Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33362e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          NaXcqSKg9fM0hsr77Layr9HhJvN1azlnezByxQBmyts=
Subject key identifier:   9D:29:1B:1A:5F:9C:9C:68:22:C0:41:D7:D6:D5:81:F1:58:89:2A:A7
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       219B1477DFD65EE5884FE3E44C2DF98D5FC50CB3
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203136353039.roa
Signing time:             Fri 02 Aug 2024 11:24:24 +0000
ROA not before:           Fri 02 Aug 2024 11:19:24 +0000
ROA not after:            Fri 01 Aug 2025 11:24:24 +0000
asID:                     16509
IP address blocks:        147.28.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:9b:14:77:df:d6:5e:e5:88:4f:e3:e4:4c:2d:f9:8d:5f:c5:0c:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug  2 11:19:24 2024 GMT
            Not After : Aug  1 11:24:24 2025 GMT
        Subject: CN=9D291B1A5F9C9C6822C041D7D6D581F158892AA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e8:fc:6d:db:2f:83:54:d5:cc:ad:c6:31:1c:
                    59:3e:b5:23:09:29:06:28:15:e6:d1:ad:83:1b:c0:
                    70:11:61:18:99:e0:72:b3:8e:ef:d3:10:16:77:4f:
                    cc:2b:f8:5b:3c:c5:5a:86:57:f7:15:4b:f1:a0:e6:
                    cd:30:dd:5b:22:b5:0e:3a:77:73:cc:b4:76:ee:5e:
                    37:25:26:04:0b:4b:1b:c3:0f:77:c1:c0:4b:0a:ab:
                    dd:f8:2b:8d:d4:aa:29:63:61:43:e3:7b:e0:fb:23:
                    93:5d:cd:0c:8d:ce:7e:de:eb:30:43:c0:a9:2b:f4:
                    42:7a:ca:b0:dd:b9:2a:33:0c:4d:bf:d8:41:f8:3a:
                    a5:1e:74:b4:7b:07:72:bb:77:6f:3e:34:76:b4:56:
                    db:d0:f1:66:32:56:37:32:7c:fd:eb:05:5f:45:6e:
                    d0:d0:ec:29:c4:62:b8:65:22:98:dd:45:5f:28:49:
                    62:7d:82:f5:e6:67:26:86:6a:9a:01:9d:e3:82:01:
                    66:6f:16:1d:35:ed:e5:bb:b3:db:60:9a:72:cc:ad:
                    ea:b5:fb:88:8b:55:f9:72:21:91:c2:26:bd:8d:dd:
                    64:68:50:55:f7:4e:24:ae:71:15:63:22:a0:7d:ed:
                    49:5e:cd:22:2a:a4:d9:bb:98:42:8b:d9:b6:b6:60:
                    13:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:29:1B:1A:5F:9C:9C:68:22:C0:41:D7:D6:D5:81:F1:58:89:2A:A7
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:c2:82:0b:b4:5b:a2:5c:80:4f:1a:01:f3:79:68:80:3a:f0:
         dc:a3:c6:8c:22:ac:30:9f:e7:66:ea:4f:67:6f:8f:c9:9c:0d:
         03:12:57:c6:c6:44:1e:c2:f1:eb:2f:d8:9c:7f:bd:6d:98:76:
         6c:5a:c8:b2:b1:9c:d5:a1:17:b4:f1:43:76:7d:94:cc:14:98:
         78:39:c7:cc:0b:05:49:b3:fb:4e:ae:f1:db:a9:30:5d:64:dc:
         d0:0a:10:b7:68:d4:85:23:7d:19:2e:35:3b:a6:b2:3d:85:54:
         25:a3:96:8e:3e:4e:0e:b5:a2:01:0d:cc:bf:9b:d3:fe:f4:46:
         80:4a:d7:82:ea:cc:6b:16:71:a6:97:6b:4e:5c:e5:a9:fe:48:
         55:e1:39:cf:0b:49:fd:b5:15:6f:89:0d:f0:7b:ff:91:35:fd:
         0f:44:da:c3:29:50:2a:2e:16:0e:ae:81:88:fa:e4:8b:76:e6:
         7d:db:3c:12:8e:9f:b0:f0:cf:e2:65:7c:5b:b7:5c:cc:ca:f3:
         f6:19:ac:96:78:1e:4c:d8:c4:dd:88:af:80:00:58:8d:9d:ef:
         88:0b:3c:e3:0f:2a:84:ae:af:cd:29:09:07:54:bf:d2:d9:a9:
         69:8a:31:46:06:00:20:6e:cb:9e:d8:9b:c4:20:9f:ce:51:f2:
         e4:34:5d:30
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUIZsUd9/WXuWIT+PkTC35jV/FDLMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA4MDIxMTE5MjRaFw0yNTA4MDExMTI0MjRaMDMxMTAvBgNV
BAMTKDlEMjkxQjFBNUY5QzlDNjgyMkMwNDFEN0Q2RDU4MUYxNTg4OTJBQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH6Pxt2y+DVNXMrcYxHFk+tSMJ
KQYoFebRrYMbwHARYRiZ4HKzju/TEBZ3T8wr+Fs8xVqGV/cVS/Gg5s0w3VsitQ46
d3PMtHbuXjclJgQLSxvDD3fBwEsKq934K43UqiljYUPje+D7I5NdzQyNzn7e6zBD
wKkr9EJ6yrDduSozDE2/2EH4OqUedLR7B3K7d28+NHa0VtvQ8WYyVjcyfP3rBV9F
btDQ7CnEYrhlIpjdRV8oSWJ9gvXmZyaGapoBneOCAWZvFh017eW7s9tgmnLMreq1
+4iLVflyIZHCJr2N3WRoUFX3TiSucRVjIqB97UlezSIqpNm7mEKL2ba2YBPPAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUnSkbGl+cnGgiwEHX1tWB8ViJKqcwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwkMA0GCSqGSIb3DQEBCwUAA4IBAQA9
woILtFuiXIBPGgHzeWiAOvDco8aMIqwwn+dm6k9nb4/JnA0DElfGxkQewvHrL9ic
f71tmHZsWsiysZzVoRe08UN2fZTMFJh4OcfMCwVJs/tOrvHbqTBdZNzQChC3aNSF
I30ZLjU7prI9hVQlo5aOPk4OtaIBDcy/m9P+9EaASteC6sxrFnGml2tOXOWp/khV
4TnPC0n9tRVviQ3we/+RNf0PRNrDKVAqLhYOroGI+uSLduZ92zwSjp+w8M/iZXxb
t1zMyvP2GayWeB5M2MTdiK+AAFiNne+ICzzjDyqErq/NKQkHVL/S2alpijFGBgAg
bsue2JvEIJ/OUfLkNF0w
-----END CERTIFICATE-----