Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203337323335.roa
File:                     3134372e32382e33382e302f32342d3234203d3e203337323335.roa (raw, json)
Hash identifier:          z52PyuvK1+hs3Q5TX6PyEQ4lj46wBtuCaghhl3YIuZk=
Subject key identifier:   06:8C:2F:1E:70:3B:FC:D6:CB:3D:60:AA:16:B7:E4:F0:F6:A8:96:2C
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       02E85D49DD42CDC88FD974DE6BD496CD69F45D6E
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203337323335.roa
Signing time:             Mon 04 Nov 2024 16:09:04 +0000
ROA not before:           Mon 04 Nov 2024 16:04:04 +0000
ROA not after:            Mon 03 Nov 2025 16:09:04 +0000
asID:                     37235
IP address blocks:        147.28.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:e8:5d:49:dd:42:cd:c8:8f:d9:74:de:6b:d4:96:cd:69:f4:5d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Nov  4 16:04:04 2024 GMT
            Not After : Nov  3 16:09:04 2025 GMT
        Subject: CN=068C2F1E703BFCD6CB3D60AA16B7E4F0F6A8962C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ce:cc:f2:6e:66:e5:fa:72:14:53:1f:e2:bd:
                    7a:d9:f3:87:58:66:e9:05:2d:72:97:20:0a:ba:a2:
                    a8:a7:3c:2b:f9:9f:5b:8f:c8:a6:36:1d:f3:41:3b:
                    bd:f6:06:9b:38:71:b6:41:7a:8a:9f:a0:ed:48:fd:
                    26:82:e4:c0:ff:5c:f6:12:82:81:05:79:da:1d:13:
                    51:b9:56:3a:87:47:fb:ac:02:95:69:c1:e1:35:58:
                    73:d0:0c:bb:7d:6e:92:f6:67:a3:37:bf:8a:80:51:
                    e6:1e:ee:e4:76:66:4a:89:28:1b:c1:23:5e:cc:bd:
                    8b:b9:7c:89:04:f3:25:66:3d:d3:0e:b4:90:81:bd:
                    b7:18:c5:19:24:24:f7:9a:e4:4f:b5:98:27:24:b9:
                    bf:3b:1d:56:2b:e1:0a:00:88:bf:3b:a4:b4:1e:76:
                    f0:4b:cd:c1:5b:4f:e0:cc:04:56:93:ba:5d:67:4a:
                    29:6f:81:02:79:f0:3a:d8:0f:96:b8:b0:0d:85:fb:
                    74:85:b5:72:6a:89:cd:29:53:d4:e9:96:e2:eb:c6:
                    9d:a5:45:a8:e1:b9:03:64:fd:2f:66:90:d5:99:ea:
                    ad:a0:9b:a5:44:cc:52:7d:a8:6c:3f:98:7b:70:d6:
                    08:ca:af:9c:f4:19:ee:00:25:2c:78:fb:2e:88:48:
                    b7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:8C:2F:1E:70:3B:FC:D6:CB:3D:60:AA:16:B7:E4:F0:F6:A8:96:2C
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203337323335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:ba:e9:e0:a9:33:47:bc:81:4c:35:32:16:f6:cf:35:0b:29:
         dc:5a:0e:e1:41:cb:41:3d:46:c8:f8:51:c4:1c:c5:92:c7:85:
         19:3f:08:e9:df:5b:c0:0b:9c:a2:3c:f6:01:b4:b7:13:2b:c2:
         03:36:e4:02:60:76:5f:63:3b:fd:45:88:d1:7e:db:1b:13:60:
         15:31:37:03:88:fc:7b:e7:84:ae:35:2a:f9:d1:c7:6e:b2:3e:
         f2:8c:13:da:f6:6c:11:b4:a3:03:c9:19:76:f2:b8:4a:41:b9:
         d5:47:31:c5:42:c6:b0:79:fa:00:57:63:3f:66:15:86:07:9d:
         82:34:80:b7:41:77:9d:0f:60:90:fd:08:b7:3a:84:ce:79:5b:
         0b:62:d2:b9:33:80:7b:44:64:72:6c:d9:32:e7:37:9d:91:f6:
         de:98:5f:92:04:e8:a1:15:0f:3f:80:04:84:c9:09:3c:5e:31:
         2e:df:17:0f:53:f3:ba:dc:ca:c9:c6:e7:fd:a6:4a:e7:8f:e1:
         6f:b3:f3:95:21:a1:04:d9:7f:40:cb:00:2b:76:d4:97:0e:f8:
         e8:41:f8:c4:30:2c:72:b2:b2:63:ab:1b:e7:03:a5:8d:fe:38:
         91:18:ea:f9:22:1c:5f:3b:94:6e:fe:0b:59:80:4a:0d:54:a9:
         a0:2f:b6:13
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUAuhdSd1CzciP2XTea9SWzWn0XW4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDExMDQxNjA0MDRaFw0yNTExMDMxNjA5MDRaMDMxMTAvBgNV
BAMTKDA2OEMyRjFFNzAzQkZDRDZDQjNENjBBQTE2QjdFNEYwRjZBODk2MkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFzszybmbl+nIUUx/ivXrZ84dY
ZukFLXKXIAq6oqinPCv5n1uPyKY2HfNBO732Bps4cbZBeoqfoO1I/SaC5MD/XPYS
goEFedodE1G5VjqHR/usApVpweE1WHPQDLt9bpL2Z6M3v4qAUeYe7uR2ZkqJKBvB
I17MvYu5fIkE8yVmPdMOtJCBvbcYxRkkJPea5E+1mCckub87HVYr4QoAiL87pLQe
dvBLzcFbT+DMBFaTul1nSilvgQJ58DrYD5a4sA2F+3SFtXJqic0pU9TpluLrxp2l
RajhuQNk/S9mkNWZ6q2gm6VEzFJ9qGw/mHtw1gjKr5z0Ge4AJSx4+y6ISLcrAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUBowvHnA7/NbLPWCqFrfk8PaoliwwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMzM3MzIzMzM1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwmMA0GCSqGSIb3DQEBCwUAA4IBAQBj
uungqTNHvIFMNTIW9s81CyncWg7hQctBPUbI+FHEHMWSx4UZPwjp31vAC5yiPPYB
tLcTK8IDNuQCYHZfYzv9RYjRftsbE2AVMTcDiPx754SuNSr50cdusj7yjBPa9mwR
tKMDyRl28rhKQbnVRzHFQsawefoAV2M/ZhWGB52CNIC3QXedD2CQ/Qi3OoTOeVsL
YtK5M4B7RGRybNky5zedkfbemF+SBOihFQ8/gASEyQk8XjEu3xcPU/O63MrJxuf9
pkrnj+Fvs/OVIaEE2X9AywArdtSXDvjoQfjEMCxysrJjqxvnA6WN/jiRGOr5Ihxf
O5Ru/gtZgEoNVKmgL7YT
-----END CERTIFICATE-----