Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230342e302f32342d3234203d3e203432343237.roa
File:                     3139332e372e3230342e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          q017TX6DmgwzPxxi9GThQ2kGNp2z5lVWdZZuLeMmgA8=
Subject key identifier:   F6:64:F1:E0:37:9E:16:B8:CA:FE:17:FC:72:41:20:D8:69:97:40:0C
Certificate issuer:       /CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
Certificate serial:       7208F7010BB1F7E1D4200456106DD909DAAE6C3C
Authority key identifier: 21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230342e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 05 Jun 2026 12:30:45 +0000
ROA not before:           Fri 05 Jun 2026 12:25:45 +0000
ROA not after:            Fri 04 Jun 2027 12:30:45 +0000
asID:                     42427
IP address blocks:        193.7.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:08:f7:01:0b:b1:f7:e1:d4:20:04:56:10:6d:d9:09:da:ae:6c:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
        Validity
            Not Before: Jun  5 12:25:45 2026 GMT
            Not After : Jun  4 12:30:45 2027 GMT
        Subject: CN=F664F1E0379E16B8CAFE17FC724120D86997400C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1e:63:26:01:03:c6:38:8b:df:86:bf:bd:fc:
                    46:90:4b:45:f2:8f:a6:f6:99:1d:72:36:68:62:b6:
                    38:f9:71:93:fd:8e:ee:3b:c9:87:fd:87:5f:c7:b1:
                    d8:4e:f3:f2:0c:39:06:ea:cf:62:35:ec:ae:f4:26:
                    cd:8b:f6:54:0a:28:71:19:af:a1:e1:3d:30:45:04:
                    6e:61:70:1e:97:64:84:ec:13:09:8e:73:21:5d:6c:
                    c2:c1:fa:8f:cd:26:62:4a:21:d4:0d:1c:56:9f:9b:
                    9b:13:55:80:27:46:d1:be:9f:c5:e5:5f:f5:e9:d9:
                    28:8c:b1:25:f0:0c:9b:17:b8:f4:b2:01:4c:db:45:
                    3a:21:87:63:ae:39:68:07:ed:1b:3d:d4:bc:5d:c5:
                    50:1b:29:71:c1:fa:90:5c:cc:d0:46:0b:19:fc:23:
                    00:ef:e7:dc:f2:d4:5b:1e:1b:7a:47:e4:ff:c2:dd:
                    6b:e4:6c:c1:2b:1a:64:db:a8:ac:3b:39:ea:42:15:
                    c6:11:0a:67:f6:c2:78:5a:3e:48:8c:53:78:86:7e:
                    59:ea:f4:be:36:e1:97:4e:0b:ff:ed:5d:14:aa:a1:
                    6f:cf:58:ee:f9:52:67:b8:19:9d:50:4c:49:88:50:
                    64:bb:90:d8:63:9f:64:2f:75:d7:d9:f5:20:16:01:
                    b6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:64:F1:E0:37:9E:16:B8:CA:FE:17:FC:72:41:20:D8:69:97:40:0C
            X509v3 Authority Key Identifier:
                keyid:21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230342e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:82:63:d3:07:91:43:73:db:bc:1f:2f:f0:a6:ec:c7:e5:98:
         7c:01:a7:a3:c5:2e:b5:0a:80:89:9e:1e:79:68:30:1f:64:c0:
         35:84:5f:0c:6f:6e:54:30:ee:b6:80:8c:d1:15:c9:98:10:fb:
         54:17:f6:aa:50:89:f2:0c:0f:7f:47:6c:c3:ea:b1:ea:45:bc:
         4c:41:f3:d9:52:6d:cd:a7:86:55:be:e0:1c:a5:c1:8b:34:cf:
         78:c5:26:98:d0:39:26:6f:3d:96:03:71:11:cf:86:a6:dc:62:
         33:7b:3e:d8:b1:6d:e3:60:0b:7f:1b:73:18:2d:46:ab:23:b9:
         ed:53:a5:ed:2d:dd:94:d6:6a:c7:a9:4e:c0:58:d8:ac:55:f0:
         1f:c8:ad:64:be:fd:8f:7a:b3:3c:e4:34:6e:3f:4e:d3:93:ee:
         74:da:3c:98:f1:ca:25:32:c2:af:04:c3:e1:11:9f:3e:14:e3:
         55:5c:7b:3e:b7:b9:10:48:da:ad:9d:bf:2d:65:31:fe:01:0e:
         24:6a:6f:24:02:b7:2c:3e:8a:25:fe:ae:c7:9a:a6:9a:d6:1b:
         23:4c:6f:03:c1:72:93:93:68:ed:07:5a:b6:9f:a7:07:aa:7c:
         7e:ff:c4:31:ea:ca:a8:a9:1e:fd:fa:7d:c4:a4:b7:76:c9:a5:
         76:21:51:b5
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUcgj3AQux9+HUIARWEG3ZCdqubDwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjExYTA0ODg5MDk2OWZhN2Q0YjZhZWY4YzAyMGNkYTQ0
NDRlYzJlNTAeFw0yNjA2MDUxMjI1NDVaFw0yNzA2MDQxMjMwNDVaMDMxMTAvBgNV
BAMTKEY2NjRGMUUwMzc5RTE2QjhDQUZFMTdGQzcyNDEyMEQ4Njk5NzQwMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8HmMmAQPGOIvfhr+9/EaQS0Xy
j6b2mR1yNmhitjj5cZP9ju47yYf9h1/HsdhO8/IMOQbqz2I17K70Js2L9lQKKHEZ
r6HhPTBFBG5hcB6XZITsEwmOcyFdbMLB+o/NJmJKIdQNHFafm5sTVYAnRtG+n8Xl
X/Xp2SiMsSXwDJsXuPSyAUzbRTohh2OuOWgH7Rs91LxdxVAbKXHB+pBczNBGCxn8
IwDv59zy1FseG3pH5P/C3WvkbMErGmTbqKw7OepCFcYRCmf2wnhaPkiMU3iGflnq
9L424ZdOC//tXRSqoW/PWO75Ume4GZ1QTEmIUGS7kNhjn2QvddfZ9SAWAbZfAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQU9mTx4DeeFrjK/hf8ckEg2GmXQAwwHwYDVR0j
BBgwFoAUIRoEiJCWn6fUtq74wCDNpEROwuUwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzIvMjExQTA0ODg5MDk2OUZBN0Q0QjZBRUY4QzAyMENE
QTQ0NDRFQzJFNS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lSb0VpSkNXbjZm
VXRxNzR3Q0ROcEVST3d1VS5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMi8zMTM5MzMyZTM3MmUzMjMwMzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQfMMA0GCSqGSIb3DQEBCwUAA4IBAQCX
gmPTB5FDc9u8Hy/wpuzH5Zh8AaejxS61CoCJnh55aDAfZMA1hF8Mb25UMO62gIzR
FcmYEPtUF/aqUInyDA9/R2zD6rHqRbxMQfPZUm3Np4ZVvuAcpcGLNM94xSaY0Dkm
bz2WA3ERz4am3GIzez7YsW3jYAt/G3MYLUarI7ntU6XtLd2U1mrHqU7AWNisVfAf
yK1kvv2PerM85DRuP07Tk+502jyY8colMsKvBMPhEZ8+FONVXHs+t7kQSNqtnb8t
ZTH+AQ4kam8kArcsPool/q7Hmqaa1hsjTG8DwXKTk2jtB1q2n6cHqnx+/8Qx6sqo
qR79+n3EpLd2yaV2IVG1
-----END CERTIFICATE-----