Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203134363138.roa
File:                     326130323a356265303a373a3a2f34382d3438203d3e203134363138.roa (raw, json)
Hash identifier:          aLnAhMSvuprb2btPrXkqvJdsropH5pXyfrifR3OEK94=
Subject key identifier:   C4:8E:02:F3:3F:E7:95:1B:01:3D:D2:50:08:68:9E:50:AE:E7:74:96
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       7EFBFDC047A5A68B968208CAAE69D61847118FF2
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203134363138.roa
Signing time:             Thu 17 Aug 2023 10:03:59 +0000
ROA not before:           Thu 17 Aug 2023 09:58:59 +0000
ROA not after:            Thu 15 Aug 2024 10:03:59 +0000
asID:                     14618
IP address blocks:        2a02:5be0:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:fb:fd:c0:47:a5:a6:8b:96:82:08:ca:ae:69:d6:18:47:11:8f:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug 17 09:58:59 2023 GMT
            Not After : Aug 15 10:03:59 2024 GMT
        Subject: CN=C48E02F33FE7951B013DD25008689E50AEE77496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:79:36:02:6c:9f:0e:9d:0f:5f:c8:02:7e:4e:
                    1f:0b:75:ad:f3:00:21:4b:32:cc:7c:62:6d:af:e5:
                    33:4a:a5:18:e5:6c:e4:e3:d6:59:3e:ab:68:5f:80:
                    bb:f2:72:d2:f0:7f:cb:f1:96:59:36:8e:19:e7:64:
                    b3:64:7e:3b:eb:23:df:52:e0:e3:4c:af:b1:dd:2f:
                    4e:d2:f7:8e:19:60:68:87:f8:26:3b:49:f3:63:56:
                    d9:bb:1d:09:30:fd:dd:25:4e:0b:c5:19:0c:c6:32:
                    81:79:2c:39:9f:30:1d:87:3c:63:e0:6f:1b:66:a4:
                    fc:e9:31:37:18:03:e3:c6:7f:fe:7f:d4:99:a7:a7:
                    10:35:ce:ac:3f:d9:5c:c0:21:c8:d2:79:b2:cb:3d:
                    f5:32:95:48:89:26:89:f0:41:b0:ae:0d:c6:64:dd:
                    31:35:27:f0:45:ed:35:cd:8b:4f:4c:7c:e9:0b:d7:
                    e4:f7:ab:73:60:1f:e7:2e:77:f6:ff:d2:78:50:32:
                    15:39:e4:7e:bb:d2:da:91:35:c3:34:3f:51:95:9f:
                    1c:32:b9:54:03:f2:20:e8:9b:4f:83:4e:db:cc:8a:
                    12:da:84:3a:e6:b3:f9:ef:64:6d:d1:fa:f0:9f:a5:
                    33:84:c6:a1:a9:ef:f8:37:ac:c8:24:d7:17:63:5d:
                    a7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:8E:02:F3:3F:E7:95:1B:01:3D:D2:50:08:68:9E:50:AE:E7:74:96
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:6a:4f:1c:a2:01:55:de:e6:ba:91:c2:cb:c1:5a:ee:02:86:
         03:61:6f:39:81:c9:a9:29:f3:f0:81:29:cd:43:7c:bf:b6:65:
         53:f8:c1:fa:ef:f2:4b:cb:63:b7:fa:bf:71:6f:db:cb:dc:d2:
         52:f5:0c:26:11:20:dc:e1:76:56:49:22:40:cb:5a:d1:57:f0:
         b5:68:d1:2e:a3:54:45:93:0a:b7:0e:d2:be:78:46:e9:72:6d:
         a6:da:f9:7f:c3:f0:f8:ad:10:c6:4a:4b:d4:be:a3:fd:4b:35:
         e8:43:43:7a:3f:af:4b:d7:9e:c3:9e:88:e5:ba:10:fc:8f:54:
         fc:e8:07:ae:0d:e3:cb:4c:43:4e:01:3e:72:94:b3:fb:12:af:
         4f:5f:26:2c:b4:e6:fb:89:af:b9:a0:01:c9:c7:cd:56:5c:45:
         45:bc:c1:90:6f:94:56:78:fc:31:e1:34:d8:2c:2b:b2:08:29:
         23:92:c6:64:f6:43:46:0e:1e:3a:6c:7e:ff:43:2d:7d:d4:d4:
         6f:f4:2f:a8:7f:9d:f1:9c:61:a2:b3:0a:e9:6f:e6:1f:5b:93:
         04:e0:7b:07:a5:2d:e2:0f:9a:83:92:51:d8:9d:4f:3d:a3:de:
         d0:a6:66:bc:9e:f4:fe:8d:8f:d0:10:7d:f3:71:5c:e3:e4:c3:
         6d:98:e3:7b
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUfvv9wEelpouWggjKrmnWGEcRj/IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzA4MTcwOTU4NTlaFw0yNDA4MTUxMDAzNTlaMDMxMTAvBgNV
BAMTKEM0OEUwMkYzM0ZFNzk1MUIwMTNERDI1MDA4Njg5RTUwQUVFNzc0OTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVeTYCbJ8OnQ9fyAJ+Th8Lda3z
ACFLMsx8Ym2v5TNKpRjlbOTj1lk+q2hfgLvyctLwf8vxllk2jhnnZLNkfjvrI99S
4ONMr7HdL07S944ZYGiH+CY7SfNjVtm7HQkw/d0lTgvFGQzGMoF5LDmfMB2HPGPg
bxtmpPzpMTcYA+PGf/5/1JmnpxA1zqw/2VzAIcjSebLLPfUylUiJJonwQbCuDcZk
3TE1J/BF7TXNi09MfOkL1+T3q3NgH+cud/b/0nhQMhU55H670tqRNcM0P1GVnxwy
uVQD8iDom0+DTtvMihLahDrms/nvZG3R+vCfpTOExqGp7/g3rMgk1xdjXafNAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUxI4C8z/nlRsBPdJQCGieUK7ndJYwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNzNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzQzNjMxMzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAcwDQYJKoZIhvcNAQEL
BQADggEBAF9qTxyiAVXe5rqRwsvBWu4ChgNhbzmByakp8/CBKc1DfL+2ZVP4wfrv
8kvLY7f6v3Fv28vc0lL1DCYRINzhdlZJIkDLWtFX8LVo0S6jVEWTCrcO0r54Ruly
baba+X/D8PitEMZKS9S+o/1LNehDQ3o/r0vXnsOeiOW6EPyPVPzoB64N48tMQ04B
PnKUs/sSr09fJiy05vuJr7mgAcnHzVZcRUW8wZBvlFZ4/DHhNNgsK7IIKSOSxmT2
Q0YOHjpsfv9DLX3U1G/0L6h/nfGcYaKzCulv5h9bkwTgewelLeIPmoOSUdidTz2j
3tCmZrye9P6Nj9AQffNxXOPkw22Y43s=
-----END CERTIFICATE-----