDExMTA5MzZaFw0yNDA4MzAxMTE0MzZaMDMxMTAvBgNV
BAMTKDZCRjhDNTVFNzgyRjY3MDRENDM4RkE4MzcxOUQ1RDkwQkUzQUUwNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp1lRHVdjSq0iR3P7bEafG5f0c
CWLazoKqcslYNqyXsB0lTDvvzY63wxtcjuCB15+lTKBtFSruLrXWuRJUXh35StNm
6D0El4K0zTZLfK02j2sHhF9H16ouC10hGODLY50YcOHT/NjC2h9ywPrQThYt3O6O
y2ndI31cFJ424NLkMVR+Y9UJb0b38tN1SQ7yqeydjXD3FftXNBwOVtoMaqFxCUFJ
BLe2LomYJuWrFmR5ddp2E4OYmYCSkwe5uUNxXSXlfidSZV9zUYoKY3fyWRGmLhYZ
v49T3nYEhPRuL0D9B4l0dfIURA2b0vQl/nFqvMPm4U3iqG8UjjOTvwVXNPIBAgMB
AAGjggH6MIIB9jAdBgNVHQ4EFgQUa/jFXngvZwTUOPqDcZ1dkL464GcwHwYDVR0j
BBgwFoAU1AWByp3ayp4RAWWxHdKCDdf1MsAwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzEvRDQwNTgxQ0E5RERBQ0E5RTExMDE2NUIxMUREMjgy
MEREN0Y1MzJDMC5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFBV0J5cDNheXA0
UkFXV3hIZEtDRGRmMU1zQS5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzEvMzEzOTM0MmUzMTMwMzQyZTMxMzEzMDJlMzAyZjMyMzMyZDMyMzMy
MDNkM2UyMDMzMzkzNTM4Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHCaG4wDQYJKoZIhvcNAQELBQAD
ggEBAI55Xiu5BFLwv0wKEKtTnifBnP49OZ3AXXVjir7mx+Ik+eWAjIy0mQTj4oH2
MryHO9H0lBarKF7kpy1ca8GOE+yLvdM9IUR5aNRFneGQwXftoKGO6JrV7QJr8S5n
gwgzdCUlmRqsjIieXHOe6dfmOuuBF44OQN3pnqH95aQNPg3hHtNMlJE/mMlQ/47y
qt2Zyxc4WCxnVEAmU5xHVy0QthbGQ9Ef9Boj1IAp3H7AYLWE9ptrJ+O1EgAoILeV
O+pWWdD7FE7OXJn+FmsdEtY7qdouQb3BqnK6N1vnMfKLRx9BmAGQmadys1b+/+EY
3kS48sB+nLZgr06T+l0tZbkHG5I=
-----END CERTIFICATE-----