Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a383a3a2f34382d3438203d3e203134363138.roa
File:                     326130323a356265303a383a3a2f34382d3438203d3e203134363138.roa (raw, json)
Hash identifier:          QkkkE1sKnR03mL6G3P+bNhA+CAC1ng9Nu19uhHSN/aQ=
Subject key identifier:   78:02:93:6B:8C:B6:47:3B:B2:4D:6A:B0:25:B2:99:8C:28:70:CF:AB
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       62C662CDD746B235E9C5153CEF0F3DDE0AC8AF11
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a383a3a2f34382d3438203d3e203134363138.roa
Signing time:             Mon 04 Dec 2023 16:53:52 +0000
ROA not before:           Mon 04 Dec 2023 16:48:52 +0000
ROA not after:            Mon 02 Dec 2024 16:53:52 +0000
asID:                     14618
IP address blocks:        2a02:5be0:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:c6:62:cd:d7:46:b2:35:e9:c5:15:3c:ef:0f:3d:de:0a:c8:af:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Dec  4 16:48:52 2023 GMT
            Not After : Dec  2 16:53:52 2024 GMT
        Subject: CN=7802936B8CB6473BB24D6AB025B2998C2870CFAB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:8d:d6:a8:58:5c:e3:97:c2:5a:40:5a:02:78:
                    39:1d:8a:e9:9d:3b:f6:39:d5:b2:0b:96:12:ba:63:
                    0a:86:1e:ae:0b:3d:fc:e7:87:07:36:fa:db:46:8e:
                    3a:1a:a1:cb:bc:21:f5:00:29:57:95:10:36:13:44:
                    c6:ce:1e:71:f3:93:ff:0d:66:62:19:67:51:1e:47:
                    81:07:02:41:28:9c:40:00:3e:9a:b3:e2:30:4e:94:
                    e9:1a:d6:ba:37:af:ed:05:d3:19:62:79:f4:22:34:
                    30:4f:7b:05:47:8a:2b:63:af:3f:0f:ef:36:76:7a:
                    df:f6:95:ff:91:a1:c7:22:07:ee:a9:79:68:12:d0:
                    28:07:30:d1:3b:a1:8e:dd:06:65:54:fb:52:da:b8:
                    59:56:8e:03:99:57:43:40:12:9c:05:bb:e3:7a:f5:
                    9f:13:c2:ff:63:33:fb:97:87:67:22:30:2f:bf:41:
                    d3:97:17:f2:12:fa:01:6d:21:9d:d1:7d:ac:ca:fa:
                    e5:7a:59:d8:3a:fe:69:28:ec:f2:df:a4:84:93:10:
                    d0:9e:95:f7:7d:db:97:4b:ac:b5:06:7e:af:36:af:
                    84:c2:3c:52:74:48:6b:c2:45:c2:15:85:d9:62:88:
                    f4:94:48:77:49:d3:99:72:a6:9c:07:6f:d4:98:94:
                    8c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:02:93:6B:8C:B6:47:3B:B2:4D:6A:B0:25:B2:99:8C:28:70:CF:AB
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a383a3a2f34382d3438203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:95:af:33:53:41:33:c9:0c:91:61:e6:03:35:5c:aa:3a:97:
         ac:88:5c:ad:ea:b3:8e:d8:a9:b5:60:e4:fa:c7:87:fa:5e:a9:
         7b:96:ef:fb:30:a3:51:d5:99:d0:83:d1:cd:f7:86:20:0e:ab:
         49:d4:3f:5e:99:fc:65:bc:01:c1:6e:db:2f:21:9e:66:04:bc:
         de:91:67:1e:1d:e4:c3:4a:c8:f5:d6:dc:5a:fb:08:cf:92:03:
         f1:fc:c9:b8:f2:b6:2d:29:81:cc:1d:39:8b:d8:9d:45:62:4d:
         6a:b8:e6:de:12:2c:cb:46:f6:65:3f:95:7e:bf:6b:40:4c:95:
         ff:a5:03:67:ff:27:26:d3:03:db:94:81:ae:4d:4d:a3:f1:ad:
         28:96:7b:c1:df:85:d2:f7:96:19:eb:94:cf:e2:8e:fa:e2:63:
         66:42:53:51:bb:ea:df:16:40:60:13:ec:d8:10:47:d6:d8:ce:
         7a:07:fc:ae:91:10:d6:08:27:a4:ba:55:ae:12:04:61:56:8a:
         2b:b2:25:f9:7e:66:c1:8a:10:05:da:32:d0:c2:ec:7b:8c:c5:
         39:46:1b:a1:1d:5d:e0:90:ff:4a:e9:73:91:c3:5f:a3:fc:f4:
         d3:04:03:8a:82:46:38:04:3a:7f:51:da:31:98:23:d7:a5:f5:
         df:0e:49:68
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUYsZizddGsjXpxRU87w893grIrxEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzEyMDQxNjQ4NTJaFw0yNDEyMDIxNjUzNTJaMDMxMTAvBgNV
BAMTKDc4MDI5MzZCOENCNjQ3M0JCMjRENkFCMDI1QjI5OThDMjg3MENGQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbjdaoWFzjl8JaQFoCeDkdiumd
O/Y51bILlhK6YwqGHq4LPfznhwc2+ttGjjoaocu8IfUAKVeVEDYTRMbOHnHzk/8N
ZmIZZ1EeR4EHAkEonEAAPpqz4jBOlOka1ro3r+0F0xliefQiNDBPewVHiitjrz8P
7zZ2et/2lf+RocciB+6peWgS0CgHMNE7oY7dBmVU+1LauFlWjgOZV0NAEpwFu+N6
9Z8Twv9jM/uXh2ciMC+/QdOXF/IS+gFtIZ3RfazK+uV6Wdg6/mko7PLfpISTENCe
lfd925dLrLUGfq82r4TCPFJ0SGvCRcIVhdliiPSUSHdJ05lyppwHb9SYlIylAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUeAKTa4y2RzuyTWqwJbKZjChwz6swHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzODNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzQzNjMxMzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAgwDQYJKoZIhvcNAQEL
BQADggEBAB+VrzNTQTPJDJFh5gM1XKo6l6yIXK3qs47YqbVg5PrHh/peqXuW7/sw
o1HVmdCD0c33hiAOq0nUP16Z/GW8AcFu2y8hnmYEvN6RZx4d5MNKyPXW3Fr7CM+S
A/H8ybjyti0pgcwdOYvYnUViTWq45t4SLMtG9mU/lX6/a0BMlf+lA2f/JybTA9uU
ga5NTaPxrSiWe8HfhdL3lhnrlM/ijvriY2ZCU1G76t8WQGAT7NgQR9bYznoH/K6R
ENYIJ6S6Va4SBGFWiiuyJfl+ZsGKEAXaMtDC7HuMxTlGG6EdXeCQ/0rpc5HDX6P8
9NMEA4qCRjgEOn9R2jGYI9el9d8OSWg=
-----END CERTIFICATE-----