Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33352e302f32342d3234203d3e203339353838.roa
File:                     3134372e32382e33352e302f32342d3234203d3e203339353838.roa (raw, json)
Hash identifier:          2jrIZCNCVHxsKRe2P2DmIyT0rsia3IiHaUe66lHfpK4=
Subject key identifier:   63:4B:FF:A2:B2:69:30:85:2B:37:6B:72:C0:98:DA:0E:22:4B:33:29
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       6390464E73CCCD128DC3A2D7F5ADB5D34A4038BE
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33352e302f32342d3234203d3e203339353838.roa
Signing time:             Fri 02 Aug 2024 11:24:25 +0000
ROA not before:           Fri 02 Aug 2024 11:19:25 +0000
ROA not after:            Fri 01 Aug 2025 11:24:25 +0000
asID:                     39588
IP address blocks:        147.28.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:90:46:4e:73:cc:cd:12:8d:c3:a2:d7:f5:ad:b5:d3:4a:40:38:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug  2 11:19:25 2024 GMT
            Not After : Aug  1 11:24:25 2025 GMT
        Subject: CN=634BFFA2B26930852B376B72C098DA0E224B3329
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:33:61:07:d5:e5:cc:56:e3:e7:26:20:04:10:
                    d2:78:13:d5:72:8b:25:da:d0:18:10:17:d9:7d:f7:
                    1f:ac:1e:9f:3a:f9:46:ca:b5:9f:a1:64:ba:b6:55:
                    af:9a:67:28:05:88:91:8c:08:e9:84:19:3a:20:7e:
                    43:72:8b:e6:93:92:cc:1c:3f:08:84:f7:60:df:a3:
                    cd:f7:82:63:2a:22:40:a2:a7:dd:a7:e4:2b:27:74:
                    ed:92:64:ed:44:7a:96:cb:89:c1:80:0d:f7:9f:75:
                    6d:d8:11:b6:23:c1:d5:18:a7:67:2f:6d:a7:3a:27:
                    2a:dc:4c:18:d2:57:27:44:3b:39:5f:50:fc:fe:4c:
                    3a:df:77:f5:65:aa:91:10:2d:65:ff:45:50:ea:17:
                    77:6b:b3:0f:e8:f5:a5:8b:a8:5f:5b:8a:d3:e4:81:
                    76:13:a7:d1:04:1b:54:a7:fe:80:ff:f1:6f:df:e4:
                    5a:47:24:7f:bf:96:36:9c:19:56:96:04:3b:8b:22:
                    2f:67:bc:a5:b8:59:92:85:d0:0e:57:55:98:23:b1:
                    85:b9:7b:68:3a:44:f7:3f:03:a0:b8:8e:cc:e1:d6:
                    4e:25:11:ae:bd:51:68:de:d1:a2:47:a1:e1:3d:88:
                    cc:e0:78:f0:85:82:3a:36:0c:79:80:f6:c1:c7:23:
                    c9:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:4B:FF:A2:B2:69:30:85:2B:37:6B:72:C0:98:DA:0E:22:4B:33:29
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33352e302f32342d3234203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:f4:8b:bc:f2:77:92:28:4a:d0:c4:96:81:c2:ed:b1:3a:27:
         df:05:10:67:ac:e9:96:f4:ec:27:23:7a:f1:08:68:44:45:0b:
         22:1c:34:09:76:6b:34:a0:e8:f2:d0:59:a8:e6:fb:95:58:bb:
         62:00:7d:77:65:25:67:2c:48:2d:54:91:63:30:4b:5b:2c:43:
         54:e8:b8:a5:16:89:59:95:b7:ff:12:bf:a0:c9:cf:9c:c6:bf:
         fb:1d:d7:3b:10:ea:9a:9e:e2:ee:69:d0:ab:f5:5f:ad:7b:07:
         b7:b1:80:e7:cb:0a:53:09:92:53:ce:df:99:57:3d:e7:44:44:
         33:7f:c6:5f:13:e2:33:ab:60:32:15:ee:5b:e8:fd:26:8d:c9:
         28:d4:a2:3c:32:ec:09:70:d3:91:50:15:af:0a:ea:87:2a:84:
         f5:d0:c6:ce:db:78:60:a8:ed:68:29:0b:a9:5c:48:1c:7d:46:
         44:b5:ea:18:c0:b8:ea:3e:4f:db:dd:b5:cf:86:e1:d9:63:88:
         10:24:63:f1:06:0a:c2:5f:46:9f:80:63:d9:3d:94:cf:ac:1b:
         a1:f4:ab:59:bc:ff:ed:76:c3:e2:0e:c9:32:ea:0b:df:20:2c:
         50:35:e8:b1:dd:20:bd:9b:bb:f6:43:96:d1:0c:9a:19:53:7c:
         be:84:1c:8b
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUY5BGTnPMzRKNw6LX9a2100pAOL4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA4MDIxMTE5MjVaFw0yNTA4MDExMTI0MjVaMDMxMTAvBgNV
BAMTKDYzNEJGRkEyQjI2OTMwODUyQjM3NkI3MkMwOThEQTBFMjI0QjMzMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCM2EH1eXMVuPnJiAEENJ4E9Vy
iyXa0BgQF9l99x+sHp86+UbKtZ+hZLq2Va+aZygFiJGMCOmEGTogfkNyi+aTkswc
PwiE92Dfo833gmMqIkCip92n5CsndO2SZO1EepbLicGADfefdW3YEbYjwdUYp2cv
bac6JyrcTBjSVydEOzlfUPz+TDrfd/VlqpEQLWX/RVDqF3drsw/o9aWLqF9bitPk
gXYTp9EEG1Sn/oD/8W/f5FpHJH+/ljacGVaWBDuLIi9nvKW4WZKF0A5XVZgjsYW5
e2g6RPc/A6C4jszh1k4lEa69UWje0aJHoeE9iMzgePCFgjo2DHmA9sHHI8nxAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUY0v/orJpMIUrN2tywJjaDiJLMykwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMzM5MzUzODM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwjMA0GCSqGSIb3DQEBCwUAA4IBAQCu
9Iu88neSKErQxJaBwu2xOiffBRBnrOmW9OwnI3rxCGhERQsiHDQJdms0oOjy0Fmo
5vuVWLtiAH13ZSVnLEgtVJFjMEtbLENU6LilFolZlbf/Er+gyc+cxr/7Hdc7EOqa
nuLuadCr9V+tewe3sYDnywpTCZJTzt+ZVz3nREQzf8ZfE+Izq2AyFe5b6P0mjcko
1KI8MuwJcNORUBWvCuqHKoT10MbO23hgqO1oKQupXEgcfUZEteoYwLjqPk/b3bXP
huHZY4gQJGPxBgrCX0afgGPZPZTPrBuh9KtZvP/tdsPiDsky6gvfICxQNeix3SC9
m7v2Q5bRDJoZU3y+hByL
-----END CERTIFICATE-----