Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203134363138.roa
File:                     3134372e32382e33382e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          kPAeLIpIIEe1akssBmOUVKEz2kzlF9mX5BXU+Tmvz9A=
Subject key identifier:   DC:96:94:71:99:7F:08:50:BB:F0:72:B3:95:43:1E:0E:4A:F1:61:ED
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       5C4C3B8439D04F3D0A657D328B4FDCDFE3ED375A
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203134363138.roa
Signing time:             Mon 04 Nov 2024 16:09:04 +0000
ROA not before:           Mon 04 Nov 2024 16:04:04 +0000
ROA not after:            Mon 03 Nov 2025 16:09:04 +0000
asID:                     14618
IP address blocks:        147.28.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 17:49:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:4c:3b:84:39:d0:4f:3d:0a:65:7d:32:8b:4f:dc:df:e3:ed:37:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Nov  4 16:04:04 2024 GMT
            Not After : Nov  3 16:09:04 2025 GMT
        Subject: CN=DC969471997F0850BBF072B395431E0E4AF161ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:22:c3:b8:8d:3b:1b:ed:90:b6:e7:48:85:ce:
                    0f:20:aa:4c:a5:70:4b:fa:a8:9f:48:b5:75:bb:a9:
                    4b:28:33:5a:46:e8:e8:88:9a:43:f8:6e:0e:29:fd:
                    f8:82:28:89:d0:53:7e:d7:80:56:e7:41:43:93:6f:
                    04:d6:07:d9:8b:44:5d:2d:08:c9:95:c1:a2:79:17:
                    25:ab:3d:5c:04:84:b3:9a:0d:1c:fd:5e:d4:b4:d1:
                    3a:8a:0f:e6:49:90:26:e8:ca:35:ce:6d:fd:0d:35:
                    3b:ef:42:88:6b:51:4c:99:15:dc:46:73:48:6b:ed:
                    57:35:7d:c8:3b:04:22:28:e0:8a:47:b5:37:c6:16:
                    84:76:8a:6d:25:5c:6c:eb:4b:41:c0:46:f0:73:3f:
                    d6:75:8e:de:98:d4:06:c2:c1:cf:55:4a:04:3a:74:
                    33:23:e4:a4:e4:46:e4:6c:20:79:df:52:4f:85:3f:
                    87:17:3f:40:cc:f8:5d:6b:81:2c:a7:85:66:f9:37:
                    5d:cc:f6:4d:54:a0:48:73:d9:54:de:b8:32:a2:b4:
                    c0:3d:2d:b5:a3:ca:cf:b8:8f:9d:6f:93:92:5f:c1:
                    30:c9:01:10:1e:7a:b9:64:3e:c2:32:ac:f6:57:60:
                    3c:b0:df:ef:f5:c3:e1:41:a2:fe:4e:b0:7b:17:67:
                    69:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:96:94:71:99:7F:08:50:BB:F0:72:B3:95:43:1E:0E:4A:F1:61:ED
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:0c:9b:ca:96:5b:2f:7a:fe:47:0d:58:12:64:3d:bc:43:86:
         33:69:79:b0:17:54:38:26:41:7f:23:54:d9:34:c5:d5:2a:1c:
         07:46:49:a6:00:1a:76:94:b9:4a:b1:de:bc:d7:ad:0d:be:8c:
         91:8f:87:ba:99:59:c6:0a:00:9d:d0:a3:e9:e8:8f:7a:49:64:
         b7:d1:58:0a:86:c7:f2:71:c6:3d:2e:b9:6c:3c:6b:1a:8d:d5:
         14:43:44:a9:2e:64:79:b3:c6:ce:31:04:ea:5f:57:d5:dc:cd:
         75:c6:20:d0:58:f1:5a:ae:6e:e7:12:75:5e:fe:8c:78:aa:25:
         fd:b9:b1:95:d6:38:a1:29:20:04:81:53:1d:e2:e5:40:85:e2:
         01:09:f7:08:b7:b1:08:76:34:d4:2a:08:9c:16:44:6e:94:56:
         bf:9f:e2:ae:db:74:81:c2:85:a8:8f:c6:a7:14:83:4e:89:23:
         65:99:e7:4f:17:5a:25:41:46:57:f9:a3:b1:d8:9c:4d:96:46:
         83:fe:98:d0:52:5b:17:42:9d:c9:1e:e4:0a:19:12:8e:69:7d:
         39:b6:ab:f1:2c:34:dd:71:65:7c:ad:6b:51:ff:3a:b6:25:3f:
         fe:94:38:a6:89:a6:99:4c:0e:9f:1f:e5:79:55:fa:23:12:f9:
         12:24:3d:7f
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUXEw7hDnQTz0KZX0yi0/c3+PtN1owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDExMDQxNjA0MDRaFw0yNTExMDMxNjA5MDRaMDMxMTAvBgNV
BAMTKERDOTY5NDcxOTk3RjA4NTBCQkYwNzJCMzk1NDMxRTBFNEFGMTYxRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8IsO4jTsb7ZC250iFzg8gqkyl
cEv6qJ9ItXW7qUsoM1pG6OiImkP4bg4p/fiCKInQU37XgFbnQUOTbwTWB9mLRF0t
CMmVwaJ5FyWrPVwEhLOaDRz9XtS00TqKD+ZJkCboyjXObf0NNTvvQohrUUyZFdxG
c0hr7Vc1fcg7BCIo4IpHtTfGFoR2im0lXGzrS0HARvBzP9Z1jt6Y1AbCwc9VSgQ6
dDMj5KTkRuRsIHnfUk+FP4cXP0DM+F1rgSynhWb5N13M9k1UoEhz2VTeuDKitMA9
LbWjys+4j51vk5JfwTDJARAeerlkPsIyrPZXYDyw3+/1w+FBov5OsHsXZ2mnAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQU3JaUcZl/CFC78HKzlUMeDkrxYe0wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwmMA0GCSqGSIb3DQEBCwUAA4IBAQCH
DJvKllsvev5HDVgSZD28Q4YzaXmwF1Q4JkF/I1TZNMXVKhwHRkmmABp2lLlKsd68
160NvoyRj4e6mVnGCgCd0KPp6I96SWS30VgKhsfyccY9LrlsPGsajdUUQ0SpLmR5
s8bOMQTqX1fV3M11xiDQWPFarm7nEnVe/ox4qiX9ubGV1jihKSAEgVMd4uVAheIB
CfcIt7EIdjTUKgicFkRulFa/n+Ku23SBwoWoj8anFINOiSNlmedPF1olQUZX+aOx
2JxNlkaD/pjQUlsXQp3JHuQKGRKOaX05tqvxLDTdcWV8rWtR/zq2JT/+lDimiaaZ
TA6fH+V5VfojEvkSJD1/
-----END CERTIFICATE-----