Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33372e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          01NSxW0GZsW65ZW+6HAKz43Qn5RnX0/GK4672JI1GPQ=
Subject key identifier:   2D:01:F4:34:B9:8C:7B:B6:F5:73:8B:A0:35:5C:29:E2:E6:3A:D0:EA
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       3A0477227A7F1F342FD01FF90D9705F2C9C36F0D
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203136353039.roa
Signing time:             Wed 17 Jul 2024 13:17:58 +0000
ROA not before:           Wed 17 Jul 2024 13:12:58 +0000
ROA not after:            Wed 16 Jul 2025 13:17:58 +0000
asID:                     16509
IP address blocks:        147.28.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:04:77:22:7a:7f:1f:34:2f:d0:1f:f9:0d:97:05:f2:c9:c3:6f:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul 17 13:12:58 2024 GMT
            Not After : Jul 16 13:17:58 2025 GMT
        Subject: CN=2D01F434B98C7BB6F5738BA0355C29E2E63AD0EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f4:af:21:52:bf:9f:7e:fa:b3:d3:ab:6f:6a:
                    5c:7b:a0:8c:75:5e:2f:86:52:64:ce:0a:a8:ba:1b:
                    81:81:9a:7f:c4:6b:e9:d8:fd:72:fb:08:f7:09:aa:
                    70:97:22:77:82:6d:d2:98:67:60:4f:58:c3:94:a5:
                    50:6a:73:30:1a:76:bb:45:93:d0:a8:32:18:2d:de:
                    30:e4:72:c9:09:1f:fa:1e:f8:a0:ce:66:5d:ae:fd:
                    bb:b3:a5:1f:1f:9c:a5:ad:e1:8a:4b:1b:4b:e4:2d:
                    36:f4:3b:b5:5a:30:94:f1:4e:26:7c:4f:78:f9:7a:
                    b5:4a:08:a7:7e:97:d6:8f:61:8e:b3:c9:8d:20:0e:
                    64:17:07:e1:29:c9:f4:8e:2e:7d:a5:d0:59:4a:4a:
                    03:c7:10:27:be:0f:d5:88:b9:08:58:2f:89:fb:1a:
                    d1:6f:ba:04:08:6c:31:84:1f:52:1c:ef:1a:b6:f3:
                    63:c4:39:29:70:d6:4e:66:b8:78:94:ca:ea:97:40:
                    79:3c:4b:61:55:aa:08:81:68:ca:cc:c2:91:c5:c5:
                    31:2b:3e:61:14:92:61:3f:ce:28:23:7e:76:7a:ce:
                    3a:d7:74:2b:87:a1:f8:f0:96:96:a7:41:47:e0:dc:
                    85:47:d8:c5:74:94:b0:79:93:59:15:80:88:1a:6f:
                    5f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:01:F4:34:B9:8C:7B:B6:F5:73:8B:A0:35:5C:29:E2:E6:3A:D0:EA
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:70:55:48:30:ed:1c:8f:a2:ca:e0:cf:5b:c5:35:d9:fa:db:
         f5:82:3d:93:13:1b:fc:3d:0b:e5:48:56:d9:6d:78:ae:d3:29:
         6b:23:45:db:a0:da:7e:55:2f:9d:ee:36:66:d0:f6:11:f3:7d:
         d5:5e:3a:17:ea:e3:f6:11:77:12:04:a9:98:f4:5b:92:b8:d6:
         79:6e:e1:b2:3f:7b:36:c3:cb:04:b8:49:68:f1:fe:11:fe:55:
         a5:60:80:2a:5e:2b:43:40:89:8e:c2:a5:b3:c1:72:b3:7a:81:
         e5:e9:33:12:aa:7a:08:d2:d8:1c:54:da:50:ce:60:8a:ab:42:
         7a:82:21:af:38:66:94:15:e5:d2:c2:29:3f:ac:de:27:5e:9e:
         bd:15:1e:c5:de:17:56:0a:18:59:76:ea:2a:a4:3a:1c:9e:e7:
         3a:7f:55:cd:fc:d2:2d:65:c5:92:98:b9:3e:8f:8f:93:d3:d9:
         b1:51:70:e9:ac:e2:d9:2a:6f:77:46:a9:be:ea:ea:96:92:7a:
         40:b8:d3:e4:11:34:b4:94:16:80:92:64:d8:56:ed:ea:18:c9:
         3f:18:2c:9c:57:7e:69:c1:91:c2:e4:fc:75:26:75:3d:79:2b:
         0a:3b:9a:0a:fe:af:97:c3:dd:ba:a9:0a:8e:75:15:ae:80:f8:
         b0:c4:4b:cc
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUOgR3Inp/HzQv0B/5DZcF8snDbw0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA3MTcxMzEyNThaFw0yNTA3MTYxMzE3NThaMDMxMTAvBgNV
BAMTKDJEMDFGNDM0Qjk4QzdCQjZGNTczOEJBMDM1NUMyOUUyRTYzQUQwRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ9K8hUr+ffvqz06tvalx7oIx1
Xi+GUmTOCqi6G4GBmn/Ea+nY/XL7CPcJqnCXIneCbdKYZ2BPWMOUpVBqczAadrtF
k9CoMhgt3jDkcskJH/oe+KDOZl2u/buzpR8fnKWt4YpLG0vkLTb0O7VaMJTxTiZ8
T3j5erVKCKd+l9aPYY6zyY0gDmQXB+EpyfSOLn2l0FlKSgPHECe+D9WIuQhYL4n7
GtFvugQIbDGEH1Ic7xq282PEOSlw1k5muHiUyuqXQHk8S2FVqgiBaMrMwpHFxTEr
PmEUkmE/zigjfnZ6zjrXdCuHofjwlpanQUfg3IVH2MV0lLB5k1kVgIgab19jAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQULQH0NLmMe7b1c4ugNVwp4uY60OowHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwlMA0GCSqGSIb3DQEBCwUAA4IBAQBq
cFVIMO0cj6LK4M9bxTXZ+tv1gj2TExv8PQvlSFbZbXiu0ylrI0XboNp+VS+d7jZm
0PYR833VXjoX6uP2EXcSBKmY9FuSuNZ5buGyP3s2w8sEuElo8f4R/lWlYIAqXitD
QImOwqWzwXKzeoHl6TMSqnoI0tgcVNpQzmCKq0J6giGvOGaUFeXSwik/rN4nXp69
FR7F3hdWChhZduoqpDocnuc6f1XN/NItZcWSmLk+j4+T09mxUXDprOLZKm93Rqm+
6uqWknpAuNPkETS0lBaAkmTYVu3qGMk/GCycV35pwZHC5Px1JnU9eSsKO5oK/q+X
w926qQqOdRWugPiwxEvM
-----END CERTIFICATE-----