Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203134363138.roa
File:                     3134372e32382e33362e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          X3YfI9XhMBzqSxlG5J9Y7QTZBGXms6H2VTzDt/+z6JM=
Subject key identifier:   FC:E3:8C:39:5D:D8:25:9E:F4:23:75:13:58:0B:26:05:7E:E3:6A:DF
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       7BB94F470326F275D3560325281C0D1E0BCD1B2C
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203134363138.roa
Signing time:             Fri 01 Sep 2023 11:14:33 +0000
ROA not before:           Fri 01 Sep 2023 11:09:33 +0000
ROA not after:            Fri 30 Aug 2024 11:14:33 +0000
asID:                     14618
IP address blocks:        147.28.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:b9:4f:47:03:26:f2:75:d3:56:03:25:28:1c:0d:1e:0b:cd:1b:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Sep  1 11:09:33 2023 GMT
            Not After : Aug 30 11:14:33 2024 GMT
        Subject: CN=FCE38C395DD8259EF4237513580B26057EE36ADF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:11:46:48:9b:b7:97:c2:9b:f3:9b:be:f6:d7:
                    54:cc:2a:1b:f8:c4:08:82:e5:fb:cd:65:42:f3:17:
                    ae:19:bd:79:c1:31:cf:9e:12:c3:59:50:ea:18:85:
                    61:43:50:dd:1d:fb:ae:9b:61:c9:97:d5:a9:c8:2d:
                    dc:29:82:d9:ab:12:80:f9:63:04:75:07:90:9a:7e:
                    97:0a:26:9d:8f:c4:d9:b9:86:5b:d7:2b:35:ee:cc:
                    f4:b4:42:6b:30:26:03:43:cf:36:df:55:3d:f8:30:
                    e8:ce:8b:ba:9c:b2:3a:70:43:40:9f:4e:20:aa:28:
                    9b:99:79:eb:66:89:dd:19:f8:96:5b:95:c5:45:61:
                    f6:f9:73:ea:67:23:a7:e9:66:52:0a:25:27:00:d2:
                    a8:fa:54:8a:f0:8f:35:fb:5f:e9:69:0c:02:ff:2e:
                    d5:83:75:1a:94:ba:33:d0:b5:a4:28:97:dc:26:87:
                    6b:39:ce:1c:19:14:8a:ce:a2:ff:6c:3c:e4:8e:04:
                    e8:1a:90:86:2c:e3:a6:e6:38:62:83:4d:a5:e0:a8:
                    40:dc:df:f7:64:4a:a5:c3:50:a7:66:ed:20:44:f2:
                    00:34:dd:c0:57:48:50:31:18:f4:c8:8a:12:ae:ec:
                    80:1a:5a:19:b8:4e:b2:e6:34:9e:57:37:cf:9c:23:
                    d5:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:E3:8C:39:5D:D8:25:9E:F4:23:75:13:58:0B:26:05:7E:E3:6A:DF
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:79:d1:e5:6b:2d:62:dd:55:4f:ac:bb:db:6b:43:ec:67:8e:
         bb:c0:7b:ae:bf:94:fa:47:a7:3d:60:87:20:09:3b:7e:f5:43:
         e7:7f:c1:f8:ef:2e:e8:27:b7:1f:15:9a:1d:05:aa:25:33:39:
         0a:97:6c:09:c0:b2:43:fa:2e:80:74:a9:9c:3a:c7:bf:52:2d:
         5c:59:ec:a2:46:46:a8:4a:01:35:cf:51:84:ba:f7:00:fa:e5:
         57:4c:53:55:5b:f8:68:12:c4:38:fe:ea:35:02:44:f6:e1:dd:
         5c:fd:90:42:ad:31:6f:6b:9d:85:ba:a9:f0:5e:0b:b8:72:f7:
         39:1c:ba:d7:0c:b6:90:4f:9f:71:e3:72:24:89:be:20:a2:87:
         d8:00:9c:26:ee:5f:60:f3:2c:57:b3:69:99:5d:87:0f:24:a2:
         e4:0c:e8:b6:d1:9e:ae:42:ee:ae:f1:ec:0a:1d:bf:7c:11:4a:
         a0:ee:9b:52:91:10:89:4f:4c:d3:a4:94:ec:a9:77:15:7d:90:
         ab:e7:d7:ac:76:f0:a1:b3:65:5a:7c:8f:90:17:09:f0:c1:df:
         ed:68:f9:30:67:eb:8f:f7:82:5e:4b:26:5a:1e:8a:67:82:2f:
         d8:e5:8f:b0:66:e0:e1:cd:97:98:78:09:ae:ba:90:b5:1c:de:
         10:6d:48:86
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUe7lPRwMm8nXTVgMlKBwNHgvNGywwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzA5MDExMTA5MzNaFw0yNDA4MzAxMTE0MzNaMDMxMTAvBgNV
BAMTKEZDRTM4QzM5NUREODI1OUVGNDIzNzUxMzU4MEIyNjA1N0VFMzZBREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfEUZIm7eXwpvzm77211TMKhv4
xAiC5fvNZULzF64ZvXnBMc+eEsNZUOoYhWFDUN0d+66bYcmX1anILdwpgtmrEoD5
YwR1B5CafpcKJp2PxNm5hlvXKzXuzPS0QmswJgNDzzbfVT34MOjOi7qcsjpwQ0Cf
TiCqKJuZeetmid0Z+JZblcVFYfb5c+pnI6fpZlIKJScA0qj6VIrwjzX7X+lpDAL/
LtWDdRqUujPQtaQol9wmh2s5zhwZFIrOov9sPOSOBOgakIYs46bmOGKDTaXgqEDc
3/dkSqXDUKdm7SBE8gA03cBXSFAxGPTIihKu7IAaWhm4TrLmNJ5XN8+cI9WbAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQU/OOMOV3YJZ70I3UTWAsmBX7jat8wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwkMA0GCSqGSIb3DQEBCwUAA4IBAQBq
edHlay1i3VVPrLvba0PsZ467wHuuv5T6R6c9YIcgCTt+9UPnf8H47y7oJ7cfFZod
BaolMzkKl2wJwLJD+i6AdKmcOse/Ui1cWeyiRkaoSgE1z1GEuvcA+uVXTFNVW/ho
EsQ4/uo1AkT24d1c/ZBCrTFva52FuqnwXgu4cvc5HLrXDLaQT59x43Ikib4goofY
AJwm7l9g8yxXs2mZXYcPJKLkDOi20Z6uQu6u8ewKHb98EUqg7ptSkRCJT0zTpJTs
qXcVfZCr59esdvChs2VafI+QFwnwwd/taPkwZ+uP94JeSyZaHopngi/Y5Y+wZuDh
zZeYeAmuupC1HN4QbUiG
-----END CERTIFICATE-----