Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203134363138.roa
File:                     326130323a356265303a363a3a2f34382d3438203d3e203134363138.roa (raw, json)
Hash identifier:          zloePaLbEZlgAdq2z6dHnl2as82PdQdNhqMnw5Q/Zdw=
Subject key identifier:   86:6C:BB:A8:D0:B9:2D:DE:FA:19:F5:68:30:A3:01:98:D9:9A:CC:7B
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       16016C606B1CA782B3B6B34F2E03A5F0AB0675A7
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203134363138.roa
Signing time:             Thu 17 Aug 2023 10:03:20 +0000
ROA not before:           Thu 17 Aug 2023 09:58:20 +0000
ROA not after:            Thu 15 Aug 2024 10:03:20 +0000
asID:                     14618
IP address blocks:        2a02:5be0:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:01:6c:60:6b:1c:a7:82:b3:b6:b3:4f:2e:03:a5:f0:ab:06:75:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug 17 09:58:20 2023 GMT
            Not After : Aug 15 10:03:20 2024 GMT
        Subject: CN=866CBBA8D0B92DDEFA19F56830A30198D99ACC7B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:84:e6:26:9f:50:87:15:ed:78:f1:20:07:ea:
                    c5:28:f3:94:42:d0:4c:f0:39:ae:d1:ea:e8:53:85:
                    bd:1d:23:af:81:eb:ee:1b:39:be:f9:f6:ce:9e:2c:
                    74:58:2d:65:27:27:23:13:89:b1:27:15:9a:c9:a1:
                    81:52:06:17:e1:e0:05:0b:4e:e1:cc:48:99:f2:8b:
                    4f:80:33:02:31:b8:9d:20:f5:8c:8b:ed:af:e6:03:
                    60:76:66:20:de:5b:24:15:1d:09:6d:cb:ce:59:8f:
                    ea:84:77:4a:00:88:22:78:29:fc:eb:45:30:08:b6:
                    84:0b:7c:1f:94:8e:5f:03:f2:f4:26:9e:ba:2e:84:
                    0a:44:bb:ba:43:a4:47:c2:e7:c1:7c:2f:ae:8b:35:
                    d5:ee:73:1e:9a:5e:75:17:cd:3d:f1:56:05:6e:be:
                    b3:cc:53:ad:61:f8:8e:93:ad:78:30:5b:71:9b:4c:
                    1c:19:32:1a:c0:59:2b:a9:a0:bb:3d:7f:47:bc:30:
                    bf:cc:3f:5b:d4:e0:96:72:86:73:3f:6e:97:d3:2b:
                    a8:ce:3d:13:5e:78:48:70:99:0b:5c:f5:3b:5e:11:
                    17:de:35:8d:b5:43:24:43:a3:2b:86:cb:ad:cd:cb:
                    fc:84:70:1d:90:53:43:33:4f:bf:3c:c8:28:68:9a:
                    f1:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:6C:BB:A8:D0:B9:2D:DE:FA:19:F5:68:30:A3:01:98:D9:9A:CC:7B
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:eb:3a:2d:9f:1c:de:a1:fa:c4:d0:a1:1c:bd:2e:7b:5b:a1:
         f9:d6:c8:d5:53:31:71:e8:af:3d:ed:e5:fd:c8:58:21:f6:08:
         51:dd:d1:45:33:33:29:fa:e7:e8:d1:ca:7b:c4:24:c3:64:c8:
         6a:9a:62:e5:10:af:ac:b4:ee:ef:1d:04:c1:c0:45:51:01:4d:
         5c:9f:91:34:85:6c:40:2b:5f:ec:f1:50:e5:a1:c5:26:bc:86:
         2f:e5:fe:67:a1:28:3c:00:71:c6:b3:2c:e2:d4:dc:2d:07:51:
         ba:38:8b:c7:c9:6e:39:01:73:e8:ee:f0:3e:3e:a1:86:45:1a:
         34:56:1f:f9:57:f2:6e:db:31:bd:05:f4:d9:fb:b6:6c:8e:b7:
         48:76:17:40:e9:f9:67:dd:82:4d:d9:1f:81:95:bc:4d:b5:43:
         f7:f2:48:26:ce:ee:56:98:6c:07:5d:9c:0f:e8:60:5c:55:ca:
         77:e3:b5:1d:bf:75:57:49:24:f6:26:db:d3:b9:55:52:18:59:
         bb:9c:1a:58:b3:95:0d:55:7b:92:bc:89:6a:34:81:96:cf:db:
         51:5e:d1:b0:bf:92:93:73:80:fa:58:70:c9:33:61:7a:b1:46:
         3c:59:70:10:eb:81:45:23:e4:91:7e:12:c5:09:da:39:ad:01:
         5f:7e:e8:80
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUFgFsYGscp4KztrNPLgOl8KsGdacwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzA4MTcwOTU4MjBaFw0yNDA4MTUxMDAzMjBaMDMxMTAvBgNV
BAMTKDg2NkNCQkE4RDBCOTJEREVGQTE5RjU2ODMwQTMwMTk4RDk5QUNDN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCphOYmn1CHFe148SAH6sUo85RC
0EzwOa7R6uhThb0dI6+B6+4bOb759s6eLHRYLWUnJyMTibEnFZrJoYFSBhfh4AUL
TuHMSJnyi0+AMwIxuJ0g9YyL7a/mA2B2ZiDeWyQVHQlty85Zj+qEd0oAiCJ4Kfzr
RTAItoQLfB+Ujl8D8vQmnrouhApEu7pDpEfC58F8L66LNdXucx6aXnUXzT3xVgVu
vrPMU61h+I6TrXgwW3GbTBwZMhrAWSupoLs9f0e8ML/MP1vU4JZyhnM/bpfTK6jO
PRNeeEhwmQtc9TteERfeNY21QyRDoyuGy63Ny/yEcB2QU0MzT788yChomvGnAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUhmy7qNC5Ld76GfVoMKMBmNmazHswHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNjNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzQzNjMxMzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAYwDQYJKoZIhvcNAQEL
BQADggEBACrrOi2fHN6h+sTQoRy9LntbofnWyNVTMXHorz3t5f3IWCH2CFHd0UUz
Myn65+jRynvEJMNkyGqaYuUQr6y07u8dBMHARVEBTVyfkTSFbEArX+zxUOWhxSa8
hi/l/mehKDwAccazLOLU3C0HUbo4i8fJbjkBc+ju8D4+oYZFGjRWH/lX8m7bMb0F
9Nn7tmyOt0h2F0Dp+Wfdgk3ZH4GVvE21Q/fySCbO7laYbAddnA/oYFxVynfjtR2/
dVdJJPYm29O5VVIYWbucGlizlQ1Ve5K8iWo0gZbP21Fe0bC/kpNzgPpYcMkzYXqx
RjxZcBDrgUUj5JF+EsUJ2jmtAV9+6IA=
-----END CERTIFICATE-----