Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203134363138.roa
File:                     3134372e32382e33382e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          ofLuMswxByjPhq5Um9j+uGKUKf5fjsSE+LQYqoNBQxk=
Subject key identifier:   16:C8:67:1B:98:E9:24:8F:09:07:78:71:95:22:92:6D:83:70:40:A7
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       315F186CB6285116A170F67D45D28061F497BB44
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203134363138.roa
Signing time:             Mon 04 Dec 2023 15:20:31 +0000
ROA not before:           Mon 04 Dec 2023 15:15:31 +0000
ROA not after:            Mon 02 Dec 2024 15:20:31 +0000
asID:                     14618
IP address blocks:        147.28.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:5f:18:6c:b6:28:51:16:a1:70:f6:7d:45:d2:80:61:f4:97:bb:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Dec  4 15:15:31 2023 GMT
            Not After : Dec  2 15:20:31 2024 GMT
        Subject: CN=16C8671B98E9248F090778719522926D837040A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:09:de:66:a5:eb:7d:6a:90:31:b8:a2:21:90:
                    7d:ea:92:68:54:6b:f5:55:3d:04:33:85:88:2b:13:
                    62:56:c6:e2:6b:12:23:ce:0c:a9:e6:eb:40:b8:12:
                    45:d6:3a:36:72:77:92:0b:d6:5d:ff:62:f9:35:cd:
                    d8:43:81:4b:b0:ea:d4:72:1f:f9:46:36:5a:ef:29:
                    80:07:6c:7c:49:91:69:49:68:e1:f8:d9:b5:3c:bb:
                    7f:f1:88:78:2e:0a:72:c5:4c:c5:be:e2:b2:3d:5f:
                    0e:63:50:a8:5e:d6:c8:68:b3:86:9d:b1:5f:d5:8b:
                    6a:a0:9b:29:03:fc:ba:97:a8:06:d5:c8:9a:88:f0:
                    f5:64:1a:63:90:af:13:ae:71:c4:9d:d5:3f:7d:78:
                    ec:d1:93:66:93:e5:b3:6a:42:26:cb:20:a0:60:10:
                    36:e4:23:25:6c:a1:b4:7c:58:0f:4f:3a:dc:2b:72:
                    10:0a:6e:52:3e:1e:4c:f3:ed:d8:cc:2d:6f:d0:4c:
                    05:0e:f2:fa:5c:b1:01:2b:62:5a:98:ab:1d:56:20:
                    f1:bb:fb:c6:dd:93:79:58:85:26:3e:cf:91:05:fc:
                    1d:ad:b6:eb:7f:0b:4a:ed:0d:7f:a3:f4:a4:8b:2a:
                    7c:cf:f4:39:9e:b2:c8:db:e3:01:3b:09:be:22:ef:
                    98:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C8:67:1B:98:E9:24:8F:09:07:78:71:95:22:92:6D:83:70:40:A7
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:ed:06:60:70:62:6a:46:5e:e6:ea:29:74:86:26:ea:42:18:
         97:74:8d:2d:ad:4d:af:6a:e2:dc:a5:c1:6f:79:8b:fb:9c:8f:
         f3:a4:d3:9a:65:8a:c4:dc:ac:ad:f8:7f:f7:f0:73:6c:04:a9:
         0a:f7:2a:1e:40:a9:3f:22:74:c5:f8:08:6a:04:c6:d3:0a:83:
         dd:5c:e8:ce:4b:8b:0c:d7:ee:97:67:40:bf:76:04:2e:eb:ee:
         4d:c9:18:c8:70:fa:df:52:5b:37:65:f2:e7:2d:e3:0a:08:79:
         29:18:99:4b:46:75:24:1d:15:7c:75:14:0b:39:b1:88:c2:fa:
         28:35:44:7f:c6:59:f5:80:10:20:37:8c:c2:6c:1e:f6:21:f4:
         b9:9a:f4:6b:fd:f6:55:eb:04:b8:f0:e6:e3:aa:de:63:39:f3:
         4c:86:81:01:14:50:34:fc:9d:a9:2d:61:34:e2:81:3d:93:7c:
         41:20:ff:59:c5:a0:3f:7c:31:92:ae:38:b8:c7:d3:cc:2f:cc:
         f1:bf:e5:e4:e7:2b:d9:5f:5d:36:21:ca:3a:3d:59:bd:a7:2b:
         62:61:d7:53:ca:f1:82:d0:c5:e6:ac:0c:69:9e:cf:e7:3f:f1:
         69:81:df:58:ef:44:ae:e3:8e:8f:78:d9:c5:c6:d3:4b:48:a1:
         2a:9f:3b:0b
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUMV8YbLYoURahcPZ9RdKAYfSXu0QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzEyMDQxNTE1MzFaFw0yNDEyMDIxNTIwMzFaMDMxMTAvBgNV
BAMTKDE2Qzg2NzFCOThFOTI0OEYwOTA3Nzg3MTk1MjI5MjZEODM3MDQwQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Cd5mpet9apAxuKIhkH3qkmhU
a/VVPQQzhYgrE2JWxuJrEiPODKnm60C4EkXWOjZyd5IL1l3/Yvk1zdhDgUuw6tRy
H/lGNlrvKYAHbHxJkWlJaOH42bU8u3/xiHguCnLFTMW+4rI9Xw5jUKhe1shos4ad
sV/Vi2qgmykD/LqXqAbVyJqI8PVkGmOQrxOuccSd1T99eOzRk2aT5bNqQibLIKBg
EDbkIyVsobR8WA9POtwrchAKblI+Hkzz7djMLW/QTAUO8vpcsQErYlqYqx1WIPG7
+8bdk3lYhSY+z5EF/B2ttut/C0rtDX+j9KSLKnzP9Dmessjb4wE7Cb4i75hPAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUFshnG5jpJI8JB3hxlSKSbYNwQKcwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwmMA0GCSqGSIb3DQEBCwUAA4IBAQA4
7QZgcGJqRl7m6il0hibqQhiXdI0trU2vauLcpcFveYv7nI/zpNOaZYrE3Kyt+H/3
8HNsBKkK9yoeQKk/InTF+AhqBMbTCoPdXOjOS4sM1+6XZ0C/dgQu6+5NyRjIcPrf
Uls3ZfLnLeMKCHkpGJlLRnUkHRV8dRQLObGIwvooNUR/xln1gBAgN4zCbB72IfS5
mvRr/fZV6wS48Objqt5jOfNMhoEBFFA0/J2pLWE04oE9k3xBIP9ZxaA/fDGSrji4
x9PML8zxv+Xk5yvZX102Ico6PVm9pytiYddTyvGC0MXmrAxpns/nP/Fpgd9Y70Su
446PeNnFxtNLSKEqnzsL
-----END CERTIFICATE-----