Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203134363138.roa
File:                     3134372e32382e33372e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          YKy7dYzx5WoEigTqShz2CotSZYihVeh+7ZFxbHrc34s=
Subject key identifier:   F4:07:E0:0E:49:F0:D0:BC:B3:5B:2D:45:2E:E9:48:1D:D8:D7:28:57
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       7CF82C24C557522240E637C84983D19159F7B87E
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203134363138.roa
Signing time:             Wed 16 Aug 2023 13:05:59 +0000
ROA not before:           Wed 16 Aug 2023 13:00:59 +0000
ROA not after:            Wed 14 Aug 2024 13:05:59 +0000
asID:                     14618
IP address blocks:        147.28.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:f8:2c:24:c5:57:52:22:40:e6:37:c8:49:83:d1:91:59:f7:b8:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug 16 13:00:59 2023 GMT
            Not After : Aug 14 13:05:59 2024 GMT
        Subject: CN=F407E00E49F0D0BCB35B2D452EE9481DD8D72857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:bb:37:20:f8:d7:d7:5b:08:e2:fe:0c:35:8d:
                    fa:cf:54:8f:a9:9f:a2:2e:e1:e4:2c:28:8a:ae:02:
                    7d:fe:0b:ba:17:66:5a:ec:8a:5b:eb:34:46:65:ed:
                    01:b4:f7:38:27:d3:02:88:91:cb:10:04:e0:c8:fc:
                    9d:1d:45:4d:81:cc:18:c0:74:6d:e3:b3:d6:a8:d5:
                    2c:c4:9e:21:6a:e9:47:5b:6d:19:89:6e:ce:27:f1:
                    a4:d6:f1:66:0a:c2:6c:c3:14:18:63:f8:e2:78:14:
                    8d:ed:ed:70:c6:f0:26:79:24:7e:a4:0a:bb:23:48:
                    1d:77:36:68:f5:af:e7:e3:14:12:2d:a4:72:52:45:
                    09:1c:f0:8b:6a:e4:eb:26:67:43:7f:c6:92:97:62:
                    19:4a:53:07:18:67:ca:7e:9c:6e:f8:7f:0d:bd:37:
                    c9:63:54:59:37:7d:df:0e:62:13:9e:2a:bf:71:b5:
                    6d:44:f1:70:e7:76:3f:6e:f9:3f:30:e5:61:2c:14:
                    3d:8d:99:60:94:9b:a7:bb:3d:11:96:f8:5a:54:01:
                    60:d8:c5:51:8d:cc:11:48:69:d9:bd:3b:da:33:44:
                    6b:a3:0b:27:ec:21:76:c4:3f:ef:e6:a9:4b:f8:13:
                    5d:da:f9:bd:5e:2b:6b:04:59:b8:79:63:c1:1b:8c:
                    85:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:07:E0:0E:49:F0:D0:BC:B3:5B:2D:45:2E:E9:48:1D:D8:D7:28:57
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:dd:e5:73:ab:ab:26:9a:b1:53:06:86:4e:7d:ae:32:ab:cc:
         12:73:11:e1:b8:3c:27:33:fa:b9:69:34:67:47:b2:fa:09:4b:
         95:0c:b6:a8:d1:b9:20:49:5f:fc:8b:55:74:3f:37:32:0d:66:
         94:11:6b:ff:d1:83:8e:56:b8:ad:b1:fe:f9:f9:2d:07:01:1b:
         0d:22:5a:12:94:eb:ee:a4:16:32:2b:d3:b1:39:d6:fe:9f:62:
         2b:3d:b3:e8:ea:58:1c:87:2e:c0:c5:57:13:b6:7a:e2:41:cd:
         94:98:6e:63:07:e2:bb:d4:86:62:75:cf:73:26:a5:06:d1:9b:
         f8:bf:fe:8b:d9:a9:9b:f7:38:80:ab:a3:1b:ca:46:59:73:4e:
         d1:49:90:c5:c9:62:be:39:47:70:2d:86:bf:6c:12:30:1a:67:
         75:64:37:6e:1e:3c:13:c9:dd:cb:62:43:c8:07:11:6a:6d:2b:
         ae:e2:3e:db:fc:3b:01:ef:3f:85:87:92:0b:07:72:55:17:41:
         33:55:2c:15:02:7e:0a:6f:c7:85:c4:47:30:0f:9e:5a:20:e1:
         ae:f7:d9:b5:d2:9e:bd:d7:e9:7d:86:6e:20:16:61:31:0a:4a:
         64:ea:8e:cc:a2:ba:6d:fa:49:eb:fd:dc:f4:9c:8d:4b:3f:7b:
         ca:5b:21:23
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUfPgsJMVXUiJA5jfISYPRkVn3uH4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzA4MTYxMzAwNTlaFw0yNDA4MTQxMzA1NTlaMDMxMTAvBgNV
BAMTKEY0MDdFMDBFNDlGMEQwQkNCMzVCMkQ0NTJFRTk0ODFERDhENzI4NTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUuzcg+NfXWwji/gw1jfrPVI+p
n6Iu4eQsKIquAn3+C7oXZlrsilvrNEZl7QG09zgn0wKIkcsQBODI/J0dRU2BzBjA
dG3js9ao1SzEniFq6UdbbRmJbs4n8aTW8WYKwmzDFBhj+OJ4FI3t7XDG8CZ5JH6k
CrsjSB13Nmj1r+fjFBItpHJSRQkc8Itq5OsmZ0N/xpKXYhlKUwcYZ8p+nG74fw29
N8ljVFk3fd8OYhOeKr9xtW1E8XDndj9u+T8w5WEsFD2NmWCUm6e7PRGW+FpUAWDY
xVGNzBFIadm9O9ozRGujCyfsIXbEP+/mqUv4E13a+b1eK2sEWbh5Y8EbjIWzAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQU9AfgDknw0LyzWy1FLulIHdjXKFcwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwlMA0GCSqGSIb3DQEBCwUAA4IBAQAY
3eVzq6smmrFTBoZOfa4yq8wScxHhuDwnM/q5aTRnR7L6CUuVDLao0bkgSV/8i1V0
PzcyDWaUEWv/0YOOVritsf75+S0HARsNIloSlOvupBYyK9OxOdb+n2IrPbPo6lgc
hy7AxVcTtnriQc2UmG5jB+K71IZidc9zJqUG0Zv4v/6L2amb9ziAq6MbykZZc07R
SZDFyWK+OUdwLYa/bBIwGmd1ZDduHjwTyd3LYkPIBxFqbSuu4j7b/DsB7z+Fh5IL
B3JVF0EzVSwVAn4Kb8eFxEcwD55aIOGu99m10p691+l9hm4gFmExCkpk6o7Morpt
+knr/dz0nI1LP3vKWyEj
-----END CERTIFICATE-----