Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203134363138.roa
File:                     326130323a356265303a373a3a2f34382d3438203d3e203134363138.roa (raw, json)
Hash identifier:          YYCrodwpg4z1I33J98Y+m2a+/Q34zi3iK5MueAbsBto=
Subject key identifier:   D2:CF:AB:C7:41:9B:55:01:B5:E8:83:46:CD:D4:4C:7B:F1:93:23:EA
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       03379196B0DB515EA490B900B9B354024BEC9884
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203134363138.roa
Signing time:             Thu 18 Jul 2024 10:18:22 +0000
ROA not before:           Thu 18 Jul 2024 10:13:22 +0000
ROA not after:            Thu 17 Jul 2025 10:18:22 +0000
asID:                     14618
IP address blocks:        2a02:5be0:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:37:91:96:b0:db:51:5e:a4:90:b9:00:b9:b3:54:02:4b:ec:98:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul 18 10:13:22 2024 GMT
            Not After : Jul 17 10:18:22 2025 GMT
        Subject: CN=D2CFABC7419B5501B5E88346CDD44C7BF19323EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b7:0d:76:55:f6:d3:20:d8:e9:99:0d:15:cc:
                    ee:a5:d2:b4:b1:81:19:2a:75:31:e0:e9:03:b6:76:
                    18:b8:ff:1d:75:1b:ee:2d:c2:5d:26:c6:e4:c1:c9:
                    32:81:60:bf:77:b8:c5:82:72:91:b0:f6:be:94:03:
                    b5:16:18:6d:01:fb:e5:1b:cc:45:ad:a4:a0:fd:99:
                    b1:df:90:08:d8:01:f5:32:85:f3:38:92:d8:0f:62:
                    f1:66:bf:f8:8b:f8:4c:f5:44:11:5d:61:4d:34:48:
                    7e:b1:1f:1a:5f:c4:95:65:a5:b9:aa:e2:56:df:35:
                    e0:57:f7:de:fd:d3:3f:7a:ef:2f:9b:a6:2e:1f:1d:
                    94:f3:35:2c:e9:14:63:fd:08:d3:08:fd:d7:88:a2:
                    38:20:17:53:99:c9:2b:a5:17:9b:15:fc:5c:4d:ab:
                    29:eb:55:b3:85:aa:77:17:b4:7b:69:ec:73:0c:30:
                    cc:d9:64:19:39:0e:d9:33:58:5b:e5:04:8f:92:22:
                    a0:2f:dc:d5:0d:c9:05:71:98:80:5d:dd:d0:58:a6:
                    89:7b:7a:d4:62:e7:14:5c:8a:5a:1e:ca:f4:af:92:
                    b2:01:47:c2:5c:9d:c8:9d:42:bf:04:14:ff:48:fe:
                    65:05:27:0e:d9:11:7c:50:3b:7a:0f:46:ed:35:8a:
                    49:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:CF:AB:C7:41:9B:55:01:B5:E8:83:46:CD:D4:4C:7B:F1:93:23:EA
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:6e:2f:3c:28:51:a4:70:ca:f9:24:c1:ed:82:16:19:93:a5:
         9c:50:c6:4e:c3:16:28:28:3b:41:72:38:2d:ed:5b:23:a6:a5:
         aa:53:8d:54:33:9e:37:cb:9c:62:ad:67:f4:23:40:cc:3c:de:
         61:15:24:90:eb:00:33:4f:16:26:81:5e:70:c0:c7:ad:99:3d:
         34:9a:f1:39:21:7a:7c:44:53:38:cc:62:1d:93:3a:ca:90:c9:
         14:35:db:03:60:2e:65:67:b1:a9:ab:dd:07:2b:96:4f:44:6d:
         c1:94:28:4a:92:da:7b:1e:aa:c9:0f:32:21:db:10:58:9e:5e:
         eb:c8:eb:6e:2a:b5:eb:82:e8:72:ab:86:45:35:e8:2e:36:d6:
         98:e4:7a:5f:1c:a9:19:07:e0:30:ed:ac:f3:8d:db:d9:bc:c6:
         40:ee:44:ec:92:d2:be:64:5c:e1:a2:e6:20:c1:84:e9:f8:39:
         aa:d3:38:b3:82:88:1e:c8:c3:e1:a2:d6:4f:e6:00:6d:dd:cb:
         07:70:cb:b4:4b:ae:d2:76:36:1f:75:bd:b6:81:1a:d8:c8:2a:
         93:28:fa:44:c0:86:76:20:01:97:16:d9:4a:07:aa:a9:32:98:
         16:3e:3c:d8:b6:ba:fc:da:13:a1:1a:a1:ca:1f:ac:d3:4b:e8:
         ef:81:55:ea
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUAzeRlrDbUV6kkLkAubNUAkvsmIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA3MTgxMDEzMjJaFw0yNTA3MTcxMDE4MjJaMDMxMTAvBgNV
BAMTKEQyQ0ZBQkM3NDE5QjU1MDFCNUU4ODM0NkNERDQ0QzdCRjE5MzIzRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1tw12VfbTINjpmQ0VzO6l0rSx
gRkqdTHg6QO2dhi4/x11G+4twl0mxuTByTKBYL93uMWCcpGw9r6UA7UWGG0B++Ub
zEWtpKD9mbHfkAjYAfUyhfM4ktgPYvFmv/iL+Ez1RBFdYU00SH6xHxpfxJVlpbmq
4lbfNeBX99790z967y+bpi4fHZTzNSzpFGP9CNMI/deIojggF1OZySulF5sV/FxN
qynrVbOFqncXtHtp7HMMMMzZZBk5DtkzWFvlBI+SIqAv3NUNyQVxmIBd3dBYpol7
etRi5xRciloeyvSvkrIBR8JcncidQr8EFP9I/mUFJw7ZEXxQO3oPRu01iknHAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQU0s+rx0GbVQG16INGzdRMe/GTI+owHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNzNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzQzNjMxMzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAcwDQYJKoZIhvcNAQEL
BQADggEBAA9uLzwoUaRwyvkkwe2CFhmTpZxQxk7DFigoO0FyOC3tWyOmpapTjVQz
njfLnGKtZ/QjQMw83mEVJJDrADNPFiaBXnDAx62ZPTSa8TkhenxEUzjMYh2TOsqQ
yRQ12wNgLmVnsamr3Qcrlk9EbcGUKEqS2nseqskPMiHbEFieXuvI624qteuC6HKr
hkU16C421pjkel8cqRkH4DDtrPON29m8xkDuROyS0r5kXOGi5iDBhOn4OarTOLOC
iB7Iw+Gi1k/mAG3dywdwy7RLrtJ2Nh91vbaBGtjIKpMo+kTAhnYgAZcW2UoHqqky
mBY+PNi2uvzaE6EaocofrNNL6O+BVeo=
-----END CERTIFICATE-----