Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33372e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          IEeI2ORfXtrM8g5GfIdMBAxglCCHDNK8SwDSFSXHoCA=
Subject key identifier:   81:7E:E9:FD:FF:9E:FA:04:A4:B5:02:8E:7B:B8:A6:09:35:EC:50:25
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       487C1626CFED03956558410EB7B9C601A2967947
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203136353039.roa
Signing time:             Wed 16 Aug 2023 13:05:47 +0000
ROA not before:           Wed 16 Aug 2023 13:00:47 +0000
ROA not after:            Wed 14 Aug 2024 13:05:47 +0000
asID:                     16509
IP address blocks:        147.28.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:7c:16:26:cf:ed:03:95:65:58:41:0e:b7:b9:c6:01:a2:96:79:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug 16 13:00:47 2023 GMT
            Not After : Aug 14 13:05:47 2024 GMT
        Subject: CN=817EE9FDFF9EFA04A4B5028E7BB8A60935EC5025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3d:4d:10:46:13:9d:ad:fb:3f:1f:52:1d:b8:
                    be:0c:4f:a7:46:96:26:bc:cc:84:71:20:20:47:16:
                    4e:5b:52:35:b9:f9:a0:e3:34:b7:81:04:fd:8e:2a:
                    19:da:a8:18:c0:3a:ab:ed:11:7d:80:02:a7:f3:a4:
                    a5:b7:1f:14:88:0b:9c:4c:d6:e4:76:c9:1d:e4:5a:
                    69:33:f2:36:45:ed:89:83:e8:d5:87:b4:5b:0d:03:
                    0b:23:00:1d:06:f5:d6:6a:9f:8b:6f:c9:b8:df:ee:
                    75:a3:a5:c7:b0:b0:37:cc:1f:7e:fd:68:9f:9e:35:
                    3f:10:80:61:f4:16:49:8d:b8:99:1f:61:7e:f3:96:
                    8d:9b:21:67:0b:40:bc:3c:93:06:23:96:77:51:66:
                    e9:a1:25:9d:ee:fb:e2:88:f8:32:db:65:6a:e1:6e:
                    71:5d:0f:86:75:c5:2c:fb:29:28:e3:e9:1a:bb:cc:
                    95:8d:b4:b4:3e:08:3b:8c:f1:a0:d4:2a:cb:7a:ed:
                    fd:72:cd:36:09:1c:3b:50:e2:5e:1d:6f:c7:86:c4:
                    68:c3:eb:31:19:33:57:fd:e2:a9:b3:85:85:93:8c:
                    10:a1:d9:c3:d0:3f:7d:66:f1:3b:99:46:5a:48:c3:
                    ee:ed:b8:85:2c:d9:a6:45:c7:d7:9f:a1:24:7b:07:
                    87:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:7E:E9:FD:FF:9E:FA:04:A4:B5:02:8E:7B:B8:A6:09:35:EC:50:25
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:07:92:7c:41:46:66:dc:cc:54:cd:4c:ba:2b:24:7f:31:f0:
         ee:1a:14:6b:53:a0:39:0e:7f:5d:90:f1:ac:f7:f9:5e:6c:e7:
         c4:bf:05:43:fd:e2:00:03:e5:55:88:68:5a:52:f9:96:ef:8d:
         f9:8b:ae:1c:bf:84:a5:7b:09:af:9a:76:24:fb:b6:cd:5b:e4:
         99:10:24:78:fa:f7:d3:e0:53:f5:97:03:b6:c8:17:f5:a6:e3:
         31:87:73:1d:6e:e3:a1:b9:2c:69:00:86:3b:29:7a:9e:12:b4:
         d1:7d:ea:84:d0:91:0b:0d:d9:b9:ba:eb:a1:08:7d:db:08:b4:
         08:d5:19:23:85:f6:c9:8d:83:eb:a6:f4:33:b3:f6:a7:61:8f:
         d0:66:e3:4d:d9:5d:09:ef:c9:08:ee:0b:86:61:94:8c:af:d6:
         b9:92:4c:19:cf:0d:a4:96:0a:97:c5:cd:6e:3e:78:52:cc:3e:
         26:fe:01:67:9f:b4:b3:9a:fa:3e:29:50:4a:86:5d:f3:64:ff:
         fc:c5:a3:f9:bc:d6:61:6b:8f:5c:8a:e6:10:81:95:8d:8a:fb:
         6e:dd:2d:72:09:e4:05:b2:10:72:22:cf:e8:9f:83:b3:81:41:
         ce:82:22:32:b6:99:28:6f:8e:8e:97:be:41:cb:08:43:e9:7d:
         c4:51:9a:91
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUSHwWJs/tA5VlWEEOt7nGAaKWeUcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzA4MTYxMzAwNDdaFw0yNDA4MTQxMzA1NDdaMDMxMTAvBgNV
BAMTKDgxN0VFOUZERkY5RUZBMDRBNEI1MDI4RTdCQjhBNjA5MzVFQzUwMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZPU0QRhOdrfs/H1IduL4MT6dG
lia8zIRxICBHFk5bUjW5+aDjNLeBBP2OKhnaqBjAOqvtEX2AAqfzpKW3HxSIC5xM
1uR2yR3kWmkz8jZF7YmD6NWHtFsNAwsjAB0G9dZqn4tvybjf7nWjpcewsDfMH379
aJ+eNT8QgGH0FkmNuJkfYX7zlo2bIWcLQLw8kwYjlndRZumhJZ3u++KI+DLbZWrh
bnFdD4Z1xSz7KSjj6Rq7zJWNtLQ+CDuM8aDUKst67f1yzTYJHDtQ4l4db8eGxGjD
6zEZM1f94qmzhYWTjBCh2cPQP31m8TuZRlpIw+7tuIUs2aZFx9efoSR7B4fJAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUgX7p/f+e+gSktQKOe7imCTXsUCUwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwlMA0GCSqGSIb3DQEBCwUAA4IBAQAg
B5J8QUZm3MxUzUy6KyR/MfDuGhRrU6A5Dn9dkPGs9/lebOfEvwVD/eIAA+VViGha
UvmW7435i64cv4SlewmvmnYk+7bNW+SZECR4+vfT4FP1lwO2yBf1puMxh3MdbuOh
uSxpAIY7KXqeErTRfeqE0JELDdm5uuuhCH3bCLQI1RkjhfbJjYPrpvQzs/anYY/Q
ZuNN2V0J78kI7guGYZSMr9a5kkwZzw2klgqXxc1uPnhSzD4m/gFnn7Szmvo+KVBK
hl3zZP/8xaP5vNZha49ciuYQgZWNivtu3S1yCeQFshByIs/on4OzgUHOgiIytpko
b46Ol75BywhD6X3EUZqR
-----END CERTIFICATE-----