Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203337323335.roa
File:                     3134372e32382e33382e302f32342d3234203d3e203337323335.roa (raw, json)
Hash identifier:          O5lsiXG+vWTKe9+Bxx6j7ZRJQL4JVHvZN5QU5EiOEV8=
Subject key identifier:   82:C8:94:2F:DE:02:FF:9E:BE:A3:8B:9E:C9:E1:94:A0:C7:09:2D:EF
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       28A752CC9CA4DA4428F4119D3F10B94E58622252
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203337323335.roa
Signing time:             Mon 04 Dec 2023 15:19:53 +0000
ROA not before:           Mon 04 Dec 2023 15:14:53 +0000
ROA not after:            Mon 02 Dec 2024 15:19:53 +0000
asID:                     37235
IP address blocks:        147.28.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:a7:52:cc:9c:a4:da:44:28:f4:11:9d:3f:10:b9:4e:58:62:22:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Dec  4 15:14:53 2023 GMT
            Not After : Dec  2 15:19:53 2024 GMT
        Subject: CN=82C8942FDE02FF9EBEA38B9EC9E194A0C7092DEF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a6:55:5e:4a:a6:b9:b1:16:a1:8c:d7:12:67:
                    8b:38:8a:a7:8f:f1:24:5d:f4:4a:08:94:44:38:3e:
                    63:0b:24:48:58:72:81:23:73:9a:dc:90:9d:38:a0:
                    47:cb:9e:f6:81:45:18:d1:47:01:c8:45:a0:51:2b:
                    56:5c:25:9d:15:2c:ef:9e:c7:7f:6b:9b:ae:08:7d:
                    18:3d:35:d3:55:87:db:ab:03:c2:8d:fc:95:81:02:
                    1c:91:84:ed:62:d4:46:5e:27:68:f0:e0:9b:91:54:
                    33:05:4b:e3:35:10:31:f4:ad:db:66:bd:5c:12:81:
                    eb:40:af:30:19:4d:0a:ef:58:18:0a:f2:4b:d5:f5:
                    44:29:41:74:fe:e2:bf:d3:a4:60:2c:92:18:27:fd:
                    06:27:57:22:af:34:40:dd:0c:d2:a1:e0:a5:9a:1e:
                    23:ca:6e:49:d4:06:9a:23:20:0a:a4:09:a0:60:55:
                    80:e5:a9:4f:4d:a8:27:cb:32:a3:26:e2:f5:29:c5:
                    ab:58:e8:35:59:fb:28:0b:36:6d:ef:25:97:3c:ab:
                    25:e8:a9:eb:28:b3:40:bd:e3:15:4c:62:ae:4e:47:
                    02:a6:ad:39:bb:a9:fa:d9:8a:78:38:f2:1e:f9:af:
                    ff:51:5c:9c:dd:43:29:42:6c:82:70:33:4c:0b:39:
                    18:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C8:94:2F:DE:02:FF:9E:BE:A3:8B:9E:C9:E1:94:A0:C7:09:2D:EF
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203337323335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:73:c7:91:c2:c5:3c:c7:50:c0:af:3f:fd:18:84:3d:b8:c5:
         4a:76:ca:ef:9d:06:f3:43:82:0a:f2:69:2d:2e:b8:aa:82:aa:
         08:46:92:bc:21:19:13:a3:f0:39:7b:0c:f1:a9:77:54:05:84:
         4b:3b:bf:12:cf:50:41:7b:a6:a3:ee:4e:01:fc:a2:51:d6:48:
         a3:be:04:0f:3e:48:a8:3f:f9:59:46:46:9c:2d:7e:75:5b:ee:
         1a:70:92:7e:9e:a5:28:f0:5b:b7:da:4d:45:ac:5a:c6:fc:53:
         ec:ea:56:cf:87:13:85:1b:c6:8a:d1:d8:99:1d:30:ca:c6:30:
         a0:a7:33:23:c5:56:2c:77:91:8a:0d:d3:2f:d8:01:42:8f:a7:
         bb:0f:a0:32:83:81:f8:ee:45:ca:0b:cd:32:cf:b3:d9:38:9e:
         71:fb:26:49:76:01:f2:20:2d:39:96:3b:51:5a:20:77:ae:92:
         e8:9a:44:fd:1b:4d:54:b4:ca:88:e2:9a:4a:07:a2:a4:68:07:
         87:03:89:90:59:1e:ae:97:49:a9:d8:cd:bd:78:2b:82:2d:f6:
         30:c9:05:11:e9:81:03:89:15:95:d3:7d:b8:97:74:0a:a5:e2:
         ee:b8:6d:56:bb:f2:ca:ad:33:6a:c3:c4:30:e0:c1:ff:22:86:
         82:f8:f2:a1
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUKKdSzJyk2kQo9BGdPxC5TlhiIlIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzEyMDQxNTE0NTNaFw0yNDEyMDIxNTE5NTNaMDMxMTAvBgNV
BAMTKDgyQzg5NDJGREUwMkZGOUVCRUEzOEI5RUM5RTE5NEEwQzcwOTJERUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZplVeSqa5sRahjNcSZ4s4iqeP
8SRd9EoIlEQ4PmMLJEhYcoEjc5rckJ04oEfLnvaBRRjRRwHIRaBRK1ZcJZ0VLO+e
x39rm64IfRg9NdNVh9urA8KN/JWBAhyRhO1i1EZeJ2jw4JuRVDMFS+M1EDH0rdtm
vVwSgetArzAZTQrvWBgK8kvV9UQpQXT+4r/TpGAskhgn/QYnVyKvNEDdDNKh4KWa
HiPKbknUBpojIAqkCaBgVYDlqU9NqCfLMqMm4vUpxatY6DVZ+ygLNm3vJZc8qyXo
qesos0C94xVMYq5ORwKmrTm7qfrZing48h75r/9RXJzdQylCbIJwM0wLORhPAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUgsiUL94C/56+o4ueyeGUoMcJLe8wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMzM3MzIzMzM1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwmMA0GCSqGSIb3DQEBCwUAA4IBAQBf
c8eRwsU8x1DArz/9GIQ9uMVKdsrvnQbzQ4IK8mktLriqgqoIRpK8IRkTo/A5ewzx
qXdUBYRLO78Sz1BBe6aj7k4B/KJR1kijvgQPPkioP/lZRkacLX51W+4acJJ+nqUo
8Fu32k1FrFrG/FPs6lbPhxOFG8aK0diZHTDKxjCgpzMjxVYsd5GKDdMv2AFCj6e7
D6Ayg4H47kXKC80yz7PZOJ5x+yZJdgHyIC05ljtRWiB3rpLomkT9G01UtMqI4ppK
B6KkaAeHA4mQWR6ul0mp2M29eCuCLfYwyQUR6YEDiRWV0324l3QKpeLuuG1Wu/LK
rTNqw8Qw4MH/IoaC+PKh
-----END CERTIFICATE-----