Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a383a3a2f34382d3438203d3e203136353039.roa
File:                     326130323a356265303a383a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          PkUtiblmGuqI7cOmjMYbdSXlr7bqswR/Z7B00ms2WAI=
Subject key identifier:   20:43:42:98:7E:75:1A:B4:8A:F6:3B:39:B1:75:14:44:04:F6:92:A9
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       1A1A807E6D1717ED477130F72B0359F17547A018
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a383a3a2f34382d3438203d3e203136353039.roa
Signing time:             Mon 04 Dec 2023 16:53:40 +0000
ROA not before:           Mon 04 Dec 2023 16:48:40 +0000
ROA not after:            Mon 02 Dec 2024 16:53:40 +0000
asID:                     16509
IP address blocks:        2a02:5be0:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:1a:80:7e:6d:17:17:ed:47:71:30:f7:2b:03:59:f1:75:47:a0:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Dec  4 16:48:40 2023 GMT
            Not After : Dec  2 16:53:40 2024 GMT
        Subject: CN=204342987E751AB48AF63B39B175144404F692A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d0:ab:48:dd:d9:c0:ad:12:e2:83:9a:dd:5d:
                    b7:fe:14:98:a8:5c:d1:d1:2a:a0:70:3e:7e:4b:ed:
                    ed:80:15:c0:bd:fc:2b:2d:4f:1e:3b:e8:1e:f8:c6:
                    fe:a2:3c:cc:2c:e9:e7:08:e7:58:7f:de:e2:67:52:
                    2c:4f:02:0a:b7:82:5f:e6:65:a1:19:26:42:a1:3a:
                    c8:68:4d:32:58:52:4d:f8:e8:3c:05:e9:6a:93:f5:
                    f1:78:53:35:16:58:83:d2:44:56:c0:00:56:be:a9:
                    8d:55:b3:83:e5:19:3b:3f:de:14:b3:d8:0f:e2:d2:
                    ec:8a:6c:cd:96:1b:3f:72:0f:8e:08:ee:68:09:4c:
                    f6:23:59:75:85:50:50:dd:9c:f2:33:54:3b:f5:4f:
                    f0:96:a9:b2:be:a9:fb:9e:41:2e:2f:d9:2e:f0:65:
                    9f:bb:44:82:70:5d:0e:52:c0:8e:65:67:21:3e:65:
                    5e:f1:59:45:9a:18:3a:85:85:e5:81:a3:a8:6f:9c:
                    3c:c5:d5:44:eb:9b:7b:c4:47:24:d6:49:7b:e7:0c:
                    ad:1d:60:99:d2:b9:46:9c:e1:9e:f7:13:46:4d:a0:
                    49:eb:80:8e:80:8f:b5:65:05:df:1f:05:99:1e:09:
                    a1:2c:5f:64:2a:6a:54:dd:ad:e7:e1:1f:d2:9f:cf:
                    2b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:43:42:98:7E:75:1A:B4:8A:F6:3B:39:B1:75:14:44:04:F6:92:A9
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a383a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:4d:4f:a9:b7:5a:f4:e9:06:7f:8e:19:68:c9:99:cf:b2:bd:
         19:e7:25:1d:60:ae:55:44:83:60:23:ea:b3:b9:d3:84:a8:fb:
         49:29:d5:0e:64:17:5d:70:9b:85:53:12:8b:6c:10:ae:39:22:
         f2:ec:91:74:ef:54:85:59:09:99:0d:5f:3f:f4:a9:1e:9e:e3:
         74:ff:3f:04:29:10:34:fd:be:20:23:32:df:aa:b6:c9:33:78:
         e2:7f:49:fe:78:0b:af:37:6c:13:8f:f6:f6:ba:36:89:f5:59:
         09:4e:c8:d6:76:2d:1d:2e:07:1f:1c:08:ee:8f:1f:8e:15:93:
         37:89:61:7c:bf:6c:c4:8f:a2:f3:14:fd:e5:83:50:ad:e2:6f:
         0a:05:86:14:12:a8:2a:bc:c6:24:36:e3:80:d6:23:9f:03:0c:
         78:3f:fa:af:4f:2c:3b:c4:0d:be:56:ea:e0:ce:00:ac:a6:ea:
         49:ea:b2:f1:36:e4:25:9f:72:79:9b:a9:6c:9a:6b:06:54:cc:
         49:54:d3:68:2f:00:19:20:4b:b5:bb:dc:68:d1:9f:b4:d4:7f:
         a0:70:b5:3c:d3:2f:c1:c8:26:18:7c:d9:47:37:4a:98:7c:50:
         03:d7:55:45:83:c7:a3:ca:e5:cd:d2:b9:d5:0d:d3:62:ca:72:
         9c:09:52:86
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUGhqAfm0XF+1HcTD3KwNZ8XVHoBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzEyMDQxNjQ4NDBaFw0yNDEyMDIxNjUzNDBaMDMxMTAvBgNV
BAMTKDIwNDM0Mjk4N0U3NTFBQjQ4QUY2M0IzOUIxNzUxNDQ0MDRGNjkyQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR0KtI3dnArRLig5rdXbf+FJio
XNHRKqBwPn5L7e2AFcC9/CstTx476B74xv6iPMws6ecI51h/3uJnUixPAgq3gl/m
ZaEZJkKhOshoTTJYUk346DwF6WqT9fF4UzUWWIPSRFbAAFa+qY1Vs4PlGTs/3hSz
2A/i0uyKbM2WGz9yD44I7mgJTPYjWXWFUFDdnPIzVDv1T/CWqbK+qfueQS4v2S7w
ZZ+7RIJwXQ5SwI5lZyE+ZV7xWUWaGDqFheWBo6hvnDzF1UTrm3vERyTWSXvnDK0d
YJnSuUac4Z73E0ZNoEnrgI6Aj7VlBd8fBZkeCaEsX2QqalTdrefhH9Kfzyv5AgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUIENCmH51GrSK9js5sXUURAT2kqkwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzODNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAgwDQYJKoZIhvcNAQEL
BQADggEBAFVNT6m3WvTpBn+OGWjJmc+yvRnnJR1grlVEg2Aj6rO504So+0kp1Q5k
F11wm4VTEotsEK45IvLskXTvVIVZCZkNXz/0qR6e43T/PwQpEDT9viAjMt+qtskz
eOJ/Sf54C683bBOP9va6Non1WQlOyNZ2LR0uBx8cCO6PH44VkzeJYXy/bMSPovMU
/eWDUK3ibwoFhhQSqCq8xiQ244DWI58DDHg/+q9PLDvEDb5W6uDOAKym6knqsvE2
5CWfcnmbqWyaawZUzElU02gvABkgS7W73GjRn7TUf6BwtTzTL8HIJhh82Uc3Sph8
UAPXVUWDx6PK5c3SudUN02LKcpwJUoY=
-----END CERTIFICATE-----