Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230362e302f32342d3234203d3e203630343932.roa
File:                     3139332e372e3230362e302f32342d3234203d3e203630343932.roa (raw, json)
Hash identifier:          ldJu5L3FZrq+v5EO0j3Bgz2Qf3cW0RGCFf99rYq9lJs=
Subject key identifier:   E7:37:80:FB:80:05:8B:AB:1B:79:F9:CE:1F:BE:21:89:CD:60:8A:A4
Certificate issuer:       /CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
Certificate serial:       07AF9994FE5EE77BA84A9D33266F1EB7A7B3D712
Authority key identifier: 21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230362e302f32342d3234203d3e203630343932.roa
Signing time:             Fri 02 Aug 2024 11:24:33 +0000
ROA not before:           Fri 02 Aug 2024 11:19:33 +0000
ROA not after:            Fri 01 Aug 2025 11:24:33 +0000
asID:                     60492
IP address blocks:        193.7.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 14:06:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:af:99:94:fe:5e:e7:7b:a8:4a:9d:33:26:6f:1e:b7:a7:b3:d7:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
        Validity
            Not Before: Aug  2 11:19:33 2024 GMT
            Not After : Aug  1 11:24:33 2025 GMT
        Subject: CN=E73780FB80058BAB1B79F9CE1FBE2189CD608AA4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:0d:f2:7f:e0:e5:0e:0c:13:61:cb:c1:24:2a:
                    b9:0e:8e:95:c2:1e:2f:fb:f6:eb:3e:a8:1c:f0:0e:
                    f5:b5:4a:39:a4:bb:3c:71:c1:63:90:7c:e9:e5:e0:
                    da:66:84:2d:c7:58:ac:9d:4d:6d:41:1b:37:03:b1:
                    72:d9:11:f1:f1:21:36:63:6d:bb:01:ed:93:0d:0d:
                    2f:2b:ba:53:4e:e8:09:d1:ab:d1:98:22:cd:e2:eb:
                    e4:42:6e:b8:00:2b:47:8e:15:a0:aa:67:f2:8c:7a:
                    ff:e3:a4:4c:d1:95:ca:ca:87:59:94:96:94:73:2e:
                    91:12:29:ae:11:f3:ac:fa:e1:93:91:6a:9d:5a:21:
                    e4:2b:1a:db:66:3d:e7:5e:51:db:d9:86:9b:ba:42:
                    69:58:6d:06:d2:59:7a:01:14:8b:c3:04:5b:e3:93:
                    6a:9e:f0:30:5e:83:a5:e2:7a:03:25:6a:db:57:3e:
                    4f:b3:9b:60:ad:8d:61:72:45:db:af:aa:ae:5b:92:
                    9f:74:7f:ec:4a:da:0f:87:8d:b9:48:1c:f8:18:1a:
                    bb:c6:7f:c5:da:cd:22:d3:f6:db:ea:9b:4e:39:d2:
                    b8:f5:20:9a:bb:d7:3c:e9:fa:ac:fa:54:35:a6:98:
                    5c:13:3b:f0:d4:c5:0d:6d:b4:fa:05:73:bb:0f:9b:
                    ea:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:37:80:FB:80:05:8B:AB:1B:79:F9:CE:1F:BE:21:89:CD:60:8A:A4
            X509v3 Authority Key Identifier:
                keyid:21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230362e302f32342d3234203d3e203630343932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:09:6e:8e:43:6f:d9:92:64:9e:f9:86:e2:15:ec:6f:fd:62:
         e7:64:9d:b6:d6:32:81:46:e5:f1:2f:66:5b:c8:33:b4:7b:f3:
         57:a9:1c:0f:7e:49:a1:3e:80:b6:37:83:5d:51:8b:6d:9c:89:
         19:23:a9:b7:6d:4a:0b:d8:8a:70:4b:ee:16:0b:da:76:f9:ea:
         13:19:02:e2:5c:11:f6:bc:ee:bd:cb:c1:93:1c:75:b5:a1:68:
         ba:28:0b:a9:89:9a:72:77:c2:14:89:ec:36:1f:67:a6:67:50:
         0f:02:10:1f:fe:2c:95:20:a3:79:17:b2:ec:50:56:5a:a8:82:
         a7:d2:6a:bb:f4:fb:51:88:25:d7:29:57:58:04:59:64:b0:e5:
         57:0a:55:c3:28:b5:98:99:85:f0:f0:d7:90:be:f7:ca:00:2b:
         6a:51:55:e7:4c:34:75:93:d7:91:b0:3d:64:c7:6e:f7:94:3e:
         23:2f:1f:34:6d:ce:78:39:80:81:b8:fb:45:a8:50:4d:ac:97:
         c9:41:77:f0:fb:54:8d:70:42:22:68:8c:44:a8:47:f5:19:01:
         f7:4c:23:41:85:e3:86:de:bb:e1:81:a3:e3:a6:5f:04:0d:95:
         7c:1e:f9:b1:1f:5e:44:93:74:d6:e4:80:dc:88:7b:3c:01:3c:
         55:23:8d:33
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUB6+ZlP5e53uoSp0zJm8et6ez1xIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjExYTA0ODg5MDk2OWZhN2Q0YjZhZWY4YzAyMGNkYTQ0
NDRlYzJlNTAeFw0yNDA4MDIxMTE5MzNaFw0yNTA4MDExMTI0MzNaMDMxMTAvBgNV
BAMTKEU3Mzc4MEZCODAwNThCQUIxQjc5RjlDRTFGQkUyMTg5Q0Q2MDhBQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoDfJ/4OUODBNhy8EkKrkOjpXC
Hi/79us+qBzwDvW1SjmkuzxxwWOQfOnl4NpmhC3HWKydTW1BGzcDsXLZEfHxITZj
bbsB7ZMNDS8rulNO6AnRq9GYIs3i6+RCbrgAK0eOFaCqZ/KMev/jpEzRlcrKh1mU
lpRzLpESKa4R86z64ZORap1aIeQrGttmPedeUdvZhpu6QmlYbQbSWXoBFIvDBFvj
k2qe8DBeg6XiegMlattXPk+zm2CtjWFyRduvqq5bkp90f+xK2g+HjblIHPgYGrvG
f8XazSLT9tvqm0450rj1IJq71zzp+qz6VDWmmFwTO/DUxQ1ttPoFc7sPm+pjAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQU5zeA+4AFi6sbefnOH74hic1giqQwHwYDVR0j
BBgwFoAUIRoEiJCWn6fUtq74wCDNpEROwuUwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzIvMjExQTA0ODg5MDk2OUZBN0Q0QjZBRUY4QzAyMENE
QTQ0NDRFQzJFNS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lSb0VpSkNXbjZm
VXRxNzR3Q0ROcEVST3d1VS5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMi8zMTM5MzMyZTM3MmUzMjMwMzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNjMwMzQzOTMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQfOMA0GCSqGSIb3DQEBCwUAA4IBAQBa
CW6OQ2/ZkmSe+YbiFexv/WLnZJ221jKBRuXxL2ZbyDO0e/NXqRwPfkmhPoC2N4Nd
UYttnIkZI6m3bUoL2IpwS+4WC9p2+eoTGQLiXBH2vO69y8GTHHW1oWi6KAupiZpy
d8IUiew2H2emZ1APAhAf/iyVIKN5F7LsUFZaqIKn0mq79PtRiCXXKVdYBFlksOVX
ClXDKLWYmYXw8NeQvvfKACtqUVXnTDR1k9eRsD1kx273lD4jLx80bc54OYCBuPtF
qFBNrJfJQXfw+1SNcEIiaIxEqEf1GQH3TCNBheOG3rvhgaPjpl8EDZV8HvmxH15E
k3TW5IDciHs8ATxVI40z
-----END CERTIFICATE-----