Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230342e302f32342d3234203d3e203432343237.roa
File:                     3139332e372e3230342e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          FNqrnceU3iwVod2WSMXQFQeJdYf+AyNGsDarmParqg0=
Subject key identifier:   69:F6:4C:93:09:FA:06:6B:4E:60:CC:E2:BE:E4:5C:28:71:E6:42:A1
Certificate issuer:       /CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
Certificate serial:       6061F48CD3A7A6A2A406D1834F55CAD012DA0CFC
Authority key identifier: 21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230342e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 01 Sep 2023 11:14:35 +0000
ROA not before:           Fri 01 Sep 2023 11:09:35 +0000
ROA not after:            Fri 30 Aug 2024 11:14:35 +0000
asID:                     42427
IP address blocks:        193.7.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:61:f4:8c:d3:a7:a6:a2:a4:06:d1:83:4f:55:ca:d0:12:da:0c:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
        Validity
            Not Before: Sep  1 11:09:35 2023 GMT
            Not After : Aug 30 11:14:35 2024 GMT
        Subject: CN=69F64C9309FA066B4E60CCE2BEE45C2871E642A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:89:75:7c:99:1c:2b:47:ff:53:36:1a:ff:a3:
                    7d:88:c4:c3:ac:cd:5b:f8:78:ce:0f:e4:e3:ec:ca:
                    73:63:38:65:24:e9:07:f9:d8:93:2c:5e:4e:11:c7:
                    ae:21:cf:b4:50:8e:45:80:23:06:83:1d:02:c6:b5:
                    bb:ad:37:56:d5:d6:3e:cf:e1:9c:4e:0d:f0:41:6f:
                    47:a6:c2:a5:90:68:35:7e:9e:37:9f:93:ea:0a:ec:
                    89:71:b6:4e:26:c2:78:78:4b:35:f4:3d:d2:ea:1b:
                    40:2c:fa:19:ef:56:20:81:c5:6b:33:70:83:46:2d:
                    a7:42:39:76:e6:fc:3a:f6:06:59:e3:fc:f9:31:77:
                    32:a4:b0:00:f9:0e:dc:ba:3a:81:51:cc:6a:8a:55:
                    5d:a0:fc:30:6c:94:a5:6a:45:d3:75:bd:72:62:d6:
                    e0:14:dd:72:15:b7:8b:bf:12:7a:45:7d:8f:ef:ed:
                    e7:82:96:71:43:1c:8f:bf:fd:d0:6e:c4:a5:6f:88:
                    5e:1d:7e:3c:cf:9b:a7:86:e5:c2:1e:e0:f9:7f:0a:
                    be:b7:06:f3:9e:06:8f:dc:0f:89:ce:84:8e:5c:16:
                    44:fd:47:ba:90:e8:69:99:2d:8b:73:d3:e4:c4:68:
                    8b:63:79:90:a4:e7:e3:fb:32:a5:4c:92:63:4a:8e:
                    f4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:F6:4C:93:09:FA:06:6B:4E:60:CC:E2:BE:E4:5C:28:71:E6:42:A1
            X509v3 Authority Key Identifier:
                keyid:21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230342e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:31:62:1f:8f:7d:53:1f:cb:17:0e:31:06:3e:10:8b:6c:19:
         f4:1c:30:cf:03:fc:55:ad:5e:14:66:14:8e:9b:d1:d6:af:4f:
         0e:34:5d:5a:f8:3a:89:66:6b:c8:1f:aa:53:9a:45:95:4b:2e:
         f8:b2:69:bf:c1:01:87:f6:27:f6:5d:04:f5:83:78:e8:3a:37:
         ab:c1:e8:ae:d3:63:05:3a:f8:7e:60:af:ac:a3:89:1f:1c:95:
         99:88:f4:69:ff:ae:4d:2e:4c:a1:fb:44:dc:97:76:52:68:76:
         0c:e7:a8:dc:61:41:60:5d:ec:17:e4:a5:c2:c3:5d:b0:56:a1:
         95:38:bf:9d:8d:b0:da:8b:fb:50:bc:b9:03:1b:79:9f:68:0a:
         7e:c0:a6:2e:77:a6:07:a0:81:8b:7a:c8:45:dd:62:f9:e7:4a:
         8d:3e:cc:42:81:8b:bb:79:03:9d:03:19:2f:56:f3:fc:69:bd:
         be:34:cb:12:fa:14:8b:3c:b8:2f:28:93:a5:b7:3e:2a:a6:80:
         a9:28:f1:01:f5:4a:1b:78:f5:17:5f:e0:7a:09:ac:62:71:ce:
         a8:b7:d4:e8:ef:a0:52:cc:c1:9b:dd:d0:c5:36:bc:45:98:76:
         35:77:29:d7:8b:58:8f:7b:0f:f9:c8:03:56:38:67:34:1d:ef:
         35:f8:5f:74
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUYGH0jNOnpqKkBtGDT1XK0BLaDPwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjExYTA0ODg5MDk2OWZhN2Q0YjZhZWY4YzAyMGNkYTQ0
NDRlYzJlNTAeFw0yMzA5MDExMTA5MzVaFw0yNDA4MzAxMTE0MzVaMDMxMTAvBgNV
BAMTKDY5RjY0QzkzMDlGQTA2NkI0RTYwQ0NFMkJFRTQ1QzI4NzFFNjQyQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPiXV8mRwrR/9TNhr/o32IxMOs
zVv4eM4P5OPsynNjOGUk6Qf52JMsXk4Rx64hz7RQjkWAIwaDHQLGtbutN1bV1j7P
4ZxODfBBb0emwqWQaDV+njefk+oK7Ilxtk4mwnh4SzX0PdLqG0As+hnvViCBxWsz
cINGLadCOXbm/Dr2Blnj/PkxdzKksAD5Dty6OoFRzGqKVV2g/DBslKVqRdN1vXJi
1uAU3XIVt4u/EnpFfY/v7eeClnFDHI+//dBuxKVviF4dfjzPm6eG5cIe4Pl/Cr63
BvOeBo/cD4nOhI5cFkT9R7qQ6GmZLYtz0+TEaItjeZCk5+P7MqVMkmNKjvRdAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUafZMkwn6BmtOYMzivuRcKHHmQqEwHwYDVR0j
BBgwFoAUIRoEiJCWn6fUtq74wCDNpEROwuUwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzIvMjExQTA0ODg5MDk2OUZBN0Q0QjZBRUY4QzAyMENE
QTQ0NDRFQzJFNS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lSb0VpSkNXbjZm
VXRxNzR3Q0ROcEVST3d1VS5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMi8zMTM5MzMyZTM3MmUzMjMwMzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQfMMA0GCSqGSIb3DQEBCwUAA4IBAQCg
MWIfj31TH8sXDjEGPhCLbBn0HDDPA/xVrV4UZhSOm9HWr08ONF1a+DqJZmvIH6pT
mkWVSy74smm/wQGH9if2XQT1g3joOjerweiu02MFOvh+YK+so4kfHJWZiPRp/65N
Lkyh+0Tcl3ZSaHYM56jcYUFgXewX5KXCw12wVqGVOL+djbDai/tQvLkDG3mfaAp+
wKYud6YHoIGLeshF3WL550qNPsxCgYu7eQOdAxkvVvP8ab2+NMsS+hSLPLgvKJOl
tz4qpoCpKPEB9UobePUXX+B6Caxicc6ot9To76BSzMGb3dDFNrxFmHY1dynXi1iP
ew/5yANWOGc0He81+F90
-----END CERTIFICATE-----