Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38372e302f32342d3234203d3e203432343237.roa
File:                     3138352e35382e38372e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          BkcerY1IjbLWHhdpUdLYFE1Ih2yAH7FPMArbpk4rpSM=
Subject key identifier:   54:13:C4:DB:F5:90:04:47:F4:06:D0:B5:DF:84:D5:1A:66:28:10:76
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       46A7695924B79A2DBE751AC8D3A53CC80CF68E50
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38372e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 02 Aug 2024 11:24:25 +0000
ROA not before:           Fri 02 Aug 2024 11:19:25 +0000
ROA not after:            Fri 01 Aug 2025 11:24:25 +0000
asID:                     42427
IP address blocks:        185.58.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 10:49:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:a7:69:59:24:b7:9a:2d:be:75:1a:c8:d3:a5:3c:c8:0c:f6:8e:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug  2 11:19:25 2024 GMT
            Not After : Aug  1 11:24:25 2025 GMT
        Subject: CN=5413C4DBF5900447F406D0B5DF84D51A66281076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:3c:9f:41:67:52:2e:bd:c1:3d:77:f3:67:40:
                    a5:64:6d:a5:40:69:18:57:39:41:5b:95:c8:39:92:
                    24:79:e1:24:01:ae:dc:d2:08:f5:ec:e8:5a:90:94:
                    d1:c6:eb:c7:1a:24:6d:50:51:40:fb:f5:43:a2:23:
                    c0:c0:b1:ed:42:84:99:4f:eb:b3:be:31:3d:33:5d:
                    ba:d6:ee:6e:29:9d:8d:a2:3b:04:b3:dd:13:d8:b2:
                    84:71:d7:6b:8c:7e:91:06:6c:ec:40:9b:f0:70:61:
                    51:5b:60:1b:3d:97:a7:02:22:53:d1:9a:0e:73:a6:
                    9d:d7:e1:76:1f:ce:53:18:fe:8b:58:f2:bc:2a:69:
                    cd:c3:dd:c1:5d:c3:9c:9d:a6:42:d7:5f:a3:e9:b1:
                    23:24:32:cb:71:6d:8b:fe:99:02:a6:c4:5c:09:3f:
                    ff:2c:cf:cb:fd:e9:8f:65:7b:25:0d:b8:74:78:a2:
                    a9:46:e0:c1:cf:f9:61:03:01:53:22:25:e8:fa:61:
                    50:2a:db:0e:85:ac:c7:5e:aa:29:0e:8e:ff:db:6f:
                    67:c5:a9:5e:af:02:71:98:9d:e6:1e:9b:7b:c4:9b:
                    c1:d2:23:b9:a3:3f:ba:fb:11:9d:3c:62:7b:3d:c9:
                    b9:ee:19:98:e7:ea:89:01:b8:f1:a8:44:6c:de:73:
                    51:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:13:C4:DB:F5:90:04:47:F4:06:D0:B5:DF:84:D5:1A:66:28:10:76
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38372e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:57:65:fe:9b:3c:9b:16:2a:38:3b:fc:d9:9d:9b:0f:e6:ad:
         2e:01:ca:59:9e:09:f7:93:1c:08:6a:f8:3a:b2:02:d8:5b:5f:
         32:68:f8:09:22:37:ea:8b:45:c9:64:dc:ad:02:f4:62:6b:39:
         0b:87:f2:dd:d0:31:80:c7:5a:d6:f9:44:ae:c1:1a:3d:11:a8:
         aa:f4:90:25:b4:2c:93:0f:4e:ae:7d:a7:62:d5:51:3c:65:11:
         5a:63:29:30:38:19:40:69:68:9b:d2:7e:f3:9a:c5:24:a7:5c:
         af:ea:79:d9:13:23:e0:e4:fc:8e:d4:4c:9f:24:f9:8e:e2:06:
         99:e4:a6:35:fc:52:7f:55:8d:a5:b8:b3:24:69:96:75:ff:b2:
         1e:d7:e3:12:d2:de:40:3d:df:5c:5e:8b:fe:ff:84:17:e9:15:
         92:47:c1:1a:4f:84:43:f9:8d:60:c4:ed:eb:f3:b0:45:56:00:
         29:d3:1f:8c:0d:ac:73:a1:cf:74:f6:d5:30:ca:76:06:1c:c2:
         63:58:0c:ac:76:c1:33:44:ea:d9:93:68:aa:12:64:ba:dc:c9:
         d8:0b:09:7e:40:e1:ee:06:9d:56:ad:96:0d:9f:b2:cc:b5:7a:
         1d:3f:a3:29:5b:57:76:30:fe:1f:73:8d:eb:76:e2:d8:7e:1b:
         57:74:7b:2b
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIURqdpWSS3mi2+dRrI06U8yAz2jlAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA4MDIxMTE5MjVaFw0yNTA4MDExMTI0MjVaMDMxMTAvBgNV
BAMTKDU0MTNDNERCRjU5MDA0NDdGNDA2RDBCNURGODRENTFBNjYyODEwNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/PJ9BZ1IuvcE9d/NnQKVkbaVA
aRhXOUFblcg5kiR54SQBrtzSCPXs6FqQlNHG68caJG1QUUD79UOiI8DAse1ChJlP
67O+MT0zXbrW7m4pnY2iOwSz3RPYsoRx12uMfpEGbOxAm/BwYVFbYBs9l6cCIlPR
mg5zpp3X4XYfzlMY/otY8rwqac3D3cFdw5ydpkLXX6PpsSMkMstxbYv+mQKmxFwJ
P/8sz8v96Y9leyUNuHR4oqlG4MHP+WEDAVMiJej6YVAq2w6FrMdeqikOjv/bb2fF
qV6vAnGYneYem3vEm8HSI7mjP7r7EZ08Yns9ybnuGZjn6okBuPGoRGzec1HDAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUVBPE2/WQBEf0BtC134TVGmYoEHYwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM4MzUyZTM1MzgyZTM4MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTpXMA0GCSqGSIb3DQEBCwUAA4IBAQB6
V2X+mzybFio4O/zZnZsP5q0uAcpZngn3kxwIavg6sgLYW18yaPgJIjfqi0XJZNyt
AvRiazkLh/Ld0DGAx1rW+USuwRo9Eaiq9JAltCyTD06ufadi1VE8ZRFaYykwOBlA
aWib0n7zmsUkp1yv6nnZEyPg5PyO1EyfJPmO4gaZ5KY1/FJ/VY2luLMkaZZ1/7Ie
1+MS0t5APd9cXov+/4QX6RWSR8EaT4RD+Y1gxO3r87BFVgAp0x+MDaxzoc909tUw
ynYGHMJjWAysdsEzROrZk2iqEmS63MnYCwl+QOHuBp1WrZYNn7LMtXodP6MpW1d2
MP4fc43rduLYfhtXdHsr
-----END CERTIFICATE-----