Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203134363138.roa
File:                     3134372e32382e33372e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          APLh3KiykJlKx2rboUWCUUJKNl1jjepKMKBAU8TebTk=
Subject key identifier:   7D:4B:DA:97:B0:23:75:9A:E4:75:58:6D:C7:5B:96:66:C0:E5:5C:4C
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       1D805CF2C7D5040CFA82C30122DB1A60E15C70B8
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203134363138.roa
Signing time:             Wed 17 Jul 2024 13:17:58 +0000
ROA not before:           Wed 17 Jul 2024 13:12:58 +0000
ROA not after:            Wed 16 Jul 2025 13:17:58 +0000
asID:                     14618
IP address blocks:        147.28.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:80:5c:f2:c7:d5:04:0c:fa:82:c3:01:22:db:1a:60:e1:5c:70:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul 17 13:12:58 2024 GMT
            Not After : Jul 16 13:17:58 2025 GMT
        Subject: CN=7D4BDA97B023759AE475586DC75B9666C0E55C4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:27:36:59:00:bd:1e:81:1f:45:7b:6c:3b:78:
                    67:83:21:f9:6f:26:7c:54:e2:27:58:21:b4:3b:82:
                    77:ff:8c:ea:c9:f8:61:0c:da:7c:fb:53:c7:1c:56:
                    fe:64:60:2f:a8:63:1e:28:1c:a6:12:98:c6:e5:13:
                    ee:7b:93:65:61:47:e7:99:09:91:1d:3c:3f:0c:72:
                    7a:c9:99:34:05:43:cc:aa:ec:57:41:d5:fb:05:42:
                    47:18:48:46:ab:c4:a8:9f:0e:58:4f:3a:29:5a:f1:
                    7b:31:cb:d5:de:ad:43:f3:7c:24:3a:6d:ef:3c:aa:
                    f7:d6:9c:9f:0f:30:dd:21:24:23:a8:a5:46:24:c5:
                    fd:d5:b7:44:90:2e:b7:b3:8a:cc:60:89:fc:65:d9:
                    60:d4:15:c2:dd:7f:82:3c:a7:bd:de:57:ec:de:e8:
                    f2:2b:a1:d8:e8:52:e4:92:12:a1:4a:a8:0f:b9:3e:
                    74:81:03:24:6b:b5:6f:37:47:dd:b8:52:8e:70:d0:
                    0b:5f:92:55:30:87:ba:1d:55:dc:e4:69:8c:74:a0:
                    45:3c:90:de:26:4f:41:07:94:b0:2a:17:91:b3:74:
                    aa:07:1e:4c:de:ca:50:a6:55:91:50:4e:59:fc:f4:
                    57:51:fd:a9:e2:ac:fa:ac:59:c1:6f:5c:ba:5f:ff:
                    57:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:4B:DA:97:B0:23:75:9A:E4:75:58:6D:C7:5B:96:66:C0:E5:5C:4C
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:7f:7e:07:99:df:e2:db:74:9e:2e:65:de:12:a6:65:a7:51:
         fa:48:35:39:6b:c3:ae:65:8d:f7:fe:56:6f:88:50:ac:3c:76:
         cd:18:d4:81:84:8e:86:32:bc:bd:e7:06:f7:7d:25:25:80:30:
         61:13:5c:3c:fd:5b:39:fe:90:e0:d8:27:42:0c:9c:da:61:64:
         0c:30:89:d5:28:9b:b2:4b:89:32:38:b7:56:ec:1f:d1:a0:13:
         d0:4e:bc:0c:44:66:db:be:1f:18:0f:2f:0a:5b:e7:b5:f8:75:
         41:64:da:14:93:bd:84:65:fb:93:34:bf:35:48:7b:56:e3:af:
         c0:cc:38:2e:be:cc:6b:27:d9:d4:b4:94:98:3e:a1:a1:99:bc:
         11:d8:37:ef:8f:78:45:f3:05:1b:a9:9c:af:0a:16:1a:ad:10:
         29:6e:40:e2:c9:4f:72:aa:05:a3:b5:d4:ac:e2:db:87:fe:33:
         cf:ea:9d:ea:88:d0:2c:6e:47:3c:60:a8:06:eb:ca:fa:17:44:
         e6:6f:0b:23:73:d8:61:06:47:4c:78:6e:46:7e:31:6a:91:ff:
         64:03:6b:65:8d:c7:82:b8:31:60:4c:3a:01:96:4a:84:86:37:
         99:37:0d:63:d9:66:16:35:ec:c6:cb:d1:4b:19:9e:4c:a8:56:
         a4:a5:5d:87
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUHYBc8sfVBAz6gsMBItsaYOFccLgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA3MTcxMzEyNThaFw0yNTA3MTYxMzE3NThaMDMxMTAvBgNV
BAMTKDdENEJEQTk3QjAyMzc1OUFFNDc1NTg2REM3NUI5NjY2QzBFNTVDNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2JzZZAL0egR9Fe2w7eGeDIflv
JnxU4idYIbQ7gnf/jOrJ+GEM2nz7U8ccVv5kYC+oYx4oHKYSmMblE+57k2VhR+eZ
CZEdPD8McnrJmTQFQ8yq7FdB1fsFQkcYSEarxKifDlhPOila8Xsxy9XerUPzfCQ6
be88qvfWnJ8PMN0hJCOopUYkxf3Vt0SQLrezisxgifxl2WDUFcLdf4I8p73eV+ze
6PIrodjoUuSSEqFKqA+5PnSBAyRrtW83R924Uo5w0AtfklUwh7odVdzkaYx0oEU8
kN4mT0EHlLAqF5GzdKoHHkzeylCmVZFQTln89FdR/anirPqsWcFvXLpf/1dLAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUfUval7AjdZrkdVhtx1uWZsDlXEwwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwlMA0GCSqGSIb3DQEBCwUAA4IBAQBW
f34Hmd/i23SeLmXeEqZlp1H6SDU5a8OuZY33/lZviFCsPHbNGNSBhI6GMry95wb3
fSUlgDBhE1w8/Vs5/pDg2CdCDJzaYWQMMInVKJuyS4kyOLdW7B/RoBPQTrwMRGbb
vh8YDy8KW+e1+HVBZNoUk72EZfuTNL81SHtW46/AzDguvsxrJ9nUtJSYPqGhmbwR
2Dfvj3hF8wUbqZyvChYarRApbkDiyU9yqgWjtdSs4tuH/jPP6p3qiNAsbkc8YKgG
68r6F0Tmbwsjc9hhBkdMeG5GfjFqkf9kA2tljceCuDFgTDoBlkqEhjeZNw1j2WYW
NezGy9FLGZ5MqFakpV2H
-----END CERTIFICATE-----