Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa
File:                     326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa (raw, json)
Hash identifier:          f2f8ERYIM5GyTOLnEfBkzq71VGj7IB50kyISLNfessU=
Subject key identifier:   D0:FF:8B:FA:20:86:B3:5B:7A:CA:7D:77:F8:1D:63:98:1A:6F:82:7D
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       67BA30A5004F01501D11B0FAF8B6118BEEFE76F1
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa
Signing time:             Thu 18 Jul 2024 10:18:21 +0000
ROA not before:           Thu 18 Jul 2024 10:13:21 +0000
ROA not after:            Thu 17 Jul 2025 10:18:21 +0000
asID:                     60492
IP address blocks:        2a02:5be0:5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:ba:30:a5:00:4f:01:50:1d:11:b0:fa:f8:b6:11:8b:ee:fe:76:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul 18 10:13:21 2024 GMT
            Not After : Jul 17 10:18:21 2025 GMT
        Subject: CN=D0FF8BFA2086B35B7ACA7D77F81D63981A6F827D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:23:49:13:fd:3b:6b:72:69:40:a9:fc:db:4b:
                    f6:1e:d9:15:17:07:76:93:5a:35:51:a9:53:50:14:
                    c2:51:c8:58:fc:74:6b:bc:ab:7c:53:d0:79:8c:60:
                    c6:a8:12:02:85:cc:60:39:4b:f1:ae:b7:c2:40:f7:
                    13:35:f7:2b:85:31:76:af:64:13:af:9b:0a:7a:ce:
                    75:6f:8f:8e:33:57:fe:2c:55:87:ce:a3:ba:37:44:
                    c3:ef:7a:78:d6:6d:b0:6f:9e:77:4a:ae:eb:d5:ef:
                    3a:8d:4e:5e:1e:c0:1f:da:19:35:67:d3:f2:f5:10:
                    01:67:c5:68:ca:5f:fa:22:fb:79:1d:46:b3:29:87:
                    58:5a:ce:41:5c:f2:b3:f3:3f:1c:59:0d:3d:ec:15:
                    1e:9b:58:54:5d:ec:67:3f:6b:67:1b:25:11:f3:f5:
                    6c:5d:05:9e:55:8e:5a:fe:9d:2c:26:cc:68:84:9f:
                    f5:a6:47:c0:2d:49:00:25:1c:b2:2f:98:7f:67:bb:
                    8b:d6:d6:4c:c3:65:8e:33:34:03:f0:ad:82:ea:e6:
                    38:50:86:06:86:01:af:87:a2:92:2a:70:8e:5e:2c:
                    71:8c:fc:80:bd:57:f4:02:32:3c:dd:eb:89:bb:a6:
                    7c:83:c5:27:4e:da:04:eb:cf:da:58:88:93:23:9c:
                    35:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:FF:8B:FA:20:86:B3:5B:7A:CA:7D:77:F8:1D:63:98:1A:6F:82:7D
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:81:c9:64:4e:8d:0a:4c:d8:67:a2:25:fe:92:e0:73:4b:4b:
         5a:ae:12:e7:7f:86:29:d6:cb:56:98:85:55:19:40:5c:db:e3:
         31:d1:30:a4:59:8a:ca:19:44:0c:e5:8c:cb:91:4b:d7:5b:2d:
         5e:d9:33:47:e3:9c:dd:a2:af:4d:0f:ec:11:dd:0e:49:a4:35:
         d4:c7:4f:86:e0:ad:59:d6:da:80:78:33:44:f1:4f:b9:4a:e1:
         db:29:bb:09:c1:c2:5b:2d:e0:c9:d5:c5:d5:d9:52:45:e0:0b:
         d5:3d:1a:cf:53:3d:dd:e7:7c:2d:57:2f:1e:1e:c6:00:f3:9b:
         db:db:23:63:54:6e:fe:a5:59:26:df:76:27:1b:db:9b:ef:c7:
         35:71:4c:38:1b:7b:53:c0:60:26:1d:f4:c1:fa:5f:ba:e1:f5:
         e0:3d:10:39:13:7e:9b:d7:f6:a3:f5:4e:27:b6:a3:9c:65:c8:
         2b:59:f5:96:f3:67:f5:0c:23:f5:5d:e3:60:f3:db:89:ef:9e:
         fb:42:b2:36:c5:4b:4b:a9:99:dd:ef:cc:ef:c4:bd:09:6e:d0:
         7d:3e:22:27:4d:a7:25:05:4d:67:6a:be:16:42:82:fa:e1:51:
         1b:e8:1c:3b:b8:af:8a:1e:e9:ba:d9:01:bf:f1:b3:1b:e4:9b:
         4d:18:8f:85
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUZ7owpQBPAVAdEbD6+LYRi+7+dvEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA3MTgxMDEzMjFaFw0yNTA3MTcxMDE4MjFaMDMxMTAvBgNV
BAMTKEQwRkY4QkZBMjA4NkIzNUI3QUNBN0Q3N0Y4MUQ2Mzk4MUE2RjgyN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpI0kT/TtrcmlAqfzbS/Ye2RUX
B3aTWjVRqVNQFMJRyFj8dGu8q3xT0HmMYMaoEgKFzGA5S/Gut8JA9xM19yuFMXav
ZBOvmwp6znVvj44zV/4sVYfOo7o3RMPvenjWbbBvnndKruvV7zqNTl4ewB/aGTVn
0/L1EAFnxWjKX/oi+3kdRrMph1hazkFc8rPzPxxZDT3sFR6bWFRd7Gc/a2cbJRHz
9WxdBZ5Vjlr+nSwmzGiEn/WmR8AtSQAlHLIvmH9nu4vW1kzDZY4zNAPwrYLq5jhQ
hgaGAa+HopIqcI5eLHGM/IC9V/QCMjzd64m7pnyDxSdO2gTrz9pYiJMjnDXXAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQU0P+L+iCGs1t6yn13+B1jmBpvgn0wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNTNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDM2MzAzNDM5MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAUwDQYJKoZIhvcNAQEL
BQADggEBAICByWROjQpM2GeiJf6S4HNLS1quEud/hinWy1aYhVUZQFzb4zHRMKRZ
isoZRAzljMuRS9dbLV7ZM0fjnN2ir00P7BHdDkmkNdTHT4bgrVnW2oB4M0TxT7lK
4dspuwnBwlst4MnVxdXZUkXgC9U9Gs9TPd3nfC1XLx4exgDzm9vbI2NUbv6lWSbf
dicb25vvxzVxTDgbe1PAYCYd9MH6X7rh9eA9EDkTfpvX9qP1Tie2o5xlyCtZ9Zbz
Z/UMI/Vd42Dz24nvnvtCsjbFS0upmd3vzO/EvQlu0H0+IidNpyUFTWdqvhZCgvrh
URvoHDu4r4oe6brZAb/xsxvkm00Yj4U=
-----END CERTIFICATE-----