Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a333a3a2f34382d3438203d3e203339353838.roa
File:                     326130323a356265303a333a3a2f34382d3438203d3e203339353838.roa (raw, json)
Hash identifier:          t1PmICQGTXvVrQE2IRVkGtGd6adkktsRLQomSKLH1eI=
Subject key identifier:   B2:69:E0:C9:AC:A2:E3:8C:69:63:53:54:0A:47:D6:A8:D3:99:3E:D1
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       24C822922DEDAC04CA06668DB297B7D109FD4AA8
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a333a3a2f34382d3438203d3e203339353838.roa
Signing time:             Fri 02 Aug 2024 11:24:25 +0000
ROA not before:           Fri 02 Aug 2024 11:19:25 +0000
ROA not after:            Fri 01 Aug 2025 11:24:25 +0000
asID:                     39588
IP address blocks:        2a02:5be0:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 10:49:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:c8:22:92:2d:ed:ac:04:ca:06:66:8d:b2:97:b7:d1:09:fd:4a:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug  2 11:19:25 2024 GMT
            Not After : Aug  1 11:24:25 2025 GMT
        Subject: CN=B269E0C9ACA2E38C696353540A47D6A8D3993ED1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:16:50:34:aa:28:ff:fd:21:01:8c:f7:23:0b:
                    6e:cb:da:d7:85:8d:88:c4:32:13:24:31:96:39:74:
                    3a:ec:7d:72:04:db:4f:3c:61:29:20:72:3d:4f:19:
                    50:a1:13:15:00:da:fb:af:d6:4c:2e:b9:7c:ea:b4:
                    0f:2f:22:aa:b1:6d:7f:f1:16:60:4b:40:da:a5:3a:
                    91:70:37:34:29:00:71:d2:68:0a:be:23:3f:4d:f5:
                    c8:9b:34:25:dc:cf:05:d1:5c:4f:51:33:15:4b:0b:
                    a0:66:c0:4a:90:c4:53:12:fe:8e:30:92:fe:4a:af:
                    16:3c:19:94:c1:89:e3:29:a1:3a:d9:64:66:5f:59:
                    54:73:5c:ba:ba:e4:57:7b:a6:c4:7b:6e:73:e6:32:
                    25:3f:38:0c:5d:57:94:65:f3:48:ba:b1:84:2d:00:
                    7e:bb:3e:8d:c1:62:60:20:14:cc:1d:bc:fb:8d:40:
                    78:e7:45:91:17:3a:8d:9b:7c:4c:7c:29:73:66:d9:
                    26:25:4e:8f:75:c4:0a:a7:80:6f:60:88:e9:3d:73:
                    c3:31:6b:96:72:48:ca:ea:63:7e:43:6e:52:39:5c:
                    c8:06:20:ac:a9:69:53:6e:75:84:50:79:86:32:7e:
                    8a:68:56:ac:e3:65:99:5d:1f:83:bb:2c:07:ac:1b:
                    2a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:69:E0:C9:AC:A2:E3:8C:69:63:53:54:0A:47:D6:A8:D3:99:3E:D1
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a333a3a2f34382d3438203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:08:9b:ea:57:ec:16:af:36:4c:7f:99:30:9b:ef:57:c0:4d:
         97:d9:80:a7:1a:ff:5d:89:bb:57:c5:2e:08:23:8e:ea:93:24:
         25:32:b2:7e:06:2d:27:2e:da:ee:2d:64:02:2a:06:d1:c4:6b:
         7c:e9:15:f9:2f:17:73:62:c4:29:2d:b7:b9:36:58:e9:47:56:
         6e:95:21:15:d7:50:1d:96:f0:5f:04:5b:49:d5:24:23:f8:56:
         0f:2f:da:e6:9c:3e:19:26:e7:1a:11:3d:58:97:9a:5e:96:8c:
         17:7e:e6:a8:11:4c:2c:e8:dc:e8:c0:d6:9b:dc:cd:ab:de:11:
         ec:74:92:f3:7a:22:9d:ee:ee:a8:1b:4f:29:2c:de:24:b9:5c:
         33:e7:01:c3:34:ba:72:d6:3e:0e:08:b3:59:60:18:64:82:7e:
         87:f1:07:f9:69:0e:7b:58:de:f3:3f:dc:8e:dc:3c:14:13:58:
         f7:e1:5c:13:bc:1d:00:cc:11:c2:a4:ee:d5:f3:c4:f4:39:2e:
         05:40:f9:a9:09:9b:49:0d:54:68:59:b7:c2:b9:41:c5:bc:80:
         cb:d5:26:02:2a:3d:f2:67:a2:ce:6f:61:b5:a9:af:f0:9d:54:
         b1:68:02:c7:d9:c4:f3:21:21:98:a2:d1:92:a7:10:25:99:6d:
         eb:37:bc:73
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUJMgiki3trATKBmaNspe30Qn9SqgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA4MDIxMTE5MjVaFw0yNTA4MDExMTI0MjVaMDMxMTAvBgNV
BAMTKEIyNjlFMEM5QUNBMkUzOEM2OTYzNTM1NDBBNDdENkE4RDM5OTNFRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrFlA0qij//SEBjPcjC27L2teF
jYjEMhMkMZY5dDrsfXIE2088YSkgcj1PGVChExUA2vuv1kwuuXzqtA8vIqqxbX/x
FmBLQNqlOpFwNzQpAHHSaAq+Iz9N9cibNCXczwXRXE9RMxVLC6BmwEqQxFMS/o4w
kv5KrxY8GZTBieMpoTrZZGZfWVRzXLq65Fd7psR7bnPmMiU/OAxdV5Rl80i6sYQt
AH67Po3BYmAgFMwdvPuNQHjnRZEXOo2bfEx8KXNm2SYlTo91xAqngG9giOk9c8Mx
a5ZySMrqY35DblI5XMgGIKypaVNudYRQeYYyfopoVqzjZZldH4O7LAesGyohAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUsmngyayi44xpY1NUCkfWqNOZPtEwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzMzNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMzMzkzNTM4Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAMwDQYJKoZIhvcNAQEL
BQADggEBAGsIm+pX7BavNkx/mTCb71fATZfZgKca/12Ju1fFLggjjuqTJCUysn4G
LScu2u4tZAIqBtHEa3zpFfkvF3NixCktt7k2WOlHVm6VIRXXUB2W8F8EW0nVJCP4
Vg8v2uacPhkm5xoRPViXml6WjBd+5qgRTCzo3OjA1pvczaveEex0kvN6Ip3u7qgb
Tyks3iS5XDPnAcM0unLWPg4Is1lgGGSCfofxB/lpDntY3vM/3I7cPBQTWPfhXBO8
HQDMEcKk7tXzxPQ5LgVA+akJm0kNVGhZt8K5QcW8gMvVJgIqPfJnos5vYbWpr/Cd
VLFoAsfZxPMhIZii0ZKnECWZbes3vHM=
-----END CERTIFICATE-----