Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203339353838.roa
File:                     326130323a356265303a373a3a2f34382d3438203d3e203339353838.roa (raw, json)
Hash identifier:          wBx5qe1V8q6h6SFbL5Ija5+LavXuDZfwNjactLKlYnM=
Subject key identifier:   0B:61:D7:B8:5F:B2:18:B4:E5:04:EE:55:D1:B4:32:35:7B:17:82:5E
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       3C56AAD1E480FBA7767BB03A179C545FEB547E51
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203339353838.roa
Signing time:             Thu 18 Jul 2024 10:18:21 +0000
ROA not before:           Thu 18 Jul 2024 10:13:21 +0000
ROA not after:            Thu 17 Jul 2025 10:18:21 +0000
asID:                     39588
IP address blocks:        2a02:5be0:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:56:aa:d1:e4:80:fb:a7:76:7b:b0:3a:17:9c:54:5f:eb:54:7e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul 18 10:13:21 2024 GMT
            Not After : Jul 17 10:18:21 2025 GMT
        Subject: CN=0B61D7B85FB218B4E504EE55D1B432357B17825E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:44:fa:62:f8:bb:0c:89:68:fe:eb:ea:f5:a2:
                    33:ab:b3:3a:c6:74:16:55:d1:be:6f:60:14:7b:f7:
                    45:7c:ff:9f:84:b9:5c:bb:8f:9c:16:bd:96:2c:60:
                    60:59:22:f6:23:32:8c:57:12:c0:a8:6c:42:83:9d:
                    89:1c:6a:9f:b9:8f:24:7a:f2:0f:02:a4:aa:96:48:
                    7b:f8:d5:17:0f:bb:57:a0:fd:0a:9f:de:d9:29:70:
                    e5:81:9f:4a:61:eb:c3:68:7e:04:7b:d8:62:b1:98:
                    d8:56:d5:06:d4:30:11:84:c8:d1:ba:a7:a7:5d:9a:
                    a9:2a:18:48:03:e6:13:53:dc:aa:17:92:5a:90:7b:
                    b2:7f:60:15:cb:e3:b2:1e:21:ec:6b:1d:0b:ec:c9:
                    1e:10:01:72:0d:7b:da:db:06:d4:c4:45:0a:fc:b3:
                    f1:60:ce:57:d4:fd:b0:63:98:15:dd:f0:f8:4a:c4:
                    9e:04:7c:57:0c:ae:f2:e2:fa:df:3f:e8:60:28:91:
                    34:77:8c:9e:7f:38:2e:58:6c:db:96:6d:a7:a4:20:
                    6b:96:c1:37:21:7a:00:5d:e8:47:b8:b5:7c:c4:f2:
                    b2:d2:b0:b5:df:cc:d8:ca:c5:9d:78:bd:e0:04:08:
                    5b:28:a3:67:f9:c7:df:3f:6d:86:63:cd:0c:aa:a0:
                    ef:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:61:D7:B8:5F:B2:18:B4:E5:04:EE:55:D1:B4:32:35:7B:17:82:5E
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:f9:e7:5c:d0:3c:aa:cc:81:f0:ff:98:38:09:50:b1:4e:da:
         1e:ff:17:fc:43:c7:1a:99:8c:af:a4:5e:0b:32:2d:5b:44:3b:
         20:05:d2:4f:ca:83:7b:ab:c9:d7:ae:8b:c6:67:a6:21:d8:e8:
         6c:82:97:f4:3d:f9:ed:4d:22:ea:2c:79:26:e2:cc:63:11:2c:
         e2:73:af:c1:4e:a2:6a:cc:76:24:4c:ec:46:4d:82:64:b1:24:
         73:4b:0a:ba:7b:c4:e8:5c:3c:08:bf:b2:dc:87:84:fc:ed:4e:
         64:d8:16:7e:61:bd:20:23:d8:3a:86:9a:9e:59:3f:41:55:02:
         52:bc:7e:ba:86:19:2c:65:d8:34:a4:36:e0:a8:11:b7:6e:71:
         44:47:94:4c:fa:47:d2:df:f5:b0:19:23:29:5a:65:58:f6:48:
         86:75:4b:e0:84:46:ee:1d:ab:58:a7:fd:01:f5:73:84:c7:96:
         95:b3:28:8e:01:e9:30:8b:80:4f:2e:0a:6d:b3:93:fe:1a:ca:
         f4:ac:5d:57:0a:c4:5d:0a:07:5e:fa:81:ac:f9:a1:85:9d:f5:
         9d:16:9e:e2:ac:e2:00:ee:ba:4d:41:76:ea:86:e0:bf:04:f5:
         26:b7:03:c2:97:6f:1d:0e:70:7c:8d:a6:c5:9c:f6:b3:c8:a9:
         5d:b0:a7:65
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUPFaq0eSA+6d2e7A6F5xUX+tUflEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA3MTgxMDEzMjFaFw0yNTA3MTcxMDE4MjFaMDMxMTAvBgNV
BAMTKDBCNjFEN0I4NUZCMjE4QjRFNTA0RUU1NUQxQjQzMjM1N0IxNzgyNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4RPpi+LsMiWj+6+r1ojOrszrG
dBZV0b5vYBR790V8/5+EuVy7j5wWvZYsYGBZIvYjMoxXEsCobEKDnYkcap+5jyR6
8g8CpKqWSHv41RcPu1eg/Qqf3tkpcOWBn0ph68NofgR72GKxmNhW1QbUMBGEyNG6
p6ddmqkqGEgD5hNT3KoXklqQe7J/YBXL47IeIexrHQvsyR4QAXINe9rbBtTERQr8
s/FgzlfU/bBjmBXd8PhKxJ4EfFcMrvLi+t8/6GAokTR3jJ5/OC5YbNuWbaekIGuW
wTchegBd6Ee4tXzE8rLSsLXfzNjKxZ14veAECFsoo2f5x98/bYZjzQyqoO8TAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUC2HXuF+yGLTlBO5V0bQyNXsXgl4wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNzNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMzMzkzNTM4Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAcwDQYJKoZIhvcNAQEL
BQADggEBABP551zQPKrMgfD/mDgJULFO2h7/F/xDxxqZjK+kXgsyLVtEOyAF0k/K
g3urydeui8ZnpiHY6GyCl/Q9+e1NIuoseSbizGMRLOJzr8FOomrMdiRM7EZNgmSx
JHNLCrp7xOhcPAi/styHhPztTmTYFn5hvSAj2DqGmp5ZP0FVAlK8frqGGSxl2DSk
NuCoEbducURHlEz6R9Lf9bAZIylaZVj2SIZ1S+CERu4dq1in/QH1c4THlpWzKI4B
6TCLgE8uCm2zk/4ayvSsXVcKxF0KB176gaz5oYWd9Z0WnuKs4gDuuk1BduqG4L8E
9Sa3A8KXbx0OcHyNpsWc9rPIqV2wp2U=
-----END CERTIFICATE-----