Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa
File:                     3139332e372e3230372e302f32342d3234203d3e203630343932.roa (raw, json)
Hash identifier:          zVASvqVyMDytylIqPVP7DsBgbWwYXluD1/EFwCFPV98=
Subject key identifier:   A4:11:16:AF:76:4E:4C:A3:2D:BA:72:61:0E:F2:86:15:AD:BC:91:F3
Certificate issuer:       /CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
Certificate serial:       128B0ECF0FD7A757B06958E3585489687633C6D2
Authority key identifier: 21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa
Signing time:             Fri 01 Sep 2023 11:14:35 +0000
ROA not before:           Fri 01 Sep 2023 11:09:35 +0000
ROA not after:            Fri 30 Aug 2024 11:14:35 +0000
asID:                     60492
IP address blocks:        193.7.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 04:28:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:8b:0e:cf:0f:d7:a7:57:b0:69:58:e3:58:54:89:68:76:33:c6:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
        Validity
            Not Before: Sep  1 11:09:35 2023 GMT
            Not After : Aug 30 11:14:35 2024 GMT
        Subject: CN=A41116AF764E4CA32DBA72610EF28615ADBC91F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3b:b1:6b:05:1a:de:1a:88:70:20:0e:74:b6:
                    39:3a:52:63:49:6e:e5:95:ee:6a:38:a7:3a:00:39:
                    a0:0f:3a:8a:2d:73:02:6c:56:c8:93:37:e3:40:4a:
                    65:07:65:9c:b6:78:ef:c7:80:39:c0:d4:d4:ad:59:
                    85:ac:10:de:89:31:5c:2a:06:27:4a:e9:a5:7e:bb:
                    88:b8:81:2e:f7:be:80:82:f1:5f:b7:db:34:c0:aa:
                    02:fd:87:5e:d7:76:75:b9:1e:d9:8f:52:13:67:1e:
                    85:36:c5:fc:d5:b1:c3:3a:0b:c4:f1:8a:e1:e9:ba:
                    1e:1d:01:20:06:31:45:d6:29:e2:31:83:1f:8c:bf:
                    7c:4d:56:31:47:12:5e:da:85:12:ff:09:d4:27:b6:
                    4c:62:cc:fe:73:a6:10:ef:fd:1f:61:0f:66:79:81:
                    0f:6b:72:d0:cc:7e:b0:b3:63:cd:05:07:c9:83:7c:
                    c4:b2:60:ee:e7:eb:0d:4b:3d:dc:03:b8:51:96:b9:
                    80:c7:57:a8:9c:1d:bf:46:66:da:ac:aa:86:38:fb:
                    55:0a:b5:f3:c3:59:7a:9d:27:45:6b:c0:33:12:3a:
                    d7:93:e6:bc:c7:af:d5:c7:c9:f7:7a:5e:df:f9:8a:
                    93:75:25:81:71:7c:d3:6a:3d:33:62:b4:c2:1a:e2:
                    19:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:11:16:AF:76:4E:4C:A3:2D:BA:72:61:0E:F2:86:15:AD:BC:91:F3
            X509v3 Authority Key Identifier:
                keyid:21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:73:9a:80:14:9a:14:3a:85:7a:5e:b5:96:95:bc:cd:6a:71:
         5b:ba:34:31:54:61:f6:fe:17:0f:5b:6d:ef:07:42:fe:1f:05:
         c4:a7:fd:e2:fa:5c:8a:87:00:f5:61:fb:6f:6e:f1:0a:da:96:
         63:c8:e4:2c:7f:b1:23:aa:02:cc:86:f2:2e:74:e3:43:04:ed:
         9d:85:c5:c4:d4:b6:33:38:48:6d:5e:a2:d9:ea:e9:12:34:49:
         cc:19:95:4d:b2:1e:7c:47:01:d1:64:47:6b:15:78:76:b6:fa:
         74:39:f2:1b:d2:c8:b9:68:67:fc:4d:d0:8f:37:b5:56:a7:b4:
         7d:2d:51:f4:39:a1:58:34:3c:8d:92:d6:75:01:6f:11:68:f7:
         fa:c6:32:cf:09:e7:eb:50:8b:0d:26:05:84:9b:7d:85:bb:b0:
         09:56:f0:88:be:96:2a:d2:1a:7c:5f:d0:17:36:fb:c7:59:03:
         74:13:01:f0:45:e7:9c:f9:22:b6:84:c0:9d:ed:7d:63:d4:68:
         fe:c7:86:1e:a3:bd:ac:61:d3:b6:f5:ec:67:01:31:93:64:15:
         f8:d3:5e:6b:17:10:ae:0f:fe:4a:b1:43:f0:1f:da:4b:c1:de:
         1e:f6:c6:f4:2d:7c:ba:b0:5d:d7:ea:b9:dc:47:c9:17:23:d1:
         40:e6:1c:67
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUEosOzw/Xp1ewaVjjWFSJaHYzxtIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjExYTA0ODg5MDk2OWZhN2Q0YjZhZWY4YzAyMGNkYTQ0
NDRlYzJlNTAeFw0yMzA5MDExMTA5MzVaFw0yNDA4MzAxMTE0MzVaMDMxMTAvBgNV
BAMTKEE0MTExNkFGNzY0RTRDQTMyREJBNzI2MTBFRjI4NjE1QURCQzkxRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAO7FrBRreGohwIA50tjk6UmNJ
buWV7mo4pzoAOaAPOootcwJsVsiTN+NASmUHZZy2eO/HgDnA1NStWYWsEN6JMVwq
BidK6aV+u4i4gS73voCC8V+32zTAqgL9h17XdnW5HtmPUhNnHoU2xfzVscM6C8Tx
iuHpuh4dASAGMUXWKeIxgx+Mv3xNVjFHEl7ahRL/CdQntkxizP5zphDv/R9hD2Z5
gQ9rctDMfrCzY80FB8mDfMSyYO7n6w1LPdwDuFGWuYDHV6icHb9GZtqsqoY4+1UK
tfPDWXqdJ0VrwDMSOteT5rzHr9XHyfd6Xt/5ipN1JYFxfNNqPTNitMIa4hmNAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUpBEWr3ZOTKMtunJhDvKGFa28kfMwHwYDVR0j
BBgwFoAUIRoEiJCWn6fUtq74wCDNpEROwuUwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzIvMjExQTA0ODg5MDk2OUZBN0Q0QjZBRUY4QzAyMENE
QTQ0NDRFQzJFNS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lSb0VpSkNXbjZm
VXRxNzR3Q0ROcEVST3d1VS5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMi8zMTM5MzMyZTM3MmUzMjMwMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNjMwMzQzOTMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQfPMA0GCSqGSIb3DQEBCwUAA4IBAQC1
c5qAFJoUOoV6XrWWlbzNanFbujQxVGH2/hcPW23vB0L+HwXEp/3i+lyKhwD1Yftv
bvEK2pZjyOQsf7EjqgLMhvIudONDBO2dhcXE1LYzOEhtXqLZ6ukSNEnMGZVNsh58
RwHRZEdrFXh2tvp0OfIb0si5aGf8TdCPN7VWp7R9LVH0OaFYNDyNktZ1AW8RaPf6
xjLPCefrUIsNJgWEm32Fu7AJVvCIvpYq0hp8X9AXNvvHWQN0EwHwReec+SK2hMCd
7X1j1Gj+x4Yeo72sYdO29exnATGTZBX4015rFxCuD/5KsUPwH9pLwd4e9sb0LXy6
sF3X6rncR8kXI9FA5hxn
-----END CERTIFICATE-----