Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3139352e3133302e3231372e302f32342d3234203d3e203432343237.roa
File:                     3139352e3133302e3231372e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          jLzlvgmumHoxSxNTKfw7QuvElBIhseYFdpkRf4cyeQY=
Subject key identifier:   D5:BC:39:13:21:58:97:3F:FB:46:15:4D:E7:93:72:BC:0D:58:49:24
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       63F767DD800E8F1D633CF86FB835F735DF14E2C9
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3139352e3133302e3231372e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 02 Aug 2024 11:24:25 +0000
ROA not before:           Fri 02 Aug 2024 11:19:25 +0000
ROA not after:            Fri 01 Aug 2025 11:24:25 +0000
asID:                     42427
IP address blocks:        195.130.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 10:49:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:f7:67:dd:80:0e:8f:1d:63:3c:f8:6f:b8:35:f7:35:df:14:e2:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug  2 11:19:25 2024 GMT
            Not After : Aug  1 11:24:25 2025 GMT
        Subject: CN=D5BC39132158973FFB46154DE79372BC0D584924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b4:99:d2:8b:4d:8e:b8:fc:06:a9:71:76:b6:
                    10:2c:99:ef:57:81:d5:70:21:01:4a:1e:d4:aa:06:
                    0f:68:ee:05:df:bc:e4:06:0d:f8:91:94:d3:5b:84:
                    a6:4e:91:ba:48:a0:91:b6:91:08:b6:85:3d:d9:65:
                    b2:1c:79:df:97:21:6e:ba:1b:d0:74:b6:33:9f:61:
                    62:09:6d:89:b7:21:79:b3:24:0e:58:a3:e2:8f:fa:
                    99:a5:9b:72:30:47:09:0a:4f:34:cb:af:27:3b:9e:
                    b7:b2:3e:2e:67:10:9b:36:58:f7:d6:00:f7:ba:7c:
                    9b:8f:49:50:1f:da:81:a6:0c:52:0f:f1:e8:77:3d:
                    be:62:0b:00:f3:d7:45:48:1e:27:23:d4:25:25:82:
                    b0:af:d7:3b:c4:ce:97:19:71:96:eb:73:08:97:9a:
                    e3:14:87:38:c5:bb:e7:bb:22:a4:c3:ac:2b:5c:2f:
                    c7:44:71:09:88:0c:cc:eb:e5:14:ae:da:11:e1:6f:
                    ad:d6:20:24:62:09:88:97:85:b5:c0:ca:10:41:f8:
                    25:b5:0d:d4:14:19:18:5b:35:ae:46:1a:7c:c5:f3:
                    11:6c:4a:c2:38:e0:19:10:87:11:12:f7:b7:ac:63:
                    b6:de:2b:84:83:5d:ca:19:4f:d6:63:66:9e:eb:76:
                    3d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:BC:39:13:21:58:97:3F:FB:46:15:4D:E7:93:72:BC:0D:58:49:24
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3139352e3133302e3231372e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.130.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:94:37:15:3c:a9:ef:aa:b5:d3:51:6c:60:c7:2c:9a:62:d5:
         12:9d:fe:4b:fe:c8:c7:9d:d3:0f:97:14:cd:72:cb:24:b3:c3:
         2d:9a:e3:76:b7:8c:d9:82:e7:43:80:08:2e:3b:cb:04:81:eb:
         59:03:26:f4:c8:6f:5b:84:70:0e:37:30:0c:ab:a0:d9:13:6f:
         64:c3:d8:4e:67:da:0e:86:26:41:68:07:0b:5d:84:b2:01:9c:
         5e:96:0c:95:6f:58:12:11:f3:b7:41:34:d1:f4:c7:3a:e4:a3:
         91:2e:2e:80:0c:19:bf:95:ef:91:f2:26:a8:8d:c4:9d:7b:42:
         69:a9:9a:fd:3f:20:f9:bf:46:5a:ac:f6:ef:14:70:90:4c:7b:
         b7:0e:04:5c:2f:a1:8b:3b:69:52:68:a7:58:1d:74:2f:47:7f:
         37:20:4c:32:77:74:ed:9e:81:fb:1e:3e:8a:0b:38:8a:69:44:
         d5:e8:a9:b1:df:34:9e:9b:49:6f:4e:e2:0f:b4:d9:f5:29:17:
         50:55:24:0b:fa:b9:a1:33:3e:c6:73:ef:2f:81:a0:a8:ad:80:
         36:eb:ed:1d:8a:c9:07:6d:50:1c:11:82:15:3c:dc:8e:2e:f2:
         d2:28:c4:f6:55:7a:cb:24:8c:59:d8:23:f2:52:28:91:77:f0:
         4e:d3:ae:46
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIUY/dn3YAOjx1jPPhvuDX3Nd8U4skwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA4MDIxMTE5MjVaFw0yNTA4MDExMTI0MjVaMDMxMTAvBgNV
BAMTKEQ1QkMzOTEzMjE1ODk3M0ZGQjQ2MTU0REU3OTM3MkJDMEQ1ODQ5MjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUtJnSi02OuPwGqXF2thAsme9X
gdVwIQFKHtSqBg9o7gXfvOQGDfiRlNNbhKZOkbpIoJG2kQi2hT3ZZbIced+XIW66
G9B0tjOfYWIJbYm3IXmzJA5Yo+KP+pmlm3IwRwkKTzTLryc7nreyPi5nEJs2WPfW
APe6fJuPSVAf2oGmDFIP8eh3Pb5iCwDz10VIHicj1CUlgrCv1zvEzpcZcZbrcwiX
muMUhzjFu+e7IqTDrCtcL8dEcQmIDMzr5RSu2hHhb63WICRiCYiXhbXAyhBB+CW1
DdQUGRhbNa5GGnzF8xFsSsI44BkQhxES97esY7beK4SDXcoZT9ZjZp7rdj3NAgMB
AAGjggH6MIIB9jAdBgNVHQ4EFgQU1bw5EyFYlz/7RhVN55NyvA1YSSQwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzEzOTM1MmUzMTMzMzAyZTMyMzEzNzJlMzAyZjMyMzQyZDMyMzQy
MDNkM2UyMDM0MzIzNDMyMzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDgtkwDQYJKoZIhvcNAQELBQAD
ggEBAKCUNxU8qe+qtdNRbGDHLJpi1RKd/kv+yMed0w+XFM1yyySzwy2a43a3jNmC
50OACC47ywSB61kDJvTIb1uEcA43MAyroNkTb2TD2E5n2g6GJkFoBwtdhLIBnF6W
DJVvWBIR87dBNNH0xzrko5EuLoAMGb+V75HyJqiNxJ17Qmmpmv0/IPm/Rlqs9u8U
cJBMe7cOBFwvoYs7aVJop1gddC9HfzcgTDJ3dO2egfsePooLOIppRNXoqbHfNJ6b
SW9O4g+02fUpF1BVJAv6uaEzPsZz7y+BoKitgDbr7R2KyQdtUBwRghU83I4u8tIo
xPZVesskjFnYI/JSKJF38E7TrkY=
-----END CERTIFICATE-----