Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203134363138.roa
File:                     326130323a356265303a363a3a2f34382d3438203d3e203134363138.roa (raw, json)
Hash identifier:          wo1uxKsCmyikl+04BB3mMfxjrsWXAI62KFmDnTWf4S8=
Subject key identifier:   FE:CE:E2:01:C0:6B:09:12:F8:77:FA:51:C8:9B:F9:13:4C:69:51:28
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       12FFB20F0AFE8ED6FA17B588EBC5CFE47F24C4D8
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203134363138.roa
Signing time:             Thu 18 Jul 2024 10:18:22 +0000
ROA not before:           Thu 18 Jul 2024 10:13:22 +0000
ROA not after:            Thu 17 Jul 2025 10:18:22 +0000
asID:                     14618
IP address blocks:        2a02:5be0:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:ff:b2:0f:0a:fe:8e:d6:fa:17:b5:88:eb:c5:cf:e4:7f:24:c4:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul 18 10:13:22 2024 GMT
            Not After : Jul 17 10:18:22 2025 GMT
        Subject: CN=FECEE201C06B0912F877FA51C89BF9134C695128
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2b:30:99:d3:df:be:d6:1d:3b:e9:3c:59:33:
                    97:74:65:07:73:94:c0:49:94:b4:81:94:29:04:65:
                    b3:3d:f7:bb:6b:86:96:39:57:fb:84:92:2c:ab:71:
                    1a:71:89:05:ee:5b:fe:1a:5b:f4:c0:c7:d1:73:15:
                    bf:70:05:2a:73:96:9d:b9:26:a7:7a:ca:2c:59:31:
                    01:cb:a4:01:88:fa:5f:ab:42:66:70:d4:d1:10:87:
                    69:a6:d8:b4:e1:99:6e:82:90:d5:db:5d:b5:3e:68:
                    dd:07:62:d0:de:4b:5c:b0:56:5e:16:c2:21:52:db:
                    b8:77:c9:d7:04:db:bc:57:db:da:d1:23:24:af:4f:
                    12:90:86:93:ce:09:aa:3f:72:c3:81:bd:ad:ca:12:
                    87:c7:72:fa:dc:ed:3b:99:ec:a4:2d:56:20:81:6a:
                    d6:da:f7:f5:3c:59:f4:f1:a8:17:14:96:75:7b:20:
                    f2:65:ab:2e:73:91:c2:e1:f5:d7:0c:21:9a:07:28:
                    f2:02:f7:c9:a3:d6:e5:62:6d:9a:64:86:e0:55:69:
                    c8:53:5b:bc:12:06:53:b6:c1:08:a5:59:38:cf:e5:
                    73:27:ea:bf:e0:72:cb:45:3d:75:fd:fa:23:2d:f0:
                    a7:0d:12:1a:ce:23:95:45:aa:2b:2c:c4:19:40:05:
                    cf:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:CE:E2:01:C0:6B:09:12:F8:77:FA:51:C8:9B:F9:13:4C:69:51:28
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:8e:0f:fc:2d:70:e1:c7:eb:dc:7b:88:a0:fe:a3:a2:af:32:
         35:01:b4:db:99:c4:f2:ee:ac:e9:28:7a:c2:31:b0:4f:b5:08:
         de:67:d5:00:b0:e7:46:ac:a7:58:f3:15:21:e7:f5:68:2a:52:
         c4:45:1c:26:41:61:fb:84:6c:ac:f3:92:57:6b:63:a4:44:38:
         43:cf:cb:1c:70:11:e4:ad:ad:bc:f7:10:42:a9:dc:08:5b:37:
         a9:3d:9c:8f:45:b2:a4:5c:ef:14:bb:01:31:d3:63:46:2d:dd:
         77:dc:0f:70:69:75:13:9f:b6:3f:d4:ec:7b:99:ec:67:23:5e:
         d9:2c:f0:75:a9:33:13:67:cb:17:7e:b3:5b:60:11:d0:7e:15:
         ed:0a:2c:56:f3:0f:6e:cb:ae:ff:70:3a:18:0e:33:92:f2:d8:
         46:9f:5f:ef:25:ef:9a:f8:02:2f:70:6e:8d:a3:9f:4d:75:6e:
         cc:ec:53:c9:4e:30:be:a7:7e:a3:8b:a2:7a:2a:8d:b3:a6:00:
         93:6c:7a:02:9b:de:3f:8b:72:ce:77:e0:b1:c1:34:cb:e3:99:
         4d:de:02:5b:b9:86:2a:4a:4c:df:17:4e:54:06:6a:56:ba:57:
         a6:1f:fb:61:13:55:45:7b:25:27:f6:16:95:df:1c:62:90:eb:
         7e:ea:e8:81
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUEv+yDwr+jtb6F7WI68XP5H8kxNgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA3MTgxMDEzMjJaFw0yNTA3MTcxMDE4MjJaMDMxMTAvBgNV
BAMTKEZFQ0VFMjAxQzA2QjA5MTJGODc3RkE1MUM4OUJGOTEzNEM2OTUxMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsKzCZ09++1h076TxZM5d0ZQdz
lMBJlLSBlCkEZbM997trhpY5V/uEkiyrcRpxiQXuW/4aW/TAx9FzFb9wBSpzlp25
Jqd6yixZMQHLpAGI+l+rQmZw1NEQh2mm2LThmW6CkNXbXbU+aN0HYtDeS1ywVl4W
wiFS27h3ydcE27xX29rRIySvTxKQhpPOCao/csOBva3KEofHcvrc7TuZ7KQtViCB
atba9/U8WfTxqBcUlnV7IPJlqy5zkcLh9dcMIZoHKPIC98mj1uVibZpkhuBVachT
W7wSBlO2wQilWTjP5XMn6r/gcstFPXX9+iMt8KcNEhrOI5VFqissxBlABc+vAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQU/s7iAcBrCRL4d/pRyJv5E0xpUSgwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNjNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzQzNjMxMzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAYwDQYJKoZIhvcNAQEL
BQADggEBAE2OD/wtcOHH69x7iKD+o6KvMjUBtNuZxPLurOkoesIxsE+1CN5n1QCw
50asp1jzFSHn9WgqUsRFHCZBYfuEbKzzkldrY6REOEPPyxxwEeStrbz3EEKp3Ahb
N6k9nI9FsqRc7xS7ATHTY0Yt3XfcD3BpdROftj/U7HuZ7GcjXtks8HWpMxNnyxd+
s1tgEdB+Fe0KLFbzD27Lrv9wOhgOM5Ly2EafX+8l75r4Ai9wbo2jn011bszsU8lO
ML6nfqOLonoqjbOmAJNsegKb3j+Lcs534LHBNMvjmU3eAlu5hipKTN8XTlQGala6
V6Yf+2ETVUV7JSf2FpXfHGKQ637q6IE=
-----END CERTIFICATE-----