Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203134363138.roa
File:                     3134372e32382e33392e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          ICuxbEH2AYAFC8JzNHGCSIqEJn3G/s3S5pJJd2t/11o=
Subject key identifier:   1A:1B:5D:63:E7:83:B2:F6:C0:D5:A2:04:4B:D1:66:D8:4B:BD:9E:70
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       6C0BA08C874136209FEC85B5F5CD4AB07D2DFCB3
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203134363138.roa
Signing time:             Thu 23 May 2024 23:19:59 +0000
ROA not before:           Thu 23 May 2024 23:14:59 +0000
ROA not after:            Thu 22 May 2025 23:19:59 +0000
asID:                     14618
IP address blocks:        147.28.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:0b:a0:8c:87:41:36:20:9f:ec:85:b5:f5:cd:4a:b0:7d:2d:fc:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: May 23 23:14:59 2024 GMT
            Not After : May 22 23:19:59 2025 GMT
        Subject: CN=1A1B5D63E783B2F6C0D5A2044BD166D84BBD9E70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:75:ca:ce:77:57:84:07:8f:9c:26:a3:6f:53:
                    dc:ff:0f:51:51:c2:87:40:2b:10:82:4d:c2:cc:69:
                    33:5a:62:2b:cc:b7:2a:78:97:1d:0d:17:7c:bc:3b:
                    73:ac:98:44:6e:ae:3c:5d:47:4b:1f:94:b6:f4:1b:
                    32:2f:02:33:e4:84:13:51:5e:5d:40:44:37:b0:59:
                    04:17:6a:13:db:c4:fa:70:b7:2d:94:09:fa:d7:1f:
                    a7:ce:34:6f:db:33:b2:76:fb:de:19:da:15:5d:e4:
                    c2:e0:8a:5e:82:4e:c4:4a:67:c3:d7:98:e3:e4:93:
                    f4:6d:aa:56:a1:92:ab:be:e2:9d:0b:25:60:2d:ba:
                    ac:63:1d:58:66:08:52:d2:64:e0:8c:5e:58:53:38:
                    b4:7b:f1:dc:09:c3:12:c1:06:67:1c:05:dc:c3:0b:
                    c7:10:cf:0d:95:94:73:0e:e1:1f:54:ae:00:22:ab:
                    fc:b9:74:ce:25:29:d2:f9:ab:08:18:04:f4:51:f7:
                    31:d2:9d:48:2d:8e:51:62:3d:d9:36:4e:47:48:bd:
                    8a:93:bf:34:d1:51:6f:cb:ea:db:cf:9f:6f:91:f4:
                    d6:76:b4:d1:23:5d:da:4d:2a:da:3a:3b:ef:84:d1:
                    c1:bc:57:36:40:2e:5d:d2:34:a7:8c:c6:fa:f2:95:
                    2c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:1B:5D:63:E7:83:B2:F6:C0:D5:A2:04:4B:D1:66:D8:4B:BD:9E:70
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:21:ca:9e:b6:4e:4c:52:14:7a:ec:d1:d9:f5:da:f0:c2:80:
         cd:da:cf:31:b4:68:55:9d:c6:3b:af:89:5a:02:f6:94:2d:83:
         54:03:e0:e5:92:6c:5e:01:d1:2e:7d:64:1a:bd:a4:c1:da:99:
         4d:27:fd:11:cd:4a:03:c9:66:e6:15:0c:47:ba:1a:fc:1a:4a:
         5a:6b:15:9f:36:7c:34:c3:49:f3:83:31:7b:09:84:68:a1:01:
         7f:45:55:13:6c:3c:94:11:56:3c:61:21:b0:de:95:6d:9c:a5:
         f8:39:cc:69:af:fd:ac:00:b8:c6:40:05:5e:24:97:c2:68:47:
         67:38:24:c1:50:ff:6a:62:46:0b:6e:e2:be:45:da:19:00:92:
         4a:92:76:dc:79:3f:99:81:72:90:07:07:25:69:18:ca:4f:b7:
         ec:2e:17:a9:c5:68:ff:d0:7b:2e:6a:5b:dd:4a:ee:4c:63:ff:
         81:cc:0f:63:fa:c1:a0:aa:d0:f5:c4:fc:1b:81:e3:75:15:9f:
         a1:b3:ea:42:46:98:43:a1:8c:3f:b7:2f:62:8b:0b:f8:93:4c:
         c6:8a:e7:7d:c4:9a:51:16:57:63:3e:61:c9:f9:75:16:84:fe:
         e0:63:a4:9c:b3:d8:b8:81:c2:d7:2c:14:c6:b0:53:1d:48:17:
         1c:d0:cd:0b
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUbAugjIdBNiCf7IW19c1KsH0t/LMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA1MjMyMzE0NTlaFw0yNTA1MjIyMzE5NTlaMDMxMTAvBgNV
BAMTKDFBMUI1RDYzRTc4M0IyRjZDMEQ1QTIwNDRCRDE2NkQ4NEJCRDlFNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQdcrOd1eEB4+cJqNvU9z/D1FR
wodAKxCCTcLMaTNaYivMtyp4lx0NF3y8O3OsmERurjxdR0sflLb0GzIvAjPkhBNR
Xl1ARDewWQQXahPbxPpwty2UCfrXH6fONG/bM7J2+94Z2hVd5MLgil6CTsRKZ8PX
mOPkk/Rtqlahkqu+4p0LJWAtuqxjHVhmCFLSZOCMXlhTOLR78dwJwxLBBmccBdzD
C8cQzw2VlHMO4R9UrgAiq/y5dM4lKdL5qwgYBPRR9zHSnUgtjlFiPdk2TkdIvYqT
vzTRUW/L6tvPn2+R9NZ2tNEjXdpNKto6O++E0cG8VzZALl3SNKeMxvrylSxVAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUGhtdY+eDsvbA1aIES9Fm2Eu9nnAwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwnMA0GCSqGSIb3DQEBCwUAA4IBAQA1
Icqetk5MUhR67NHZ9drwwoDN2s8xtGhVncY7r4laAvaULYNUA+DlkmxeAdEufWQa
vaTB2plNJ/0RzUoDyWbmFQxHuhr8GkpaaxWfNnw0w0nzgzF7CYRooQF/RVUTbDyU
EVY8YSGw3pVtnKX4Ocxpr/2sALjGQAVeJJfCaEdnOCTBUP9qYkYLbuK+RdoZAJJK
knbceT+ZgXKQBwclaRjKT7fsLhepxWj/0HsualvdSu5MY/+BzA9j+sGgqtD1xPwb
geN1FZ+hs+pCRphDoYw/ty9iiwv4k0zGiud9xJpRFldjPmHJ+XUWhP7gY6Scs9i4
gcLXLBTGsFMdSBcc0M0L
-----END CERTIFICATE-----