Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33342e302f32342d3234203d3e203339353838.roa
File:                     3134372e32382e33342e302f32342d3234203d3e203339353838.roa (raw, json)
Hash identifier:          tS1rnt7iWPhh2doVa879/UJho7QtgpTX69XHE7D6vTo=
Subject key identifier:   5E:7A:64:8C:84:E4:2C:93:BB:5D:51:F4:5B:55:E2:46:8F:DF:A8:BB
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       168A0D4AD22EC552A27BB08D3BB7C6F25F8D2549
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33342e302f32342d3234203d3e203339353838.roa
Signing time:             Fri 02 Aug 2024 11:24:25 +0000
ROA not before:           Fri 02 Aug 2024 11:19:25 +0000
ROA not after:            Fri 01 Aug 2025 11:24:25 +0000
asID:                     39588
IP address blocks:        147.28.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:8a:0d:4a:d2:2e:c5:52:a2:7b:b0:8d:3b:b7:c6:f2:5f:8d:25:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug  2 11:19:25 2024 GMT
            Not After : Aug  1 11:24:25 2025 GMT
        Subject: CN=5E7A648C84E42C93BB5D51F45B55E2468FDFA8BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3e:14:c8:4b:24:bb:9e:19:1b:bf:1f:c4:24:
                    00:ef:39:d7:ad:78:0e:5a:e6:69:7e:d4:f4:e6:48:
                    ab:e7:ec:ed:8d:8e:33:62:07:a6:4e:b2:25:27:0c:
                    03:a6:b3:1e:e5:c7:3d:28:fc:78:76:be:53:0b:72:
                    48:85:fa:82:bf:28:73:45:7e:90:99:ff:f4:39:86:
                    db:76:5f:73:de:39:8d:26:28:be:e4:2b:0d:12:eb:
                    04:b6:5d:e8:9b:35:89:97:5d:77:68:20:09:12:b1:
                    01:c2:82:70:5a:16:b6:c3:d4:0b:95:18:e7:c9:0b:
                    48:de:ab:89:f9:33:97:bc:e3:f5:0b:5c:f1:90:d1:
                    a1:8a:1b:fc:c0:89:32:f4:af:ec:6d:7d:15:32:e6:
                    88:bf:53:5c:37:84:3c:22:32:71:4d:39:6e:aa:2b:
                    73:2f:4b:0e:d9:38:b6:1d:58:fb:b7:73:b9:b4:7b:
                    55:3f:c0:2e:b8:c0:ee:77:48:67:e1:45:07:5d:66:
                    3d:2b:0b:ac:f1:17:0d:3f:1f:d7:16:48:d4:10:77:
                    50:c1:1c:a1:30:cc:82:06:14:4c:54:bd:22:ec:e7:
                    73:05:6b:ba:b5:3e:11:b3:f1:91:28:2b:16:34:cf:
                    dc:91:2c:60:bb:ab:67:48:b6:3f:eb:c6:b5:87:0d:
                    3f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:7A:64:8C:84:E4:2C:93:BB:5D:51:F4:5B:55:E2:46:8F:DF:A8:BB
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33342e302f32342d3234203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:93:5e:e6:ef:55:56:2a:7c:8c:b0:ea:0e:ff:94:24:00:57:
         7d:fe:0c:ac:66:8e:9d:e5:1a:3a:de:73:b9:f7:70:bf:98:df:
         50:6a:cb:70:63:c1:bc:b0:cc:6c:9f:a9:fc:4b:36:2c:aa:6b:
         e5:7d:40:21:0a:aa:3b:94:b3:0b:88:f3:7e:90:8b:7c:b2:15:
         b7:01:e0:9b:75:80:1d:0e:f6:d2:21:f8:6a:40:57:5d:42:ad:
         00:86:b4:06:8e:a2:18:2c:08:22:34:3e:9e:d2:c3:06:ab:8b:
         41:9b:a4:21:2d:cb:90:4c:fd:96:d7:9f:ac:cd:03:b5:f9:ca:
         99:b1:e2:41:33:c6:3a:c1:12:1a:e8:03:5b:93:b4:90:cf:4c:
         5d:61:29:59:5b:f3:26:06:ec:5d:fa:fd:94:7a:e1:29:8d:11:
         a6:62:83:43:33:87:e6:99:73:a2:5a:6d:9d:5e:bb:8b:be:ca:
         0e:6a:6f:78:81:ae:99:2f:19:86:73:b4:51:0e:c3:80:4e:18:
         38:4b:49:38:ef:c3:b4:e9:c4:14:3d:d2:ad:f5:5e:dc:33:9a:
         d4:36:89:8a:92:5a:f2:fc:56:23:ee:a4:de:26:e7:2c:03:d2:
         41:05:32:10:e5:80:fe:5b:55:42:dd:f7:fa:2f:3b:ed:59:cd:
         fe:98:ad:71
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUFooNStIuxVKie7CNO7fG8l+NJUkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA4MDIxMTE5MjVaFw0yNTA4MDExMTI0MjVaMDMxMTAvBgNV
BAMTKDVFN0E2NDhDODRFNDJDOTNCQjVENTFGNDVCNTVFMjQ2OEZERkE4QkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkPhTISyS7nhkbvx/EJADvOdet
eA5a5ml+1PTmSKvn7O2NjjNiB6ZOsiUnDAOmsx7lxz0o/Hh2vlMLckiF+oK/KHNF
fpCZ//Q5htt2X3PeOY0mKL7kKw0S6wS2XeibNYmXXXdoIAkSsQHCgnBaFrbD1AuV
GOfJC0jeq4n5M5e84/ULXPGQ0aGKG/zAiTL0r+xtfRUy5oi/U1w3hDwiMnFNOW6q
K3MvSw7ZOLYdWPu3c7m0e1U/wC64wO53SGfhRQddZj0rC6zxFw0/H9cWSNQQd1DB
HKEwzIIGFExUvSLs53MFa7q1PhGz8ZEoKxY0z9yRLGC7q2dItj/rxrWHDT+zAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUXnpkjITkLJO7XVH0W1XiRo/fqLswHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMzM5MzUzODM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwiMA0GCSqGSIb3DQEBCwUAA4IBAQAZ
k17m71VWKnyMsOoO/5QkAFd9/gysZo6d5Ro63nO593C/mN9QastwY8G8sMxsn6n8
SzYsqmvlfUAhCqo7lLMLiPN+kIt8shW3AeCbdYAdDvbSIfhqQFddQq0AhrQGjqIY
LAgiND6e0sMGq4tBm6QhLcuQTP2W15+szQO1+cqZseJBM8Y6wRIa6ANbk7SQz0xd
YSlZW/MmBuxd+v2UeuEpjRGmYoNDM4fmmXOiWm2dXruLvsoOam94ga6ZLxmGc7RR
DsOAThg4S0k478O06cQUPdKt9V7cM5rUNomKklry/FYj7qTeJucsA9JBBTIQ5YD+
W1VC3ff6LzvtWc3+mK1x
-----END CERTIFICATE-----