Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203432343237.roa
File:                     3134372e32382e33362e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          C9Uk+4JRMhqg5QA1BZiKr0voa/7RlKSmgYvwcSRNBLA=
Subject key identifier:   FF:2B:7D:17:50:9D:5C:D7:EE:E2:6E:A3:B5:4A:B0:6E:07:A0:08:B7
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       43014ABA05238139EB827E2CA7BDD5B5F2613618
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 02 Aug 2024 11:24:24 +0000
ROA not before:           Fri 02 Aug 2024 11:19:24 +0000
ROA not after:            Fri 01 Aug 2025 11:24:24 +0000
asID:                     42427
IP address blocks:        147.28.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:01:4a:ba:05:23:81:39:eb:82:7e:2c:a7:bd:d5:b5:f2:61:36:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug  2 11:19:24 2024 GMT
            Not After : Aug  1 11:24:24 2025 GMT
        Subject: CN=FF2B7D17509D5CD7EEE26EA3B54AB06E07A008B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:62:6b:c8:2d:63:b0:76:a2:0e:d7:74:d9:cb:
                    f5:36:2d:a0:b9:8e:d7:b2:a3:97:92:cc:8c:e4:51:
                    6c:b7:b8:80:b3:38:4a:d0:38:dd:f2:45:14:36:7e:
                    a2:d2:59:53:65:84:66:fa:7b:2b:47:6d:d0:5d:7c:
                    25:51:d6:1a:2d:3c:8e:51:01:77:4d:90:fc:2e:47:
                    89:04:4d:89:f4:e4:b8:a9:72:82:cf:cb:bc:34:19:
                    5d:e2:3e:0a:7a:32:71:87:38:60:b3:b8:9b:ab:25:
                    dd:b5:d6:a3:c8:49:55:ce:ef:42:68:dd:5f:3a:ae:
                    11:42:02:e5:f3:8d:41:cf:ec:6a:34:b0:4b:1f:a3:
                    5e:f7:3d:82:ae:06:ab:9c:93:13:3f:1d:d4:29:07:
                    f2:83:a6:36:a8:78:8a:a6:0c:63:e6:1e:f3:4b:1d:
                    8b:65:1e:a6:bf:29:26:a8:a8:e2:b6:5c:e1:94:a5:
                    f0:c5:c8:22:ce:81:7a:da:b9:ef:b0:b8:30:02:2a:
                    4f:dc:f6:dc:49:d3:24:a7:94:b6:e0:a9:75:28:75:
                    94:f5:cb:c0:44:da:bd:5a:5f:60:4e:b2:af:b6:66:
                    9a:a8:96:f6:6a:57:41:46:56:d7:43:36:c3:a9:78:
                    ea:09:37:63:26:f7:b7:81:76:46:49:ba:52:ba:28:
                    51:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:2B:7D:17:50:9D:5C:D7:EE:E2:6E:A3:B5:4A:B0:6E:07:A0:08:B7
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:5d:25:36:32:85:fb:94:0d:8c:0f:d5:a6:5d:af:de:b8:50:
         e5:a9:4b:88:dc:c6:63:7b:4b:22:cc:d6:be:db:a3:a0:02:5b:
         01:03:85:18:65:6a:88:c0:e2:13:58:62:7d:6d:39:02:4c:d6:
         9c:1d:f6:2d:20:68:77:a9:a0:bd:16:aa:2d:0b:bf:87:f2:3b:
         9c:10:79:50:c6:d6:71:ef:28:9b:3a:b0:06:bc:bd:0a:43:15:
         88:41:7a:c5:38:f8:b2:3d:34:5c:de:8e:62:a5:40:71:cf:e8:
         b6:b8:db:87:84:f9:6e:c3:64:89:f9:f1:49:1f:65:95:c0:ef:
         0f:9b:60:da:0d:87:d2:9b:dd:ae:bb:04:47:ac:e8:66:af:f9:
         b5:14:8e:db:1d:e5:27:da:0c:3a:48:77:3f:0c:11:8c:4f:47:
         e4:fe:37:91:81:ec:ce:06:43:f3:48:73:28:fe:b6:8f:71:89:
         d2:a8:d1:17:96:63:0c:d2:5d:a1:18:32:e1:9c:f6:f4:13:4f:
         62:f1:b4:eb:99:e6:03:48:d9:46:46:5f:95:65:2a:60:ae:fa:
         d8:a6:06:77:c5:1f:00:d2:52:69:28:72:8e:f7:44:ad:36:44:
         47:09:0c:9d:36:27:69:d2:93:f6:79:3d:37:11:d4:7a:95:96:
         b3:ef:06:62
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUQwFKugUjgTnrgn4sp73VtfJhNhgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA4MDIxMTE5MjRaFw0yNTA4MDExMTI0MjRaMDMxMTAvBgNV
BAMTKEZGMkI3RDE3NTA5RDVDRDdFRUUyNkVBM0I1NEFCMDZFMDdBMDA4QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnYmvILWOwdqIO13TZy/U2LaC5
jteyo5eSzIzkUWy3uICzOErQON3yRRQ2fqLSWVNlhGb6eytHbdBdfCVR1hotPI5R
AXdNkPwuR4kETYn05LipcoLPy7w0GV3iPgp6MnGHOGCzuJurJd211qPISVXO70Jo
3V86rhFCAuXzjUHP7Go0sEsfo173PYKuBquckxM/HdQpB/KDpjaoeIqmDGPmHvNL
HYtlHqa/KSaoqOK2XOGUpfDFyCLOgXraue+wuDACKk/c9txJ0ySnlLbgqXUodZT1
y8BE2r1aX2BOsq+2ZpqolvZqV0FGVtdDNsOpeOoJN2Mm97eBdkZJulK6KFEVAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQU/yt9F1CdXNfu4m6jtUqwbgegCLcwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwkMA0GCSqGSIb3DQEBCwUAA4IBAQCv
XSU2MoX7lA2MD9WmXa/euFDlqUuI3MZje0sizNa+26OgAlsBA4UYZWqIwOITWGJ9
bTkCTNacHfYtIGh3qaC9FqotC7+H8jucEHlQxtZx7yibOrAGvL0KQxWIQXrFOPiy
PTRc3o5ipUBxz+i2uNuHhPluw2SJ+fFJH2WVwO8Pm2DaDYfSm92uuwRHrOhmr/m1
FI7bHeUn2gw6SHc/DBGMT0fk/jeRgezOBkPzSHMo/raPcYnSqNEXlmMM0l2hGDLh
nPb0E09i8bTrmeYDSNlGRl+VZSpgrvrYpgZ3xR8A0lJpKHKO90StNkRHCQydNidp
0pP2eT03EdR6lZaz7wZi
-----END CERTIFICATE-----