Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3131302e302f32332d3233203d3e203339353838.roa
File:                     3139342e3130342e3131302e302f32332d3233203d3e203339353838.roa (raw, json)
Hash identifier:          XNpTfw0GR0xZwJyCQLIkDsV7NTLx+baYV6zLrseLr90=
Subject key identifier:   5A:D4:CE:4A:30:CF:D8:51:9D:0A:CD:C5:61:C7:97:4E:2C:E2:93:23
Certificate issuer:       /CN=d40581ca9ddaca9e110165b11dd2820dd7f532c0
Certificate serial:       7EEE2A050D1FD8C97B9ED616B251BFA894172A76
Authority key identifier: D4:05:81:CA:9D:DA:CA:9E:11:01:65:B1:1D:D2:82:0D:D7:F5:32:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3131302e302f32332d3233203d3e203339353838.roa
Signing time:             Fri 02 Aug 2024 11:24:33 +0000
ROA not before:           Fri 02 Aug 2024 11:19:33 +0000
ROA not after:            Fri 01 Aug 2025 11:24:33 +0000
asID:                     39588
IP address blocks:        194.104.110.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:ee:2a:05:0d:1f:d8:c9:7b:9e:d6:16:b2:51:bf:a8:94:17:2a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d40581ca9ddaca9e110165b11dd2820dd7f532c0
        Validity
            Not Before: Aug  2 11:19:33 2024 GMT
            Not After : Aug  1 11:24:33 2025 GMT
        Subject: CN=5AD4CE4A30CFD8519D0ACDC561C7974E2CE29323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bb:48:a8:1a:e4:62:a1:9e:27:b1:ec:2c:df:
                    3e:43:56:9f:c3:07:b2:86:b7:fd:20:0f:72:21:b5:
                    c0:9f:ff:5d:b3:71:98:d9:1c:23:ef:72:ab:9e:31:
                    e8:f2:01:d3:2d:3e:5f:e4:34:9d:e7:54:71:bf:a7:
                    17:f8:3b:f5:33:74:d8:17:07:de:b3:65:55:49:d7:
                    72:51:5b:cb:fb:39:62:2f:b7:e5:22:79:5a:3b:ba:
                    d4:f8:fc:d7:09:50:30:d6:41:f1:6c:0e:46:ff:39:
                    f0:6c:6d:39:f3:3c:ac:c2:55:b9:92:77:26:dc:d4:
                    f4:cf:d5:9e:7d:89:1e:8e:fa:cb:b0:54:7a:d1:83:
                    3f:ac:0d:2d:ca:d7:ce:4f:ab:cd:37:a3:de:bb:a2:
                    89:f5:b2:e4:cc:b7:33:8f:03:a3:08:d6:86:c4:b4:
                    86:09:43:1c:6f:b4:a0:e9:1d:29:21:eb:86:d5:e7:
                    ab:75:4b:e3:50:0d:5a:db:a2:0c:27:a1:d6:c7:ad:
                    f1:9e:ee:f5:f8:b9:0d:03:f1:7c:2c:a7:ba:96:73:
                    b9:ef:89:b1:b0:52:61:a0:a0:cc:56:d2:7d:15:57:
                    17:6b:d8:5f:98:29:27:66:90:90:a8:53:0c:24:58:
                    6a:2d:9c:00:14:01:b2:05:f7:c8:56:c1:ad:37:5e:
                    bd:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:D4:CE:4A:30:CF:D8:51:9D:0A:CD:C5:61:C7:97:4E:2C:E2:93:23
            X509v3 Authority Key Identifier:
                keyid:D4:05:81:CA:9D:DA:CA:9E:11:01:65:B1:1D:D2:82:0D:D7:F5:32:C0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3131302e302f32332d3233203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:27:f6:af:c1:e9:7e:72:31:25:3a:d9:40:5a:e0:55:71:3e:
         ef:08:05:32:97:a9:f8:8c:79:88:18:ea:85:50:93:8d:80:5f:
         0a:ec:b3:b4:6e:86:3e:4d:50:fe:69:01:0e:a0:fe:42:5b:f0:
         72:ef:50:65:4b:55:c1:86:bc:86:08:de:72:09:33:3e:6c:ec:
         fa:3c:21:4e:32:e6:5b:88:e7:2c:89:58:1a:ed:97:4c:d9:2d:
         84:a3:6f:b9:d3:50:7c:01:74:93:b2:87:6c:ea:1f:d7:14:6d:
         e3:14:37:11:f0:d6:f6:18:c7:c3:d6:ad:87:e9:10:0d:cf:1f:
         8a:e7:17:d1:22:3c:7c:44:a3:fd:ef:f3:0b:33:f3:09:49:b6:
         b2:3d:75:94:93:a2:96:cd:ea:b4:f3:a8:2b:6a:cf:1d:3f:13:
         62:f9:9e:72:57:86:18:55:b7:3b:13:ba:f6:07:43:c9:20:d7:
         e3:b6:e3:03:c1:d3:8d:de:b7:5d:c5:2f:a1:38:91:09:20:42:
         20:b5:11:03:d8:92:a2:c6:99:1a:f7:c5:c0:93:57:fa:af:a3:
         42:8e:08:bb:ba:b6:0c:4e:15:0c:09:3c:d6:55:be:9c:ed:1c:
         9f:e7:53:c0:cc:ca:8b:5f:56:f4:23:e8:59:be:9c:3a:5d:49:
         4d:48:d4:7b
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIUfu4qBQ0f2Ml7ntYWslG/qJQXKnYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQwNTgxY2E5ZGRhY2E5ZTExMDE2NWIxMWRkMjgyMGRk
N2Y1MzJjMDAeFw0yNDA4MDIxMTE5MzNaFw0yNTA4MDExMTI0MzNaMDMxMTAvBgNV
BAMTKDVBRDRDRTRBMzBDRkQ4NTE5RDBBQ0RDNTYxQzc5NzRFMkNFMjkzMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzu0ioGuRioZ4nsews3z5DVp/D
B7KGt/0gD3IhtcCf/12zcZjZHCPvcqueMejyAdMtPl/kNJ3nVHG/pxf4O/UzdNgX
B96zZVVJ13JRW8v7OWIvt+UieVo7utT4/NcJUDDWQfFsDkb/OfBsbTnzPKzCVbmS
dybc1PTP1Z59iR6O+suwVHrRgz+sDS3K185Pq803o967oon1suTMtzOPA6MI1obE
tIYJQxxvtKDpHSkh64bV56t1S+NQDVrbogwnodbHrfGe7vX4uQ0D8Xwsp7qWc7nv
ibGwUmGgoMxW0n0VVxdr2F+YKSdmkJCoUwwkWGotnAAUAbIF98hWwa03Xr2jAgMB
AAGjggH6MIIB9jAdBgNVHQ4EFgQUWtTOSjDP2FGdCs3FYceXTizikyMwHwYDVR0j
BBgwFoAU1AWByp3ayp4RAWWxHdKCDdf1MsAwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzEvRDQwNTgxQ0E5RERBQ0E5RTExMDE2NUIxMUREMjgy
MEREN0Y1MzJDMC5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFBV0J5cDNheXA0
UkFXV3hIZEtDRGRmMU1zQS5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzEvMzEzOTM0MmUzMTMwMzQyZTMxMzEzMDJlMzAyZjMyMzMyZDMyMzMy
MDNkM2UyMDMzMzkzNTM4Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHCaG4wDQYJKoZIhvcNAQELBQAD
ggEBAGon9q/B6X5yMSU62UBa4FVxPu8IBTKXqfiMeYgY6oVQk42AXwrss7Ruhj5N
UP5pAQ6g/kJb8HLvUGVLVcGGvIYI3nIJMz5s7Po8IU4y5luI5yyJWBrtl0zZLYSj
b7nTUHwBdJOyh2zqH9cUbeMUNxHw1vYYx8PWrYfpEA3PH4rnF9EiPHxEo/3v8wsz
8wlJtrI9dZSTopbN6rTzqCtqzx0/E2L5nnJXhhhVtzsTuvYHQ8kg1+O24wPB043e
t13FL6E4kQkgQiC1EQPYkqLGmRr3xcCTV/qvo0KOCLu6tgxOFQwJPNZVvpztHJ/n
U8DMyotfVvQj6Fm+nDpdSU1I1Hs=
-----END CERTIFICATE-----