Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203134363138.roa
File:                     3134372e32382e33392e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          TrvRowwPQuRgS/sMr3vOpbgpPndDyXwmSWfaunqMU3Y=
Subject key identifier:   06:E4:F4:60:A5:CB:E6:5A:91:5F:99:3E:8D:A0:2F:28:F9:FB:34:18
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       7B26C81EEA4ED91D9E3FC42D6351BAB0AAA6CDB3
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203134363138.roa
Signing time:             Fri 27 Mar 2026 00:27:53 +0000
ROA not before:           Fri 27 Mar 2026 00:22:53 +0000
ROA not after:            Fri 26 Mar 2027 00:27:53 +0000
asID:                     14618
IP address blocks:        147.28.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 19:56:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:26:c8:1e:ea:4e:d9:1d:9e:3f:c4:2d:63:51:ba:b0:aa:a6:cd:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Mar 27 00:22:53 2026 GMT
            Not After : Mar 26 00:27:53 2027 GMT
        Subject: CN=06E4F460A5CBE65A915F993E8DA02F28F9FB3418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:46:f5:9d:d7:77:02:df:7d:21:80:4c:1e:13:
                    24:c9:9f:96:e9:55:3e:b5:3b:d3:84:6a:12:4d:cd:
                    7a:d8:7e:8d:14:07:b9:4b:e0:7d:07:13:84:a0:5f:
                    33:c2:86:f1:a1:9b:c1:38:51:75:36:cb:d6:4e:d5:
                    d0:b9:e6:28:b2:fb:53:c6:e5:5d:3e:00:73:9a:68:
                    8f:a3:03:f3:c3:80:4c:4f:f2:c3:4b:a1:ad:a2:a5:
                    2b:ef:c9:e3:d5:c8:d1:95:78:3b:25:66:64:ab:ac:
                    45:e8:b4:25:25:ea:e9:9c:0d:b1:b4:99:29:11:64:
                    88:b2:8a:0f:53:aa:24:87:11:da:b4:3d:b9:f4:7e:
                    b0:75:a0:8a:a7:67:8a:8a:57:fc:eb:a5:7c:1d:fa:
                    50:63:8a:2b:86:5b:2d:59:a3:b8:9c:21:c5:28:4d:
                    6c:66:5c:e8:35:94:51:52:47:be:31:83:e5:d8:f1:
                    58:c0:90:c9:c3:93:c8:ab:2f:a7:b2:b8:d3:8c:c1:
                    4b:29:14:aa:e6:f6:36:fc:ce:40:90:41:50:69:c0:
                    b7:88:b4:7d:b8:f8:6f:59:6d:ff:6c:35:c1:8c:ba:
                    33:ca:c3:92:17:16:ae:f4:4d:ab:24:c3:70:be:62:
                    b7:7d:70:62:bb:26:0c:65:96:a7:5c:e4:5a:66:38:
                    3b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:E4:F4:60:A5:CB:E6:5A:91:5F:99:3E:8D:A0:2F:28:F9:FB:34:18
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:77:38:17:c8:0e:55:de:39:64:23:e1:3b:e8:96:1b:26:a8:
         38:8f:95:bb:f3:0d:d6:15:08:b7:8e:04:81:8a:6d:78:a5:e0:
         45:4c:5d:1e:0e:1e:7f:54:fa:2a:ba:73:f7:1d:8d:17:06:0e:
         da:09:b2:2e:6a:7d:fb:cc:db:d6:a3:be:d2:a8:f9:0f:51:50:
         1c:a5:58:57:7b:d9:66:fc:32:de:f4:4b:96:8b:83:ab:f9:00:
         9a:8d:02:c0:97:dc:ac:83:d4:f8:a8:98:d7:85:64:ca:14:61:
         86:6d:91:16:63:00:08:c5:75:c2:b7:c4:26:16:e9:d9:02:a9:
         67:42:fe:16:2e:1c:37:e2:24:0f:bd:d2:cb:0e:8e:3c:bf:31:
         00:3b:fe:8a:1c:5d:8c:db:93:a8:53:e5:25:17:1d:aa:fb:e8:
         13:cb:f8:af:42:15:ed:67:e3:88:9b:dc:4c:83:f5:17:a6:e8:
         82:ac:ef:9c:50:e9:19:b8:93:3e:39:ca:83:e2:e4:fd:40:3f:
         8d:6e:8a:94:17:40:d4:af:05:c9:70:b8:67:c1:27:5d:54:33:
         9d:3c:fb:8e:6c:c9:8e:d1:3b:24:c7:cc:5b:89:a8:06:0d:11:
         96:82:9e:a4:71:33:4d:4f:a4:78:77:27:17:3b:b3:b3:a7:71:
         12:3e:22:e1
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUeybIHupO2R2eP8QtY1G6sKqmzbMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjAzMjcwMDIyNTNaFw0yNzAzMjYwMDI3NTNaMDMxMTAvBgNV
BAMTKDA2RTRGNDYwQTVDQkU2NUE5MTVGOTkzRThEQTAyRjI4RjlGQjM0MTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtRvWd13cC330hgEweEyTJn5bp
VT61O9OEahJNzXrYfo0UB7lL4H0HE4SgXzPChvGhm8E4UXU2y9ZO1dC55iiy+1PG
5V0+AHOaaI+jA/PDgExP8sNLoa2ipSvvyePVyNGVeDslZmSrrEXotCUl6umcDbG0
mSkRZIiyig9TqiSHEdq0Pbn0frB1oIqnZ4qKV/zrpXwd+lBjiiuGWy1Zo7icIcUo
TWxmXOg1lFFSR74xg+XY8VjAkMnDk8irL6eyuNOMwUspFKrm9jb8zkCQQVBpwLeI
tH24+G9Zbf9sNcGMujPKw5IXFq70Taskw3C+Yrd9cGK7Jgxllqdc5FpmODtDAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUBuT0YKXL5lqRX5k+jaAvKPn7NBgwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwnMA0GCSqGSIb3DQEBCwUAA4IBAQBZ
dzgXyA5V3jlkI+E76JYbJqg4j5W78w3WFQi3jgSBim14peBFTF0eDh5/VPoqunP3
HY0XBg7aCbIuan37zNvWo77SqPkPUVAcpVhXe9lm/DLe9EuWi4Or+QCajQLAl9ys
g9T4qJjXhWTKFGGGbZEWYwAIxXXCt8QmFunZAqlnQv4WLhw34iQPvdLLDo48vzEA
O/6KHF2M25OoU+UlFx2q++gTy/ivQhXtZ+OIm9xMg/UXpuiCrO+cUOkZuJM+OcqD
4uT9QD+NboqUF0DUrwXJcLhnwSddVDOdPPuObMmO0Tskx8xbiagGDRGWgp6kcTNN
T6R4dycXO7Ozp3ESPiLh
-----END CERTIFICATE-----