Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38342e302f32342d3234203d3e203432343237.roa
File:                     3138352e35382e38342e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          x4mzTFqIXJvEdgduEgInSMf2AgGxGl4NMyEFYs6XtZM=
Subject key identifier:   56:FD:CD:2C:15:95:F6:DC:16:9C:B2:86:9C:E3:7A:37:91:00:61:01
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       2A42A5BCE3A3365681ABF642DF99984B5C3311C9
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38342e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 02 Aug 2024 11:24:25 +0000
ROA not before:           Fri 02 Aug 2024 11:19:25 +0000
ROA not after:            Fri 01 Aug 2025 11:24:25 +0000
asID:                     42427
IP address blocks:        185.58.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:42:a5:bc:e3:a3:36:56:81:ab:f6:42:df:99:98:4b:5c:33:11:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug  2 11:19:25 2024 GMT
            Not After : Aug  1 11:24:25 2025 GMT
        Subject: CN=56FDCD2C1595F6DC169CB2869CE37A3791006101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d3:4b:fe:11:9c:81:46:63:64:a4:99:ad:2c:
                    38:44:a1:39:e9:0c:1d:07:3f:59:1c:61:68:2f:f6:
                    2a:c7:8d:f5:fe:5a:c4:d4:94:08:26:8b:90:c0:78:
                    ff:ec:12:f2:9b:6e:61:89:20:5e:3c:16:75:1b:db:
                    05:78:6c:f7:6f:7a:96:21:dc:b1:bc:ce:24:26:60:
                    d6:b4:7b:09:a1:bf:a1:34:9d:ce:f7:36:81:93:ee:
                    3c:5a:15:25:9a:49:1b:85:39:af:30:19:14:3d:01:
                    7a:be:de:49:9c:f7:fe:2c:bc:c0:fa:75:4d:1d:3d:
                    d7:47:dc:49:87:b7:a1:76:a3:59:06:97:aa:e2:0e:
                    ef:38:b3:0c:cb:94:17:85:29:fc:ad:15:2a:26:05:
                    1a:41:64:45:74:d1:f5:53:8f:7d:56:1a:c5:0b:f9:
                    00:d4:6d:11:4e:fc:c4:24:2b:f6:7e:5a:63:79:45:
                    35:1d:87:b8:7a:16:f0:a9:26:99:51:70:aa:7c:f2:
                    b9:41:2f:6b:47:79:ed:90:3e:cb:ee:a0:e5:2d:1b:
                    58:ec:84:d9:5b:e1:f6:89:6a:03:7a:7b:19:60:8d:
                    83:e5:21:16:b3:92:6e:15:d0:07:5e:1f:7e:24:b9:
                    ef:0c:4d:1a:27:1d:c2:1d:68:23:01:4f:1a:f7:f3:
                    0f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:FD:CD:2C:15:95:F6:DC:16:9C:B2:86:9C:E3:7A:37:91:00:61:01
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38342e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:1e:39:a5:51:ff:04:b6:e5:ba:dd:33:74:79:97:94:72:66:
         5f:65:1b:08:da:f4:d7:57:30:ef:5f:55:6d:b3:70:2d:5a:51:
         48:32:ca:91:a4:71:a3:09:ee:63:d2:de:5c:89:da:57:53:bf:
         98:05:43:34:c8:d9:26:10:d5:59:44:b7:4a:0b:e3:78:11:fc:
         7a:93:16:8e:f2:38:33:9d:24:76:29:10:e7:29:8d:af:92:db:
         10:fa:86:37:65:45:aa:70:f3:56:82:d1:35:95:68:22:90:91:
         0f:d2:e9:d0:2c:61:7e:47:53:57:8c:6c:c9:e3:64:a9:d1:98:
         22:d9:64:99:8a:56:72:da:77:33:22:3b:c8:52:c0:4d:17:7f:
         b3:a8:d1:1e:28:d9:86:0f:fe:29:84:25:b2:40:38:a7:22:37:
         0f:13:7c:1f:e1:6f:04:b6:71:52:16:e0:4c:50:0b:f7:f0:aa:
         79:0d:44:7f:f2:52:6d:06:d9:20:72:15:d8:c7:93:fe:b1:a3:
         f2:27:c6:93:5e:c9:a0:72:a7:6d:37:22:ab:f4:69:82:dc:72:
         5e:53:d5:81:a2:10:77:be:e6:24:51:39:05:bc:63:73:e8:26:
         ac:44:38:16:d8:4d:39:52:97:68:e8:8a:b6:04:f0:04:54:49:
         f8:0a:4f:53
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUKkKlvOOjNlaBq/ZC35mYS1wzEckwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA4MDIxMTE5MjVaFw0yNTA4MDExMTI0MjVaMDMxMTAvBgNV
BAMTKDU2RkRDRDJDMTU5NUY2REMxNjlDQjI4NjlDRTM3QTM3OTEwMDYxMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT00v+EZyBRmNkpJmtLDhEoTnp
DB0HP1kcYWgv9irHjfX+WsTUlAgmi5DAeP/sEvKbbmGJIF48FnUb2wV4bPdvepYh
3LG8ziQmYNa0ewmhv6E0nc73NoGT7jxaFSWaSRuFOa8wGRQ9AXq+3kmc9/4svMD6
dU0dPddH3EmHt6F2o1kGl6riDu84swzLlBeFKfytFSomBRpBZEV00fVTj31WGsUL
+QDUbRFO/MQkK/Z+WmN5RTUdh7h6FvCpJplRcKp88rlBL2tHee2QPsvuoOUtG1js
hNlb4faJagN6exlgjYPlIRazkm4V0AdeH34kue8MTRonHcIdaCMBTxr38w9bAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUVv3NLBWV9twWnLKGnON6N5EAYQEwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM4MzUyZTM1MzgyZTM4MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTpUMA0GCSqGSIb3DQEBCwUAA4IBAQCV
HjmlUf8EtuW63TN0eZeUcmZfZRsI2vTXVzDvX1Vts3AtWlFIMsqRpHGjCe5j0t5c
idpXU7+YBUM0yNkmENVZRLdKC+N4Efx6kxaO8jgznSR2KRDnKY2vktsQ+oY3ZUWq
cPNWgtE1lWgikJEP0unQLGF+R1NXjGzJ42Sp0Zgi2WSZilZy2nczIjvIUsBNF3+z
qNEeKNmGD/4phCWyQDinIjcPE3wf4W8EtnFSFuBMUAv38Kp5DUR/8lJtBtkgchXY
x5P+saPyJ8aTXsmgcqdtNyKr9GmC3HJeU9WBohB3vuYkUTkFvGNz6CasRDgW2E05
Updo6Iq2BPAEVEn4Ck9T
-----END CERTIFICATE-----