Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33382e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          ij6DgMF2+SvlRKl6mA9jVaMt+urfI8qMipBYlelHFcw=
Subject key identifier:   F8:DB:68:3B:DA:A4:C1:EB:D0:65:84:C3:01:24:B0:41:38:B3:1F:93
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       028685746A16DC4EE3550E65E18580CF933FE96F
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203136353039.roa
Signing time:             Mon 04 Nov 2024 16:09:04 +0000
ROA not before:           Mon 04 Nov 2024 16:04:04 +0000
ROA not after:            Mon 03 Nov 2025 16:09:04 +0000
asID:                     16509
IP address blocks:        147.28.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:86:85:74:6a:16:dc:4e:e3:55:0e:65:e1:85:80:cf:93:3f:e9:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Nov  4 16:04:04 2024 GMT
            Not After : Nov  3 16:09:04 2025 GMT
        Subject: CN=F8DB683BDAA4C1EBD06584C30124B04138B31F93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:45:58:7a:0d:30:6c:c8:b2:c9:03:f9:33:b6:
                    0e:df:5d:46:52:6a:b7:87:d2:98:3d:e2:ca:43:83:
                    c7:78:e7:d2:c8:ea:30:82:49:9b:3b:bf:33:1d:0d:
                    68:e2:29:9b:5f:cf:63:ed:b8:49:cf:b9:34:af:e1:
                    6d:d5:33:6b:4e:90:cd:b6:01:d6:8e:f7:08:4b:29:
                    8c:28:35:01:d6:e2:f5:ab:c3:6b:86:9c:bd:cc:fc:
                    5a:63:82:a6:f2:fb:ff:53:98:51:c0:78:11:45:8e:
                    a6:96:d4:6e:10:e7:2e:9f:97:bd:37:e1:de:91:22:
                    e6:07:03:84:84:98:95:79:d9:71:ad:28:c1:e1:96:
                    09:05:de:70:cc:65:e7:c9:8f:d7:97:64:f2:91:e0:
                    b6:fa:8a:7c:34:40:31:8d:40:26:f9:ef:84:ed:34:
                    7e:05:23:51:91:f6:2a:9f:fb:38:e2:8a:c1:8a:a4:
                    26:47:02:2a:05:00:6e:b9:a1:f2:c7:28:b5:29:83:
                    18:41:fc:db:fb:e8:ba:da:1c:47:b6:d9:aa:e7:db:
                    b1:2d:98:47:d7:0a:65:2d:15:37:26:1d:69:da:0b:
                    dc:4d:e3:59:7c:bf:f5:f7:92:61:06:a0:34:1d:48:
                    2d:a9:a2:a2:1b:45:79:d7:2a:c7:5f:5e:2d:71:5d:
                    7b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:DB:68:3B:DA:A4:C1:EB:D0:65:84:C3:01:24:B0:41:38:B3:1F:93
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:59:f6:55:ce:00:56:6d:a2:57:35:0a:94:f5:28:2b:d0:32:
         17:6e:01:22:ae:7f:55:61:ce:cd:cb:5a:18:55:e1:10:10:16:
         bc:54:fd:61:8c:e0:91:58:cd:ba:ba:25:94:3a:53:66:a5:ae:
         49:a9:b2:56:fd:3e:c0:5d:1b:5e:fe:d3:4a:24:c9:d4:29:ea:
         b8:d8:8c:97:2c:90:59:50:79:01:17:4e:bb:42:31:87:e0:0f:
         7c:a1:8b:28:30:6a:58:63:8c:95:17:d5:75:6b:2f:42:25:05:
         41:83:dc:66:2c:9b:29:2d:19:24:bc:9b:b2:81:75:18:13:b7:
         35:ec:69:b1:13:e5:53:35:ef:85:48:c4:f6:3d:35:e4:5d:c6:
         9c:89:09:e9:d8:a3:21:54:43:1b:af:32:63:ce:10:de:03:ff:
         60:86:ef:7c:bd:44:b6:5a:83:44:2a:76:c0:0c:1d:83:01:a2:
         89:b6:9b:6d:85:27:90:ff:33:20:c8:65:9b:46:bf:07:4a:9d:
         ff:57:1e:22:c8:6c:ad:bc:1d:46:44:dd:60:af:af:b7:40:11:
         31:31:01:5e:ee:59:f8:93:d4:d2:cd:e9:30:5a:ae:29:29:6f:
         4b:be:3a:e7:32:82:a7:6f:5b:dc:c0:e9:4f:31:a2:7c:cd:e0:
         0c:26:be:c4
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUAoaFdGoW3E7jVQ5l4YWAz5M/6W8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDExMDQxNjA0MDRaFw0yNTExMDMxNjA5MDRaMDMxMTAvBgNV
BAMTKEY4REI2ODNCREFBNEMxRUJEMDY1ODRDMzAxMjRCMDQxMzhCMzFGOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2RVh6DTBsyLLJA/kztg7fXUZS
areH0pg94spDg8d459LI6jCCSZs7vzMdDWjiKZtfz2PtuEnPuTSv4W3VM2tOkM22
AdaO9whLKYwoNQHW4vWrw2uGnL3M/Fpjgqby+/9TmFHAeBFFjqaW1G4Q5y6fl703
4d6RIuYHA4SEmJV52XGtKMHhlgkF3nDMZefJj9eXZPKR4Lb6inw0QDGNQCb574Tt
NH4FI1GR9iqf+zjiisGKpCZHAioFAG65ofLHKLUpgxhB/Nv76LraHEe22arn27Et
mEfXCmUtFTcmHWnaC9xN41l8v/X3kmEGoDQdSC2poqIbRXnXKsdfXi1xXXsLAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQU+NtoO9qkwevQZYTDASSwQTizH5MwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwmMA0GCSqGSIb3DQEBCwUAA4IBAQCW
WfZVzgBWbaJXNQqU9Sgr0DIXbgEirn9VYc7Ny1oYVeEQEBa8VP1hjOCRWM26uiWU
OlNmpa5JqbJW/T7AXRte/tNKJMnUKeq42IyXLJBZUHkBF067QjGH4A98oYsoMGpY
Y4yVF9V1ay9CJQVBg9xmLJspLRkkvJuygXUYE7c17GmxE+VTNe+FSMT2PTXkXcac
iQnp2KMhVEMbrzJjzhDeA/9ghu98vUS2WoNEKnbADB2DAaKJtptthSeQ/zMgyGWb
Rr8HSp3/Vx4iyGytvB1GRN1gr6+3QBExMQFe7ln4k9TSzekwWq4pKW9LvjrnMoKn
b1vcwOlPMaJ8zeAMJr7E
-----END CERTIFICATE-----