Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a343a3a2f34382d3438203d3e203630343932.roa
File:                     326130323a356265303a343a3a2f34382d3438203d3e203630343932.roa (raw, json)
Hash identifier:          iTCCuYHmrndEOU7t47Sa+LaoVqx9y/SErH4HBb25FXU=
Subject key identifier:   76:86:EB:DB:33:E2:24:A8:CE:E5:D4:6E:C6:A8:51:8D:83:D0:B1:9E
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       355EBE9B83625CDE2BDB218B21E18C4D39EC7F65
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a343a3a2f34382d3438203d3e203630343932.roa
Signing time:             Thu 18 Jul 2024 10:18:22 +0000
ROA not before:           Thu 18 Jul 2024 10:13:22 +0000
ROA not after:            Thu 17 Jul 2025 10:18:22 +0000
asID:                     60492
IP address blocks:        2a02:5be0:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 10:49:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:5e:be:9b:83:62:5c:de:2b:db:21:8b:21:e1:8c:4d:39:ec:7f:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul 18 10:13:22 2024 GMT
            Not After : Jul 17 10:18:22 2025 GMT
        Subject: CN=7686EBDB33E224A8CEE5D46EC6A8518D83D0B19E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2d:a5:e3:26:b6:c2:a9:a9:5b:06:93:a0:eb:
                    40:2f:25:33:90:1b:ac:52:35:92:04:2d:05:5c:0a:
                    21:90:c6:4b:fd:f7:a3:30:10:b7:af:5e:ff:90:3a:
                    ee:74:b7:9b:32:e2:97:99:69:09:9b:9c:94:8c:c0:
                    f4:cc:1a:15:52:47:99:4f:5a:5e:56:4b:54:88:6f:
                    f7:28:84:bc:38:e4:56:83:4c:c4:cb:41:4b:38:43:
                    e6:43:c8:49:2f:c8:ea:be:5b:df:89:53:db:9f:90:
                    a9:85:08:35:77:a4:a6:af:a9:37:5a:b2:d5:8a:e6:
                    8d:06:39:fd:d2:11:74:68:e5:0f:8e:b0:c4:61:fd:
                    5b:bd:41:9a:87:1d:54:6a:76:8f:13:da:ff:a5:75:
                    19:8e:7f:82:e2:05:e4:7e:d1:ac:ad:7b:ae:32:81:
                    f7:f9:07:d2:e0:fe:59:ab:a1:f1:3a:55:35:56:e8:
                    23:f2:1d:b6:88:32:de:e0:b9:a7:a5:29:5b:da:e2:
                    8a:09:9c:11:a3:4d:e0:36:e9:91:a7:eb:20:37:45:
                    53:03:32:c4:51:d2:3a:fd:dc:b2:13:00:20:11:41:
                    86:62:a8:fb:8f:1d:23:2d:46:b2:e3:d8:eb:2c:bf:
                    82:ff:4f:4e:67:5e:be:3d:7b:75:91:65:1e:aa:fe:
                    53:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:86:EB:DB:33:E2:24:A8:CE:E5:D4:6E:C6:A8:51:8D:83:D0:B1:9E
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a343a3a2f34382d3438203d3e203630343932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:74:cf:19:cb:ec:8a:79:16:0b:0e:42:00:43:3e:9e:6b:76:
         dd:e0:6a:c5:69:e9:11:78:e4:4a:19:db:4d:ac:7a:cd:ce:ed:
         89:b5:84:c0:c6:50:f5:b0:95:3e:8e:84:2e:23:1e:1a:bb:c8:
         f4:be:84:d9:a8:91:69:e7:e0:17:85:af:2c:11:96:3a:03:0d:
         ee:45:b2:71:f3:12:87:5c:ec:dc:ed:a8:ae:e8:39:7f:5b:28:
         5c:c8:5a:01:e8:13:7c:7e:50:c0:86:75:d8:91:42:a1:23:d7:
         e2:fc:c2:d5:a2:44:a6:e6:c5:1b:f8:6e:32:46:69:55:95:44:
         1b:6d:fb:67:92:88:ff:1c:ac:e9:a5:c9:67:8f:da:84:d6:97:
         59:9a:1d:b7:1a:a5:d3:9d:1a:c0:38:62:ce:80:dc:89:da:35:
         2b:aa:c4:e9:84:0d:ec:8e:e5:61:f2:65:66:99:ce:47:e1:b6:
         02:27:66:22:3e:6e:e1:f1:8b:03:55:12:24:8d:7a:6b:c4:35:
         0d:7c:2e:72:d2:23:41:99:00:0e:b0:04:22:1f:a7:ae:6d:24:
         4a:35:4a:3c:9a:87:a4:c5:f2:f4:03:b2:63:83:43:f0:d1:45:
         fc:ab:a7:63:77:3f:b1:dd:76:9e:8e:ef:1b:76:b4:56:6d:05:
         c7:67:ea:ef
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUNV6+m4NiXN4r2yGLIeGMTTnsf2UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA3MTgxMDEzMjJaFw0yNTA3MTcxMDE4MjJaMDMxMTAvBgNV
BAMTKDc2ODZFQkRCMzNFMjI0QThDRUU1RDQ2RUM2QTg1MThEODNEMEIxOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJLaXjJrbCqalbBpOg60AvJTOQ
G6xSNZIELQVcCiGQxkv996MwELevXv+QOu50t5sy4peZaQmbnJSMwPTMGhVSR5lP
Wl5WS1SIb/cohLw45FaDTMTLQUs4Q+ZDyEkvyOq+W9+JU9ufkKmFCDV3pKavqTda
stWK5o0GOf3SEXRo5Q+OsMRh/Vu9QZqHHVRqdo8T2v+ldRmOf4LiBeR+0ayte64y
gff5B9Lg/lmrofE6VTVW6CPyHbaIMt7guaelKVva4ooJnBGjTeA26ZGn6yA3RVMD
MsRR0jr93LITACARQYZiqPuPHSMtRrLj2Ossv4L/T05nXr49e3WRZR6q/lOXAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUdobr2zPiJKjO5dRuxqhRjYPQsZ4wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNDNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDM2MzAzNDM5MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAQwDQYJKoZIhvcNAQEL
BQADggEBAHB0zxnL7Ip5FgsOQgBDPp5rdt3gasVp6RF45EoZ202ses3O7Ym1hMDG
UPWwlT6OhC4jHhq7yPS+hNmokWnn4BeFrywRljoDDe5FsnHzEodc7NztqK7oOX9b
KFzIWgHoE3x+UMCGddiRQqEj1+L8wtWiRKbmxRv4bjJGaVWVRBtt+2eSiP8crOml
yWeP2oTWl1maHbcapdOdGsA4Ys6A3InaNSuqxOmEDeyO5WHyZWaZzkfhtgInZiI+
buHxiwNVEiSNemvENQ18LnLSI0GZAA6wBCIfp65tJEo1Sjyah6TF8vQDsmODQ/DR
Rfyrp2N3P7Hddp6O7xt2tFZtBcdn6u8=
-----END CERTIFICATE-----