Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203136353039.roa
File:                     326130323a356265303a363a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          VbCUCfNHt+6VRKx2+3O0l40p+w6QHObjEEsYCC1BO4M=
Subject key identifier:   9D:BD:84:DB:E5:3C:A9:89:49:EA:B8:59:AF:53:54:0A:34:0F:B9:AC
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       1F03698C87052ED9B3687B54A578454F8CFF0DF1
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203136353039.roa
Signing time:             Thu 17 Aug 2023 10:03:11 +0000
ROA not before:           Thu 17 Aug 2023 09:58:11 +0000
ROA not after:            Thu 15 Aug 2024 10:03:11 +0000
asID:                     16509
IP address blocks:        2a02:5be0:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:03:69:8c:87:05:2e:d9:b3:68:7b:54:a5:78:45:4f:8c:ff:0d:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug 17 09:58:11 2023 GMT
            Not After : Aug 15 10:03:11 2024 GMT
        Subject: CN=9DBD84DBE53CA98949EAB859AF53540A340FB9AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:12:a4:65:b4:ce:af:7d:40:46:72:81:9c:dc:
                    2d:87:cd:c8:f7:0f:8a:6f:5a:22:4c:80:4f:89:01:
                    ab:48:4d:7b:d8:7d:18:06:4e:43:ff:03:d9:64:a4:
                    de:81:e1:27:d1:e2:71:26:64:e6:ec:e5:c6:11:b9:
                    b2:bb:e1:cf:ff:13:8d:eb:21:b5:90:00:6e:08:73:
                    b2:42:a0:c9:54:77:44:f9:52:5a:36:7a:85:70:46:
                    b3:b6:50:4d:f2:12:1c:d0:36:b8:f5:87:f6:f8:9b:
                    ae:1a:ec:18:91:5d:02:d6:14:c3:81:2a:d6:8f:6c:
                    2c:aa:38:3e:b0:64:19:70:db:cc:3b:a1:8c:23:b9:
                    72:7a:5e:f2:66:f0:5d:1a:48:6c:8f:e7:79:93:f9:
                    1c:6a:7b:ed:cd:9f:b8:3b:f5:8b:c3:1d:01:f0:05:
                    82:9e:8d:c7:aa:40:2c:3d:c5:2b:e8:45:ef:c9:b5:
                    a1:13:88:06:c8:f0:e3:0b:68:ee:85:a8:0b:fd:83:
                    11:a6:52:b7:06:bb:fd:7d:a2:8e:6d:a2:94:55:99:
                    41:0d:2c:18:ae:1a:b3:29:56:38:b2:da:a7:54:aa:
                    e8:c8:aa:b2:74:b2:6a:fa:c8:a5:80:b6:21:9a:de:
                    6f:63:ab:eb:bb:88:92:f9:f6:9f:6e:3a:c7:e3:a4:
                    c6:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:BD:84:DB:E5:3C:A9:89:49:EA:B8:59:AF:53:54:0A:34:0F:B9:AC
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:ff:97:eb:61:b6:60:3b:b7:80:c9:39:46:3a:8e:e0:84:29:
         f1:9e:3b:11:42:ae:db:ab:1b:2c:91:dd:8c:60:27:1f:1e:30:
         39:10:81:1c:c6:46:eb:bc:e6:72:93:16:c3:88:6c:07:77:e9:
         f6:ba:77:2c:a8:32:82:ce:05:09:3d:fa:84:51:3b:e2:1f:e3:
         03:6f:a8:5b:d7:3c:5a:79:4a:ec:12:5e:96:88:90:34:c2:33:
         07:a8:9e:f1:45:df:42:ba:1f:04:03:8c:0e:68:ec:52:1f:75:
         cc:56:4a:78:12:b5:fe:41:d4:a4:56:05:99:aa:48:27:d0:d2:
         f0:c4:77:d5:a8:bc:6e:13:0e:2e:be:bd:02:ad:b4:76:a4:da:
         35:f2:2c:27:5a:ab:ca:6b:e3:26:2c:59:b8:e9:91:b5:a1:52:
         6f:29:5a:f0:3f:9f:bb:c2:95:22:e4:2f:a5:d4:0c:f0:9e:0f:
         f8:f9:bb:fa:5d:14:36:1c:e4:28:62:26:a4:46:b8:28:a2:f1:
         9c:bc:1b:db:35:00:bb:ae:04:b3:ab:b2:8c:01:69:c2:1f:a6:
         0f:6d:62:7e:93:09:2e:52:d2:70:38:27:23:66:9b:3b:50:7d:
         6a:c9:63:fd:3e:5d:0d:2f:45:ad:77:b4:96:5e:36:19:b0:0d:
         92:66:37:cb
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUHwNpjIcFLtmzaHtUpXhFT4z/DfEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzA4MTcwOTU4MTFaFw0yNDA4MTUxMDAzMTFaMDMxMTAvBgNV
BAMTKDlEQkQ4NERCRTUzQ0E5ODk0OUVBQjg1OUFGNTM1NDBBMzQwRkI5QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsEqRltM6vfUBGcoGc3C2Hzcj3
D4pvWiJMgE+JAatITXvYfRgGTkP/A9lkpN6B4SfR4nEmZObs5cYRubK74c//E43r
IbWQAG4Ic7JCoMlUd0T5Ulo2eoVwRrO2UE3yEhzQNrj1h/b4m64a7BiRXQLWFMOB
KtaPbCyqOD6wZBlw28w7oYwjuXJ6XvJm8F0aSGyP53mT+Rxqe+3Nn7g79YvDHQHw
BYKejceqQCw9xSvoRe/JtaETiAbI8OMLaO6FqAv9gxGmUrcGu/19oo5topRVmUEN
LBiuGrMpVjiy2qdUqujIqrJ0smr6yKWAtiGa3m9jq+u7iJL59p9uOsfjpMaZAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUnb2E2+U8qYlJ6rhZr1NUCjQPuawwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNjNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAYwDQYJKoZIhvcNAQEL
BQADggEBACD/l+thtmA7t4DJOUY6juCEKfGeOxFCrturGyyR3YxgJx8eMDkQgRzG
Ruu85nKTFsOIbAd36fa6dyyoMoLOBQk9+oRRO+If4wNvqFvXPFp5SuwSXpaIkDTC
MweonvFF30K6HwQDjA5o7FIfdcxWSngStf5B1KRWBZmqSCfQ0vDEd9WovG4TDi6+
vQKttHak2jXyLCdaq8pr4yYsWbjpkbWhUm8pWvA/n7vClSLkL6XUDPCeD/j5u/pd
FDYc5ChiJqRGuCii8Zy8G9s1ALuuBLOrsowBacIfpg9tYn6TCS5S0nA4JyNmmztQ
fWrJY/0+XQ0vRa13tJZeNhmwDZJmN8s=
-----END CERTIFICATE-----