Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa
File:                     326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          n+LncxfO7BjHPvNsEodZvcA5ABFfY/AcTF9ptf46fVI=
Subject key identifier:   8E:18:B3:73:C1:6D:17:50:1D:A3:8D:9B:12:BE:8D:95:CF:87:08:4F
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       6B24AFC71986A09C0108A97EE445B3D976EFED03
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa
Signing time:             Thu 18 Jul 2024 10:18:21 +0000
ROA not before:           Thu 18 Jul 2024 10:13:21 +0000
ROA not after:            Thu 17 Jul 2025 10:18:21 +0000
asID:                     16509
IP address blocks:        2a02:5be0:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:24:af:c7:19:86:a0:9c:01:08:a9:7e:e4:45:b3:d9:76:ef:ed:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul 18 10:13:21 2024 GMT
            Not After : Jul 17 10:18:21 2025 GMT
        Subject: CN=8E18B373C16D17501DA38D9B12BE8D95CF87084F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:35:e6:e1:94:ad:b9:04:a8:a5:f2:28:72:42:
                    ca:44:6d:f3:53:e0:49:78:65:49:41:52:e9:a0:9b:
                    ac:b7:36:71:0b:4e:70:77:25:ca:44:86:da:32:06:
                    bc:a0:19:46:4f:ca:08:f8:f4:68:91:fe:2f:c1:66:
                    0f:e0:25:69:01:4a:af:bd:6a:58:f6:b4:e1:a8:bb:
                    59:c5:c9:76:6c:bc:27:d8:7c:82:4f:e4:85:74:17:
                    6c:25:1b:30:6f:6d:d3:aa:6f:49:a8:f1:85:ff:c4:
                    86:7a:2c:94:70:27:a6:08:cd:b1:b4:e4:da:a9:1b:
                    3c:96:9f:ed:65:b2:ca:50:83:33:dc:03:40:5c:a7:
                    c6:26:83:3a:46:d2:90:f2:dd:3d:84:ab:43:a8:c5:
                    3d:95:c6:89:39:30:77:d2:f0:a8:5c:fa:1e:f7:57:
                    46:e7:69:b5:c2:6f:2a:3c:b9:01:c3:04:dd:ac:38:
                    3d:35:ee:21:a4:03:95:a9:68:cc:32:ee:b2:19:b8:
                    1a:0b:71:db:d1:f1:16:8f:8f:c8:3c:89:3a:04:68:
                    03:db:c0:24:bb:e4:e2:0c:c3:f3:d8:fd:6f:b2:48:
                    f9:98:37:38:5c:8c:b3:a2:37:d6:3a:a6:b9:04:41:
                    2c:1f:13:98:01:11:b6:90:2d:62:14:b2:8f:cc:cc:
                    36:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:18:B3:73:C1:6D:17:50:1D:A3:8D:9B:12:BE:8D:95:CF:87:08:4F
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:48:f9:e8:20:af:55:a7:86:70:d4:f5:32:b7:e2:a1:cd:bd:
         6f:1f:23:c5:c7:ed:95:2a:0d:f8:8c:34:ba:5d:de:97:c7:29:
         98:55:20:0b:3f:2c:0a:f0:3c:88:e9:70:f7:f3:9a:73:5d:31:
         81:a3:c0:83:d8:89:5c:9f:62:cf:0c:bd:35:fc:b5:fd:90:fb:
         6e:59:12:1d:9e:5d:52:fa:66:c2:50:e4:0b:8d:70:35:6e:b1:
         b5:20:20:a7:af:3b:30:15:e0:85:ed:56:2f:5a:74:e7:41:8f:
         f2:6e:99:69:4e:2b:7f:6d:d2:69:39:00:12:4a:8c:af:92:a0:
         06:a8:91:07:23:98:18:4a:33:8b:a2:3f:92:15:f9:f3:4f:64:
         93:cf:5e:1a:0a:26:8c:fa:44:0a:3c:60:16:75:7f:55:7a:d0:
         13:45:87:bb:40:35:78:96:65:41:6b:80:02:e0:ed:25:6e:db:
         e8:32:da:44:e3:34:29:44:2d:96:fd:b7:f1:5f:98:b7:a0:54:
         4b:0a:c0:6e:2e:d3:6a:50:c4:ba:39:4d:eb:f0:08:52:a8:41:
         6e:6b:f7:8e:d5:62:1f:88:b5:24:07:fb:e8:2d:0f:ec:69:70:
         82:fe:92:a7:87:ee:cb:e8:71:7e:1b:52:ce:19:d8:d1:cf:b9:
         a0:b4:45:74
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUaySvxxmGoJwBCKl+5EWz2Xbv7QMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA3MTgxMDEzMjFaFw0yNTA3MTcxMDE4MjFaMDMxMTAvBgNV
BAMTKDhFMThCMzczQzE2RDE3NTAxREEzOEQ5QjEyQkU4RDk1Q0Y4NzA4NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDNebhlK25BKil8ihyQspEbfNT
4El4ZUlBUumgm6y3NnELTnB3JcpEhtoyBrygGUZPygj49GiR/i/BZg/gJWkBSq+9
alj2tOGou1nFyXZsvCfYfIJP5IV0F2wlGzBvbdOqb0mo8YX/xIZ6LJRwJ6YIzbG0
5NqpGzyWn+1lsspQgzPcA0Bcp8YmgzpG0pDy3T2Eq0OoxT2Vxok5MHfS8Khc+h73
V0bnabXCbyo8uQHDBN2sOD017iGkA5WpaMwy7rIZuBoLcdvR8RaPj8g8iToEaAPb
wCS75OIMw/PY/W+ySPmYNzhcjLOiN9Y6prkEQSwfE5gBEbaQLWIUso/MzDaNAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUjhizc8FtF1Ado42bEr6Nlc+HCE8wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNzNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAcwDQYJKoZIhvcNAQEL
BQADggEBAJ1I+eggr1WnhnDU9TK34qHNvW8fI8XH7ZUqDfiMNLpd3pfHKZhVIAs/
LArwPIjpcPfzmnNdMYGjwIPYiVyfYs8MvTX8tf2Q+25ZEh2eXVL6ZsJQ5AuNcDVu
sbUgIKevOzAV4IXtVi9adOdBj/JumWlOK39t0mk5ABJKjK+SoAaokQcjmBhKM4ui
P5IV+fNPZJPPXhoKJoz6RAo8YBZ1f1V60BNFh7tANXiWZUFrgALg7SVu2+gy2kTj
NClELZb9t/FfmLegVEsKwG4u02pQxLo5TevwCFKoQW5r947VYh+ItSQH++gtD+xp
cIL+kqeH7svocX4bUs4Z2NHPuaC0RXQ=
-----END CERTIFICATE-----