Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa
File:                     3139332e372e3230372e302f32342d3234203d3e203630343932.roa (raw, json)
Hash identifier:          pI40+jjdEUJPL2otpp8VOvK6iMqeW7apPFhhhkUq2lM=
Subject key identifier:   32:12:AF:C9:FA:64:BF:6D:71:6F:0D:02:40:03:9F:13:68:65:F4:67
Certificate issuer:       /CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
Certificate serial:       330015347D7D02CE41C6C5FD9723EC33A603A7D4
Authority key identifier: 21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa
Signing time:             Fri 02 Aug 2024 11:24:33 +0000
ROA not before:           Fri 02 Aug 2024 11:19:33 +0000
ROA not after:            Fri 01 Aug 2025 11:24:33 +0000
asID:                     60492
IP address blocks:        193.7.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 14:06:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:00:15:34:7d:7d:02:ce:41:c6:c5:fd:97:23:ec:33:a6:03:a7:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
        Validity
            Not Before: Aug  2 11:19:33 2024 GMT
            Not After : Aug  1 11:24:33 2025 GMT
        Subject: CN=3212AFC9FA64BF6D716F0D0240039F136865F467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:56:10:8b:72:25:df:c2:49:37:9e:c4:11:90:
                    1f:fe:b8:89:9f:3f:42:6d:b6:1a:a9:5b:b1:bd:b8:
                    34:e1:34:ea:88:95:89:15:aa:ef:e3:b8:2e:88:62:
                    7e:1a:ff:5a:89:38:56:f4:b1:cc:d3:3d:8a:74:3e:
                    84:25:b9:88:ce:11:cb:88:a1:c5:6a:2f:88:a7:7c:
                    98:6f:09:b0:3e:71:56:3c:02:ac:ea:ea:21:cf:f9:
                    22:fd:cc:ce:07:dc:d3:00:f3:46:22:af:e7:2f:25:
                    47:3c:85:00:c1:ce:1e:2c:d6:74:f4:35:18:85:fc:
                    c9:39:f4:21:3b:7f:3b:2f:83:c0:49:39:de:f1:f3:
                    67:91:8a:da:61:f0:20:ef:3f:f6:c9:fc:a4:96:54:
                    d2:d8:85:c6:c2:c2:29:8b:af:86:98:1e:46:9d:c8:
                    aa:61:c5:96:fe:70:40:36:f1:69:a4:e0:43:35:d7:
                    ff:40:b2:80:f0:54:a6:2a:1a:d4:a1:40:21:2a:f5:
                    98:62:db:9d:da:29:f0:05:e4:25:53:22:16:71:a8:
                    a0:14:5f:5f:e9:fa:a4:97:4a:e2:31:61:97:a9:00:
                    fe:cf:c4:30:c5:8a:e3:e7:19:d7:4b:20:3e:0c:c6:
                    72:ea:07:43:f2:f3:b2:a9:e4:78:21:11:5a:b1:f9:
                    d9:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:12:AF:C9:FA:64:BF:6D:71:6F:0D:02:40:03:9F:13:68:65:F4:67
            X509v3 Authority Key Identifier:
                keyid:21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:89:2a:d6:96:44:d6:e4:69:0b:41:eb:1c:d9:49:81:0e:19:
         13:83:67:26:cf:6b:aa:3b:ae:ac:a4:4c:e3:40:0f:17:e1:7e:
         31:50:b8:73:37:6a:63:37:e0:7c:05:04:a2:ae:3b:83:e4:f8:
         a8:68:0f:58:c2:a4:16:06:a8:bd:0d:03:12:a8:a3:d4:2c:c2:
         5f:cb:a1:4a:f7:ae:30:1d:55:34:20:10:fc:a5:78:19:6d:59:
         33:14:1b:82:48:82:c1:19:59:4e:72:44:86:c5:7b:27:d9:a7:
         d4:3e:4f:bc:63:d1:fe:5b:c4:1f:16:79:72:65:7b:f9:c8:5b:
         9d:f9:5a:d3:c8:dd:c3:aa:aa:15:04:16:eb:df:f7:05:43:43:
         6c:96:56:60:83:ff:8a:4f:54:a6:f4:bd:65:4c:b6:0f:05:a2:
         ab:91:be:be:13:c5:68:98:a6:56:dd:d6:9a:8a:67:4f:8f:06:
         db:a4:c2:0e:54:1e:53:08:50:e9:d2:d5:c8:1e:84:bf:62:53:
         91:e6:fa:27:95:77:13:87:80:50:85:f1:14:6a:5c:cb:f6:37:
         d8:be:40:89:31:ad:c3:29:46:ce:b3:68:1e:d6:4a:e8:88:93:
         e7:50:fd:89:69:99:bb:69:ac:20:fb:f7:20:d5:26:08:1d:f0:
         19:75:e2:37
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUMwAVNH19As5BxsX9lyPsM6YDp9QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjExYTA0ODg5MDk2OWZhN2Q0YjZhZWY4YzAyMGNkYTQ0
NDRlYzJlNTAeFw0yNDA4MDIxMTE5MzNaFw0yNTA4MDExMTI0MzNaMDMxMTAvBgNV
BAMTKDMyMTJBRkM5RkE2NEJGNkQ3MTZGMEQwMjQwMDM5RjEzNjg2NUY0NjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFVhCLciXfwkk3nsQRkB/+uImf
P0JtthqpW7G9uDThNOqIlYkVqu/juC6IYn4a/1qJOFb0sczTPYp0PoQluYjOEcuI
ocVqL4infJhvCbA+cVY8Aqzq6iHP+SL9zM4H3NMA80Yir+cvJUc8hQDBzh4s1nT0
NRiF/Mk59CE7fzsvg8BJOd7x82eRitph8CDvP/bJ/KSWVNLYhcbCwimLr4aYHkad
yKphxZb+cEA28Wmk4EM11/9AsoDwVKYqGtShQCEq9Zhi253aKfAF5CVTIhZxqKAU
X1/p+qSXSuIxYZepAP7PxDDFiuPnGddLID4MxnLqB0Py87Kp5HghEVqx+dnNAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUMhKvyfpkv21xbw0CQAOfE2hl9GcwHwYDVR0j
BBgwFoAUIRoEiJCWn6fUtq74wCDNpEROwuUwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzIvMjExQTA0ODg5MDk2OUZBN0Q0QjZBRUY4QzAyMENE
QTQ0NDRFQzJFNS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lSb0VpSkNXbjZm
VXRxNzR3Q0ROcEVST3d1VS5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMi8zMTM5MzMyZTM3MmUzMjMwMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNjMwMzQzOTMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQfPMA0GCSqGSIb3DQEBCwUAA4IBAQBW
iSrWlkTW5GkLQesc2UmBDhkTg2cmz2uqO66spEzjQA8X4X4xULhzN2pjN+B8BQSi
rjuD5PioaA9YwqQWBqi9DQMSqKPULMJfy6FK964wHVU0IBD8pXgZbVkzFBuCSILB
GVlOckSGxXsn2afUPk+8Y9H+W8QfFnlyZXv5yFud+VrTyN3DqqoVBBbr3/cFQ0Ns
llZgg/+KT1Sm9L1lTLYPBaKrkb6+E8VomKZW3daaimdPjwbbpMIOVB5TCFDp0tXI
HoS/YlOR5vonlXcTh4BQhfEUalzL9jfYvkCJMa3DKUbOs2ge1kroiJPnUP2JaZm7
aawg+/cg1SYIHfAZdeI3
-----END CERTIFICATE-----