Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38352e302f32342d3234203d3e203432343237.roa
File:                     3138352e35382e38352e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          vuqH6FXBuOrBeEi7G0X1bUNnfy1XVF6DpMp2Qy8/FtU=
Subject key identifier:   AC:C3:95:B7:89:F0:58:94:65:74:E8:B6:6E:18:59:BD:77:24:FE:FC
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       0BE7FDF19B0D60B4A6BAB49D2AF5E301D48E1CCC
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38352e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 02 Aug 2024 11:24:25 +0000
ROA not before:           Fri 02 Aug 2024 11:19:25 +0000
ROA not after:            Fri 01 Aug 2025 11:24:25 +0000
asID:                     42427
IP address blocks:        185.58.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:e7:fd:f1:9b:0d:60:b4:a6:ba:b4:9d:2a:f5:e3:01:d4:8e:1c:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug  2 11:19:25 2024 GMT
            Not After : Aug  1 11:24:25 2025 GMT
        Subject: CN=ACC395B789F058946574E8B66E1859BD7724FEFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:33:1c:7e:26:c8:3f:ca:17:41:a1:dd:c9:39:
                    64:2a:5f:47:1b:d6:af:18:0b:97:25:fb:34:ef:96:
                    73:8f:78:c8:c2:88:6e:2e:0b:c2:ab:48:95:a6:50:
                    48:05:95:fc:6a:e5:45:23:84:8f:63:94:36:01:a0:
                    a7:8f:47:45:dd:0d:3b:15:15:68:be:cd:8f:2d:82:
                    4c:1a:7e:40:5c:3b:30:2e:c7:ab:f5:58:29:4b:7a:
                    ef:43:11:84:8c:ef:f4:72:40:98:c3:39:08:5a:72:
                    67:b8:45:25:c1:f5:56:5f:0d:3a:52:25:c2:8f:57:
                    4a:75:24:bb:10:fd:1b:78:55:6e:11:38:e3:bd:74:
                    f1:01:a6:69:ed:d3:7e:88:ce:2f:fb:cd:78:cb:a4:
                    d3:59:97:d5:90:42:9e:34:3e:06:62:2a:cc:65:6f:
                    74:3c:d4:1a:86:32:ef:ce:50:42:ec:00:d9:25:5c:
                    db:c6:2e:7e:83:7c:9c:74:fa:eb:ca:37:76:12:7b:
                    22:79:03:c4:46:58:e5:9b:f5:a7:cf:a2:bf:6a:6a:
                    be:4d:3b:91:b6:14:41:c9:68:73:69:4e:60:aa:3d:
                    08:1f:fe:6f:34:d5:28:75:53:34:6c:78:f6:71:e7:
                    18:33:4a:04:da:dc:10:2b:d7:58:dc:b6:e5:e0:a1:
                    d7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C3:95:B7:89:F0:58:94:65:74:E8:B6:6E:18:59:BD:77:24:FE:FC
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38352e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:19:d6:85:2b:ba:3f:ed:6c:ef:57:2a:6c:d8:f9:c0:75:bb:
         ec:b9:67:25:6c:18:ba:31:0e:4e:ec:c1:0d:30:67:4e:c6:a2:
         ae:17:1e:b9:18:a3:4b:47:09:d6:d0:35:45:62:ae:4d:63:93:
         6e:1c:cd:14:b2:77:e3:2c:0d:90:aa:6b:2b:01:e3:fb:41:96:
         29:7e:48:c0:b3:2a:3f:e9:68:2e:17:df:12:0b:61:5a:99:e5:
         71:6c:72:61:7f:7a:7b:d4:79:d7:b6:4f:81:1f:71:b7:29:48:
         4f:ce:84:7c:4b:e6:d0:c8:a4:81:19:13:fd:45:bf:25:f0:31:
         de:88:fb:7d:b8:7a:d2:bc:82:17:bb:3d:97:5a:5b:7b:02:0d:
         44:9f:d1:1e:95:cd:15:fe:52:d5:88:ed:cb:06:73:8d:c5:22:
         22:6b:cb:79:11:cb:95:5a:72:e3:1c:80:1d:94:9d:03:a4:e8:
         93:7c:89:10:85:9c:2a:90:93:c4:5a:8d:bb:7c:ae:e6:00:dc:
         9a:41:d5:9d:fd:81:e5:85:20:d8:e5:c9:01:a1:ca:a9:f0:5f:
         5d:22:20:1f:b0:74:5d:ac:f3:29:86:97:73:fb:0e:d5:0e:bb:
         58:52:54:47:bc:09:e9:f5:9d:32:2c:ca:5f:86:68:44:af:51:
         b3:e2:8a:eb
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUC+f98ZsNYLSmurSdKvXjAdSOHMwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA4MDIxMTE5MjVaFw0yNTA4MDExMTI0MjVaMDMxMTAvBgNV
BAMTKEFDQzM5NUI3ODlGMDU4OTQ2NTc0RThCNjZFMTg1OUJENzcyNEZFRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPMxx+Jsg/yhdBod3JOWQqX0cb
1q8YC5cl+zTvlnOPeMjCiG4uC8KrSJWmUEgFlfxq5UUjhI9jlDYBoKePR0XdDTsV
FWi+zY8tgkwafkBcOzAux6v1WClLeu9DEYSM7/RyQJjDOQhacme4RSXB9VZfDTpS
JcKPV0p1JLsQ/Rt4VW4ROOO9dPEBpmnt036Izi/7zXjLpNNZl9WQQp40PgZiKsxl
b3Q81BqGMu/OUELsANklXNvGLn6DfJx0+uvKN3YSeyJ5A8RGWOWb9afPor9qar5N
O5G2FEHJaHNpTmCqPQgf/m801Sh1UzRsePZx5xgzSgTa3BAr11jctuXgodcBAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUrMOVt4nwWJRldOi2bhhZvXck/vwwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM4MzUyZTM1MzgyZTM4MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTpVMA0GCSqGSIb3DQEBCwUAA4IBAQBh
GdaFK7o/7WzvVyps2PnAdbvsuWclbBi6MQ5O7MENMGdOxqKuFx65GKNLRwnW0DVF
Yq5NY5NuHM0UsnfjLA2QqmsrAeP7QZYpfkjAsyo/6WguF98SC2FameVxbHJhf3p7
1HnXtk+BH3G3KUhPzoR8S+bQyKSBGRP9Rb8l8DHeiPt9uHrSvIIXuz2XWlt7Ag1E
n9Eelc0V/lLViO3LBnONxSIia8t5EcuVWnLjHIAdlJ0DpOiTfIkQhZwqkJPEWo27
fK7mANyaQdWd/YHlhSDY5ckBocqp8F9dIiAfsHRdrPMphpdz+w7VDrtYUlRHvAnp
9Z0yLMpfhmhEr1Gz4orr
-----END CERTIFICATE-----