Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a383a3a2f34382d3438203d3e203136353039.roa
File:                     326130323a356265303a383a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          wDc76PkJjcqPhwQSIqIeNi4HVq122fNQlDm48tiouqM=
Subject key identifier:   AD:7B:44:41:A8:9A:21:A7:D1:96:7A:EE:47:5A:4D:7C:71:30:AA:61
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       7C744E96A48F89CE5EC8F82D468BDA75FB1AD8ED
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a383a3a2f34382d3438203d3e203136353039.roa
Signing time:             Mon 04 Nov 2024 17:09:07 +0000
ROA not before:           Mon 04 Nov 2024 17:04:07 +0000
ROA not after:            Mon 03 Nov 2025 17:09:07 +0000
asID:                     16509
IP address blocks:        2a02:5be0:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:74:4e:96:a4:8f:89:ce:5e:c8:f8:2d:46:8b:da:75:fb:1a:d8:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Nov  4 17:04:07 2024 GMT
            Not After : Nov  3 17:09:07 2025 GMT
        Subject: CN=AD7B4441A89A21A7D1967AEE475A4D7C7130AA61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:75:2c:ae:4b:5a:ec:ae:a4:71:eb:9e:1a:49:
                    a2:77:6b:96:76:72:72:00:d2:f1:7a:ee:0b:03:f2:
                    d1:36:d5:0f:19:0b:7c:d1:cd:f0:3e:67:2a:e2:46:
                    da:2c:4b:25:64:b6:1c:c8:ef:19:65:16:84:94:fb:
                    bb:c6:4c:17:d7:4d:93:74:67:8c:8b:09:ff:7a:f8:
                    00:3c:3d:4e:7c:ce:91:f0:b9:ef:0b:64:97:1d:11:
                    71:da:61:85:62:16:c6:3f:ca:fa:0d:72:42:ac:aa:
                    f9:58:6e:be:06:da:a7:43:6d:71:66:e5:cd:7a:92:
                    37:d9:c1:08:98:87:84:2a:ad:04:78:c6:a5:21:3a:
                    f6:dc:56:08:49:9c:23:67:85:54:53:d6:4b:42:22:
                    eb:00:80:ab:69:ca:f6:61:fa:49:ad:1a:c6:67:0e:
                    7c:39:68:d6:f0:19:43:a7:b5:a4:fb:d4:1a:48:b8:
                    47:6a:b3:2e:38:d1:13:e8:1b:18:72:87:03:34:42:
                    64:ad:30:c6:de:44:19:69:51:d3:37:6a:3c:d6:7e:
                    91:1f:0d:42:cc:7b:b9:b4:2a:0b:43:41:15:c1:69:
                    72:60:c7:ff:2d:99:69:d0:78:5d:de:ee:d6:70:ab:
                    c0:2e:57:ff:ea:30:ba:8c:23:e0:3d:bc:5f:6e:a8:
                    ab:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:7B:44:41:A8:9A:21:A7:D1:96:7A:EE:47:5A:4D:7C:71:30:AA:61
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a383a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:7f:44:f2:12:c5:d3:03:37:1e:c2:d3:68:c9:20:1a:31:93:
         f9:40:a5:35:ab:ec:60:22:b6:4b:5d:43:32:d1:e0:18:64:04:
         bf:b6:d1:91:5f:c2:5f:e2:fe:36:20:07:ad:22:18:f4:fb:67:
         99:dc:e2:70:4c:01:36:ba:39:8c:d4:74:73:ab:78:72:e1:a1:
         de:dd:81:6d:06:6f:d0:c0:bb:d6:7c:90:83:45:e5:c4:8f:bb:
         7b:98:fe:d5:b0:58:1d:a7:24:e9:84:03:f7:fe:95:79:e1:c6:
         34:31:45:5c:a7:47:52:c8:1e:bb:59:fa:2c:b3:c7:f0:50:8b:
         98:70:9d:f9:2f:90:5f:00:87:ff:9a:c0:9f:07:ad:cf:d3:61:
         05:56:67:c8:eb:d5:c5:26:1d:dc:1c:cb:de:01:08:4e:ba:26:
         92:95:43:b9:25:93:06:27:9e:ce:d0:ab:df:ed:3f:8c:9e:35:
         10:c3:2a:8a:f0:7e:b5:cb:49:47:fb:b8:46:b3:6d:cb:21:c7:
         4f:fd:67:e1:fe:8f:57:d7:43:b5:e5:cd:4b:54:4c:0d:60:27:
         94:3a:6e:25:c8:b3:b5:4e:65:37:91:ae:ac:c5:ec:df:0f:2e:
         a8:99:ff:3a:97:38:8b:6d:52:df:0d:24:f4:86:cb:b1:ff:cd:
         a7:c4:fd:1f
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUfHROlqSPic5eyPgtRovadfsa2O0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDExMDQxNzA0MDdaFw0yNTExMDMxNzA5MDdaMDMxMTAvBgNV
BAMTKEFEN0I0NDQxQTg5QTIxQTdEMTk2N0FFRTQ3NUE0RDdDNzEzMEFBNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcdSyuS1rsrqRx654aSaJ3a5Z2
cnIA0vF67gsD8tE21Q8ZC3zRzfA+ZyriRtosSyVkthzI7xllFoSU+7vGTBfXTZN0
Z4yLCf96+AA8PU58zpHwue8LZJcdEXHaYYViFsY/yvoNckKsqvlYbr4G2qdDbXFm
5c16kjfZwQiYh4QqrQR4xqUhOvbcVghJnCNnhVRT1ktCIusAgKtpyvZh+kmtGsZn
Dnw5aNbwGUOntaT71BpIuEdqsy440RPoGxhyhwM0QmStMMbeRBlpUdM3ajzWfpEf
DULMe7m0KgtDQRXBaXJgx/8tmWnQeF3e7tZwq8AuV//qMLqMI+A9vF9uqKvdAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUrXtEQaiaIafRlnruR1pNfHEwqmEwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzODNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAgwDQYJKoZIhvcNAQEL
BQADggEBAAd/RPISxdMDNx7C02jJIBoxk/lApTWr7GAitktdQzLR4BhkBL+20ZFf
wl/i/jYgB60iGPT7Z5nc4nBMATa6OYzUdHOreHLhod7dgW0Gb9DAu9Z8kINF5cSP
u3uY/tWwWB2nJOmEA/f+lXnhxjQxRVynR1LIHrtZ+iyzx/BQi5hwnfkvkF8Ah/+a
wJ8Hrc/TYQVWZ8jr1cUmHdwcy94BCE66JpKVQ7klkwYnns7Qq9/tP4yeNRDDKorw
frXLSUf7uEazbcshx0/9Z+H+j1fXQ7XlzUtUTA1gJ5Q6biXIs7VOZTeRrqzF7N8P
LqiZ/zqXOIttUt8NJPSGy7H/zafE/R8=
-----END CERTIFICATE-----