Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33382e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          oZYQeDDg4ZC+KcNWcTQ05rvJN9hnSElm9xiGeGWKAME=
Subject key identifier:   AD:E1:A8:0C:9F:92:1D:87:B7:B6:E4:2F:94:17:A6:08:D5:38:FF:8A
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       3A8C7FD82C2678A6DF6702E3EBFC9D89D59822E6
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203136353039.roa
Signing time:             Mon 04 Dec 2023 15:20:16 +0000
ROA not before:           Mon 04 Dec 2023 15:15:16 +0000
ROA not after:            Mon 02 Dec 2024 15:20:16 +0000
asID:                     16509
IP address blocks:        147.28.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:8c:7f:d8:2c:26:78:a6:df:67:02:e3:eb:fc:9d:89:d5:98:22:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Dec  4 15:15:16 2023 GMT
            Not After : Dec  2 15:20:16 2024 GMT
        Subject: CN=ADE1A80C9F921D87B7B6E42F9417A608D538FF8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:14:75:11:10:1d:9f:8c:08:15:e3:06:db:db:
                    a9:a3:40:af:56:16:ec:10:93:55:10:d5:df:7b:ee:
                    7e:4c:48:66:72:79:f3:ec:4b:66:e7:94:56:5c:cf:
                    f1:fd:90:b8:46:7b:3b:ca:46:02:aa:0b:67:2d:dc:
                    13:be:4e:e8:02:d0:a7:2e:77:5c:d3:2e:d5:26:94:
                    bc:5d:b0:f8:d1:fa:c5:3c:2e:e2:d6:4a:ba:47:d8:
                    c9:96:c8:70:6e:b0:99:51:40:4e:6a:fb:07:a3:d4:
                    db:69:fc:50:32:7a:6d:2b:e3:3f:9e:5e:40:75:c8:
                    65:b6:9c:a7:3e:38:84:81:63:df:4f:ab:cc:b4:96:
                    a4:2f:ff:16:c1:9a:a6:c0:a5:f2:27:06:be:b7:dc:
                    71:51:ab:df:95:93:ee:52:01:26:21:0a:63:f9:be:
                    f9:63:1c:01:a6:3c:b8:1e:cb:21:43:33:fa:dc:5a:
                    aa:d7:38:c9:41:0e:f7:b6:a2:dd:11:7d:6d:03:de:
                    ab:56:7f:f3:82:a7:2d:15:08:0c:ac:a3:40:7f:ab:
                    39:a4:74:5b:6e:24:2e:96:ab:cc:61:d1:15:19:a2:
                    24:d6:49:9b:25:a4:09:ae:b4:c5:70:7d:eb:43:87:
                    2f:44:92:46:aa:e0:7f:66:c2:64:a4:2c:93:3c:c3:
                    e1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E1:A8:0C:9F:92:1D:87:B7:B6:E4:2F:94:17:A6:08:D5:38:FF:8A
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:cd:df:ae:92:bf:a4:0c:c9:33:fd:c3:81:91:fb:d1:b9:3e:
         26:89:27:5a:92:19:49:ee:b1:53:eb:a8:6b:7e:62:86:b2:b5:
         ec:54:88:73:32:af:3d:dd:8c:59:5c:8b:ab:a9:65:b8:1b:c6:
         23:7a:f5:55:12:40:d3:85:b8:4e:e1:bd:85:71:eb:87:f6:71:
         09:09:c1:94:32:ca:ea:22:0a:dc:8e:f6:fa:4c:74:fe:c0:f5:
         dc:0f:a4:bc:bb:60:55:50:ef:36:8f:07:b1:b6:33:13:38:50:
         b2:03:2e:86:63:94:0e:75:31:fa:fb:41:59:3c:8c:5b:70:bf:
         cc:66:73:64:ad:2c:aa:1f:12:dc:40:02:15:27:17:db:ca:6e:
         e1:da:5f:30:f0:f7:c3:dc:a7:25:bf:6a:d5:ab:61:b3:c5:7c:
         cf:d2:ed:e3:5b:fd:b9:da:85:b2:76:93:df:ef:25:4f:e9:a1:
         36:41:ac:67:72:86:f9:4a:73:e6:9c:7a:7d:6a:89:0f:cb:8e:
         30:e6:6a:87:56:3c:38:29:cb:f8:f0:e9:1c:53:e5:f7:97:02:
         87:e4:96:d2:52:5e:88:cb:20:6c:44:20:ce:a2:75:6c:4d:6e:
         a9:f7:44:38:a7:5b:98:83:b4:a1:ae:d4:c0:71:4d:85:20:97:
         dd:e3:89:ff
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUOox/2CwmeKbfZwLj6/ydidWYIuYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzEyMDQxNTE1MTZaFw0yNDEyMDIxNTIwMTZaMDMxMTAvBgNV
BAMTKEFERTFBODBDOUY5MjFEODdCN0I2RTQyRjk0MTdBNjA4RDUzOEZGOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZFHUREB2fjAgV4wbb26mjQK9W
FuwQk1UQ1d977n5MSGZyefPsS2bnlFZcz/H9kLhGezvKRgKqC2ct3BO+TugC0Kcu
d1zTLtUmlLxdsPjR+sU8LuLWSrpH2MmWyHBusJlRQE5q+wej1Ntp/FAyem0r4z+e
XkB1yGW2nKc+OISBY99Pq8y0lqQv/xbBmqbApfInBr633HFRq9+Vk+5SASYhCmP5
vvljHAGmPLgeyyFDM/rcWqrXOMlBDve2ot0RfW0D3qtWf/OCpy0VCAyso0B/qzmk
dFtuJC6Wq8xh0RUZoiTWSZslpAmutMVwfetDhy9Ekkaq4H9mwmSkLJM8w+EJAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUreGoDJ+SHYe3tuQvlBemCNU4/4owHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwmMA0GCSqGSIb3DQEBCwUAA4IBAQB9
zd+ukr+kDMkz/cOBkfvRuT4miSdakhlJ7rFT66hrfmKGsrXsVIhzMq893YxZXIur
qWW4G8YjevVVEkDThbhO4b2FceuH9nEJCcGUMsrqIgrcjvb6THT+wPXcD6S8u2BV
UO82jwextjMTOFCyAy6GY5QOdTH6+0FZPIxbcL/MZnNkrSyqHxLcQAIVJxfbym7h
2l8w8PfD3Kclv2rVq2GzxXzP0u3jW/252oWydpPf7yVP6aE2Qaxncob5SnPmnHp9
aokPy44w5mqHVjw4Kcv48OkcU+X3lwKH5JbSUl6IyyBsRCDOonVsTW6p90Q4p1uY
g7ShrtTAcU2FIJfd44n/
-----END CERTIFICATE-----