Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33362e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          e1j+NLrJRYiBH2wYSa3JVoXaVzuNVrBHTZYjyOGQ7Ak=
Subject key identifier:   99:B2:73:2B:DF:BF:08:D5:4D:9A:CA:BA:C2:A1:2C:D8:AF:D0:66:A2
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       40726034AC968999FB24771E079288951504EC2B
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203136353039.roa
Signing time:             Fri 01 Sep 2023 11:14:34 +0000
ROA not before:           Fri 01 Sep 2023 11:09:34 +0000
ROA not after:            Fri 30 Aug 2024 11:14:34 +0000
asID:                     16509
IP address blocks:        147.28.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:72:60:34:ac:96:89:99:fb:24:77:1e:07:92:88:95:15:04:ec:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Sep  1 11:09:34 2023 GMT
            Not After : Aug 30 11:14:34 2024 GMT
        Subject: CN=99B2732BDFBF08D54D9ACABAC2A12CD8AFD066A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ed:b6:92:c6:4d:98:d9:8c:a4:b5:7d:9a:82:
                    94:5a:86:4e:9d:a4:dd:08:7e:37:88:16:39:71:0e:
                    05:92:df:fe:ae:5d:7a:48:7e:93:08:36:7b:2d:89:
                    e1:db:67:87:a6:46:27:d5:ce:cc:b5:c6:95:35:e4:
                    6a:28:39:2b:aa:9c:d4:91:72:b6:46:19:a2:e7:39:
                    7f:7a:85:61:ef:dd:3f:98:20:b3:20:8c:cc:7b:f8:
                    d3:e5:68:92:78:95:e1:28:7f:94:c1:81:b9:63:22:
                    4c:c2:9a:c1:23:3a:2c:dd:a9:33:5f:9c:fb:97:4c:
                    1e:b2:81:46:8f:55:c2:65:db:ca:bb:ce:00:b1:d0:
                    91:8d:54:ea:41:42:86:d0:55:87:71:b4:a2:ed:b8:
                    f2:94:d9:d0:b1:7f:36:bc:40:71:65:07:9e:e4:28:
                    3e:e0:91:cd:9c:c9:ab:9e:98:16:44:7f:78:dc:32:
                    53:e2:fc:93:39:d1:f4:04:35:ef:8e:71:21:7f:7c:
                    5f:ed:8b:8f:37:92:7d:33:d7:a4:ac:c7:9e:60:a9:
                    01:df:98:fc:42:aa:ca:ca:28:72:65:9d:74:67:eb:
                    ee:1c:8f:f8:59:f0:ef:8f:d4:8c:a6:cd:ff:47:92:
                    01:ee:a8:ed:88:6f:b1:89:57:5f:7d:9a:ed:b6:8f:
                    fd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:B2:73:2B:DF:BF:08:D5:4D:9A:CA:BA:C2:A1:2C:D8:AF:D0:66:A2
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:f3:52:1c:00:f0:28:63:e8:20:0a:d7:e8:77:a8:11:8e:40:
         70:60:80:fc:06:cf:30:eb:d5:d4:b6:f5:49:f5:02:a0:3f:00:
         54:a6:92:8a:07:ef:03:46:fc:69:05:13:3b:e7:c7:96:76:3e:
         fa:2b:21:f0:c0:06:34:5b:15:68:95:de:60:1e:e0:30:8e:74:
         21:8d:67:93:4e:57:63:85:2a:76:36:31:67:49:de:dd:c2:7d:
         a8:cd:50:86:f0:dd:30:93:33:ab:d2:fc:6d:c9:b5:0a:1f:79:
         8d:9c:ee:88:c0:af:98:5d:30:77:fc:49:f2:59:ef:90:4c:e3:
         a8:80:8a:8f:a1:b7:a9:95:f0:44:5f:c2:60:2c:43:84:d0:99:
         40:60:0b:5a:8b:1e:74:4b:bb:5e:5b:71:86:71:f7:62:0c:43:
         6c:69:b8:e6:80:bb:3c:78:5a:c5:75:5b:91:69:0e:60:0d:c0:
         3b:b2:af:05:d0:b5:bd:55:5a:27:1d:17:7c:f7:00:db:f4:1e:
         28:65:cc:c1:14:b5:a0:18:39:18:87:cb:9a:4b:b3:a3:98:dc:
         e3:70:ca:e1:0b:42:fa:41:f1:b1:f0:b7:e3:19:47:9a:1d:d9:
         97:86:41:fa:b6:22:62:d8:29:3a:e0:c1:98:d7:c0:10:b2:11:
         a8:e0:cc:39
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUQHJgNKyWiZn7JHceB5KIlRUE7CswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzA5MDExMTA5MzRaFw0yNDA4MzAxMTE0MzRaMDMxMTAvBgNV
BAMTKDk5QjI3MzJCREZCRjA4RDU0RDlBQ0FCQUMyQTEyQ0Q4QUZEMDY2QTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB7baSxk2Y2YyktX2agpRahk6d
pN0IfjeIFjlxDgWS3/6uXXpIfpMINnstieHbZ4emRifVzsy1xpU15GooOSuqnNSR
crZGGaLnOX96hWHv3T+YILMgjMx7+NPlaJJ4leEof5TBgbljIkzCmsEjOizdqTNf
nPuXTB6ygUaPVcJl28q7zgCx0JGNVOpBQobQVYdxtKLtuPKU2dCxfza8QHFlB57k
KD7gkc2cyauemBZEf3jcMlPi/JM50fQENe+OcSF/fF/ti483kn0z16Ssx55gqQHf
mPxCqsrKKHJlnXRn6+4cj/hZ8O+P1Iymzf9HkgHuqO2Ib7GJV199mu22j/2DAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUmbJzK9+/CNVNmsq6wqEs2K/QZqIwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwkMA0GCSqGSIb3DQEBCwUAA4IBAQCm
81IcAPAoY+ggCtfod6gRjkBwYID8Bs8w69XUtvVJ9QKgPwBUppKKB+8DRvxpBRM7
58eWdj76KyHwwAY0WxVold5gHuAwjnQhjWeTTldjhSp2NjFnSd7dwn2ozVCG8N0w
kzOr0vxtybUKH3mNnO6IwK+YXTB3/EnyWe+QTOOogIqPobeplfBEX8JgLEOE0JlA
YAtaix50S7teW3GGcfdiDENsabjmgLs8eFrFdVuRaQ5gDcA7sq8F0LW9VVonHRd8
9wDb9B4oZczBFLWgGDkYh8uaS7OjmNzjcMrhC0L6QfGx8LfjGUeaHdmXhkH6tiJi
2Ck64MGY18AQshGo4Mw5
-----END CERTIFICATE-----