Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a393a3a2f34382d3438203d3e203136353039.roa
File:                     326130323a356265303a393a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          KfoLJLYXuYehIydd6Nw/zEmQvq4jvFP6AKOl52HGJL4=
Subject key identifier:   F3:73:41:56:84:BE:76:DB:8A:58:6D:54:8F:73:7C:FE:EF:E6:7C:8A
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       780B3B9C655573E4D1AECED754A65227638F9CC8
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a393a3a2f34382d3438203d3e203136353039.roa
Signing time:             Fri 17 May 2024 19:20:15 +0000
ROA not before:           Fri 17 May 2024 19:15:15 +0000
ROA not after:            Fri 16 May 2025 19:20:15 +0000
asID:                     16509
IP address blocks:        2a02:5be0:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:0b:3b:9c:65:55:73:e4:d1:ae:ce:d7:54:a6:52:27:63:8f:9c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: May 17 19:15:15 2024 GMT
            Not After : May 16 19:20:15 2025 GMT
        Subject: CN=F373415684BE76DB8A586D548F737CFEEFE67C8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:19:86:47:87:6e:7d:a1:c4:e8:77:8e:f3:ef:
                    5a:78:5e:78:40:02:49:52:f2:a5:e9:21:56:1e:7b:
                    1a:e5:ac:4a:4b:bf:81:b3:05:08:53:80:c1:61:6f:
                    1d:2c:d0:33:22:85:64:40:14:06:1b:76:cb:29:8f:
                    91:31:0e:83:17:86:44:be:bf:8c:34:e2:fa:e6:89:
                    a2:68:bb:32:b1:1c:ee:78:07:1e:17:ee:e8:99:45:
                    9f:57:eb:c8:07:f0:cd:14:c8:80:cf:fb:41:2b:c3:
                    9e:de:fe:ed:03:57:83:69:bb:41:bc:e2:88:25:70:
                    15:96:b8:d1:c2:c6:0d:ef:2a:00:80:33:ae:1e:49:
                    c0:40:69:17:21:c9:58:f8:50:ef:19:83:25:69:76:
                    9b:d5:7e:11:c8:31:5b:2e:0f:ac:fc:6b:c3:c0:7b:
                    87:98:a4:fd:5b:d8:8b:ea:02:59:c5:64:91:f6:3e:
                    ef:9a:26:56:9a:b3:87:73:97:b2:c1:92:19:03:39:
                    fc:c1:6b:56:70:ad:56:56:50:1d:28:69:56:03:75:
                    62:f6:e7:78:b2:96:04:8c:c6:43:f9:5e:0b:b0:75:
                    dc:63:ee:45:27:0b:0b:00:4a:e1:3c:0a:35:c0:e7:
                    f3:79:57:c0:d8:31:e3:0b:20:bb:be:55:e5:da:ba:
                    16:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:73:41:56:84:BE:76:DB:8A:58:6D:54:8F:73:7C:FE:EF:E6:7C:8A
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a393a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:d4:ec:07:a9:15:1c:0f:4d:0e:1e:fd:ea:f3:10:43:8d:1a:
         4a:63:d6:e8:8d:23:7a:24:d3:b0:6d:a1:be:a1:b6:d6:40:a5:
         a1:ba:b6:19:e0:7c:31:8a:ce:42:62:cf:da:f3:2b:11:9c:a5:
         54:8d:1f:1b:ec:88:f2:d6:4a:8e:33:61:58:ff:58:79:9d:fa:
         a8:67:0f:39:2f:d0:33:55:91:97:08:97:ee:7c:d6:89:5c:7a:
         e6:bb:e5:a3:17:02:95:01:80:3c:b4:6c:da:0b:d9:1a:24:01:
         45:b0:4d:15:b7:ee:c6:d5:f8:a5:ac:93:f5:4a:7b:ee:e2:4f:
         39:61:aa:50:e7:cd:fc:c4:2f:af:42:32:10:03:78:b7:aa:a8:
         ac:cf:b2:71:b7:39:f5:30:93:03:7b:9b:3b:3d:22:df:ef:c8:
         fa:d9:7d:ae:da:be:f3:4f:22:3f:22:9f:ed:71:f7:e3:a2:a9:
         74:27:00:6b:46:86:07:c7:f5:e5:66:ee:0c:e6:58:1b:99:c9:
         ef:cd:91:48:45:2b:49:1b:82:94:bf:fa:1f:46:1c:aa:6c:3b:
         b0:37:87:39:c0:96:3b:00:11:78:18:44:14:d2:af:3b:f9:74:
         0b:2c:70:f7:f4:ca:35:36:11:9f:49:98:f0:8b:cb:48:ff:06:
         23:1c:ac:4f
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUeAs7nGVVc+TRrs7XVKZSJ2OPnMgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA1MTcxOTE1MTVaFw0yNTA1MTYxOTIwMTVaMDMxMTAvBgNV
BAMTKEYzNzM0MTU2ODRCRTc2REI4QTU4NkQ1NDhGNzM3Q0ZFRUZFNjdDOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYGYZHh259ocTod47z71p4XnhA
AklS8qXpIVYeexrlrEpLv4GzBQhTgMFhbx0s0DMihWRAFAYbdsspj5ExDoMXhkS+
v4w04vrmiaJouzKxHO54Bx4X7uiZRZ9X68gH8M0UyIDP+0Erw57e/u0DV4Npu0G8
4oglcBWWuNHCxg3vKgCAM64eScBAaRchyVj4UO8ZgyVpdpvVfhHIMVsuD6z8a8PA
e4eYpP1b2IvqAlnFZJH2Pu+aJlaas4dzl7LBkhkDOfzBa1ZwrVZWUB0oaVYDdWL2
53iylgSMxkP5Xguwddxj7kUnCwsASuE8CjXA5/N5V8DYMeMLILu+VeXauha/AgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQU83NBVoS+dtuKWG1Uj3N8/u/mfIowHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzOTNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAkwDQYJKoZIhvcNAQEL
BQADggEBAHzU7AepFRwPTQ4e/erzEEONGkpj1uiNI3ok07Btob6httZApaG6thng
fDGKzkJiz9rzKxGcpVSNHxvsiPLWSo4zYVj/WHmd+qhnDzkv0DNVkZcIl+581olc
eua75aMXApUBgDy0bNoL2RokAUWwTRW37sbV+KWsk/VKe+7iTzlhqlDnzfzEL69C
MhADeLeqqKzPsnG3OfUwkwN7mzs9It/vyPrZfa7avvNPIj8in+1x9+OiqXQnAGtG
hgfH9eVm7gzmWBuZye/NkUhFK0kbgpS/+h9GHKpsO7A3hznAljsAEXgYRBTSrzv5
dAsscPf0yjU2EZ9JmPCLy0j/BiMcrE8=
-----END CERTIFICATE-----