Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203339353838.roa
File:                     3134372e32382e33372e302f32342d3234203d3e203339353838.roa (raw, json)
Hash identifier:          jGIG3BIW2unHnm/ngA8/77s/n5oCj3WNBcPlEKpahRw=
Subject key identifier:   41:AA:65:7F:68:7A:C7:CD:C4:EF:C7:F9:A9:49:0F:8D:96:E5:67:ED
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       1FF466C58904F74820BF949E346EFF37958C8D3B
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203339353838.roa
Signing time:             Wed 17 Jul 2024 13:17:58 +0000
ROA not before:           Wed 17 Jul 2024 13:12:58 +0000
ROA not after:            Wed 16 Jul 2025 13:17:58 +0000
asID:                     39588
IP address blocks:        147.28.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:f4:66:c5:89:04:f7:48:20:bf:94:9e:34:6e:ff:37:95:8c:8d:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul 17 13:12:58 2024 GMT
            Not After : Jul 16 13:17:58 2025 GMT
        Subject: CN=41AA657F687AC7CDC4EFC7F9A9490F8D96E567ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:37:a2:e8:d3:94:96:69:b2:8b:a4:2b:b0:e4:
                    b8:aa:2b:ca:5f:a3:fd:cd:51:1f:e0:a8:30:5f:e3:
                    53:5b:aa:f3:84:fb:df:51:d5:b9:c4:a5:80:1b:ef:
                    a8:a8:cc:09:63:dd:0c:19:8f:7b:cf:ab:a5:38:6f:
                    95:94:f3:1a:8c:90:16:e1:7e:f3:8d:a6:55:9b:27:
                    a5:61:d3:0d:6d:2f:65:c0:47:7d:12:5b:d1:28:15:
                    55:b7:0e:d0:7e:65:16:0e:47:46:c0:35:3e:e7:1f:
                    aa:1a:df:2a:01:7b:fc:97:38:c4:7c:3b:15:14:4a:
                    15:5e:60:ba:8c:0f:36:aa:ab:68:80:57:60:2a:79:
                    50:0b:68:e0:b8:d7:6c:48:0e:0b:87:4c:d6:ac:e1:
                    e3:fc:db:d6:6f:75:bd:e4:31:70:bf:65:a0:6b:b5:
                    7d:71:46:c3:45:4e:53:aa:01:9f:e8:c1:60:6f:23:
                    44:c1:10:41:a4:91:5f:b4:59:5e:b2:24:9a:8d:0d:
                    8c:d1:1d:60:a0:b1:21:1b:ee:3a:a6:3a:39:61:e3:
                    86:d0:87:63:fd:b1:27:a5:d3:a6:41:2f:d0:bc:84:
                    3f:87:d3:b3:62:b7:d5:70:b7:e0:aa:90:32:15:9c:
                    ca:21:f5:6f:6b:1c:cb:a3:0c:26:90:46:78:73:db:
                    37:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:AA:65:7F:68:7A:C7:CD:C4:EF:C7:F9:A9:49:0F:8D:96:E5:67:ED
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:9f:95:29:f6:a8:76:32:7d:b4:1a:73:f2:0a:68:91:39:a0:
         44:de:bd:70:4d:37:5f:ce:b0:2c:80:97:e4:f7:e6:87:27:a1:
         6f:0c:b9:ac:82:cb:68:9b:9e:4d:8d:e2:6a:a2:8a:c9:bd:b3:
         05:ff:d1:df:1f:ab:14:43:86:a8:ac:c7:09:da:da:fe:75:8c:
         af:0a:95:50:77:e3:8d:3e:62:e2:c9:06:56:79:b7:a8:30:2f:
         83:7f:4d:2a:e1:fd:f7:9e:bf:19:54:30:9c:8f:cd:18:77:db:
         cc:67:45:a2:20:7f:40:c1:c4:ea:3e:ee:a8:51:f9:5e:33:7c:
         12:46:42:d7:61:ea:85:bb:c6:59:81:fa:61:2a:fc:ac:84:e9:
         9b:4a:91:d4:53:79:73:c5:76:c6:0a:ee:56:cf:f5:55:67:36:
         a9:17:bc:2a:b5:10:34:42:90:c9:8a:3e:bf:57:de:bf:48:37:
         b4:c2:cd:54:a0:16:81:c1:4f:ec:40:a5:86:ed:51:e1:ae:67:
         25:e0:a9:68:5a:6f:6c:67:d1:1b:6c:84:55:d9:49:b1:c1:dd:
         9a:1f:51:db:9d:7c:3f:dc:0a:ae:82:00:d8:a4:aa:68:62:77:
         4f:37:ba:2e:a3:90:76:52:97:0f:d7:cb:18:18:83:26:a6:71:
         5d:21:d3:2b
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUH/RmxYkE90ggv5SeNG7/N5WMjTswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA3MTcxMzEyNThaFw0yNTA3MTYxMzE3NThaMDMxMTAvBgNV
BAMTKDQxQUE2NTdGNjg3QUM3Q0RDNEVGQzdGOUE5NDkwRjhEOTZFNTY3RUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5N6Lo05SWabKLpCuw5LiqK8pf
o/3NUR/gqDBf41NbqvOE+99R1bnEpYAb76iozAlj3QwZj3vPq6U4b5WU8xqMkBbh
fvONplWbJ6Vh0w1tL2XAR30SW9EoFVW3DtB+ZRYOR0bANT7nH6oa3yoBe/yXOMR8
OxUUShVeYLqMDzaqq2iAV2AqeVALaOC412xIDguHTNas4eP829Zvdb3kMXC/ZaBr
tX1xRsNFTlOqAZ/owWBvI0TBEEGkkV+0WV6yJJqNDYzRHWCgsSEb7jqmOjlh44bQ
h2P9sSel06ZBL9C8hD+H07Nit9Vwt+CqkDIVnMoh9W9rHMujDCaQRnhz2zc5AgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUQaplf2h6x83E78f5qUkPjZblZ+0wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMzM5MzUzODM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwlMA0GCSqGSIb3DQEBCwUAA4IBAQCo
n5Up9qh2Mn20GnPyCmiROaBE3r1wTTdfzrAsgJfk9+aHJ6FvDLmsgstom55NjeJq
oorJvbMF/9HfH6sUQ4aorMcJ2tr+dYyvCpVQd+ONPmLiyQZWebeoMC+Df00q4f33
nr8ZVDCcj80Yd9vMZ0WiIH9AwcTqPu6oUfleM3wSRkLXYeqFu8ZZgfphKvyshOmb
SpHUU3lzxXbGCu5Wz/VVZzapF7wqtRA0QpDJij6/V96/SDe0ws1UoBaBwU/sQKWG
7VHhrmcl4KloWm9sZ9EbbIRV2Umxwd2aH1HbnXw/3AquggDYpKpoYndPN7ouo5B2
UpcP18sYGIMmpnFdIdMr
-----END CERTIFICATE-----