Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230352e302f32342d3234203d3e203432343237.roa
File:                     3139332e372e3230352e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          Shflmw47f/M08AdH9AVMRrDOyY+8FNWh8sdfintkJxM=
Subject key identifier:   63:B8:B6:B7:41:0A:25:56:6A:D9:BF:86:F0:53:EC:4D:DF:87:9F:0A
Certificate issuer:       /CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
Certificate serial:       1D7C845A9A5B3ACE6C00EA88A67B4E63906481BE
Authority key identifier: 21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230352e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 05 Jun 2026 12:30:45 +0000
ROA not before:           Fri 05 Jun 2026 12:25:45 +0000
ROA not after:            Fri 04 Jun 2027 12:30:45 +0000
asID:                     42427
IP address blocks:        193.7.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:7c:84:5a:9a:5b:3a:ce:6c:00:ea:88:a6:7b:4e:63:90:64:81:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
        Validity
            Not Before: Jun  5 12:25:45 2026 GMT
            Not After : Jun  4 12:30:45 2027 GMT
        Subject: CN=63B8B6B7410A25566AD9BF86F053EC4DDF879F0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ef:8b:10:dd:81:a7:19:2d:b4:54:a1:f2:36:
                    67:20:ce:02:fd:ed:3c:ff:53:96:da:d1:bf:0b:99:
                    5a:27:1c:5a:f1:6c:72:22:56:63:5e:a7:50:33:5f:
                    b6:99:c6:c5:ce:48:92:89:ed:c1:a1:13:7f:07:11:
                    aa:b8:b7:e5:a9:5c:6f:93:10:fe:40:5e:ef:5f:57:
                    8f:74:16:f5:72:24:b0:ec:8e:cd:38:f2:54:65:53:
                    f6:f8:5e:f7:b8:2b:e2:06:2e:51:7b:e1:50:fa:c0:
                    c9:90:a1:ee:c4:9f:09:bb:15:d6:83:71:bb:c9:25:
                    5a:b1:da:85:3c:aa:ac:b7:29:24:dd:30:37:2c:11:
                    30:f3:dd:a9:27:45:47:b8:f2:aa:4e:5a:f3:59:25:
                    e8:63:17:97:87:34:01:d1:25:74:e3:96:2a:5c:39:
                    b9:96:6a:62:1a:99:40:6f:c6:15:6c:91:e4:9a:8d:
                    45:9a:6f:fb:3f:ac:d9:08:f6:95:41:a1:f7:9a:a7:
                    b9:84:40:d7:3e:b9:a5:80:a6:6d:12:4b:00:a5:fd:
                    1e:ce:20:cb:31:89:34:dc:28:f9:f7:cc:57:5b:ac:
                    37:1f:50:98:2e:f4:32:d0:e5:8b:65:fa:b9:44:81:
                    ad:24:89:54:f4:07:5a:fa:5d:99:0f:65:4d:c3:28:
                    e2:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B8:B6:B7:41:0A:25:56:6A:D9:BF:86:F0:53:EC:4D:DF:87:9F:0A
            X509v3 Authority Key Identifier:
                keyid:21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230352e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:0a:28:e4:28:79:48:1c:80:9d:28:ad:26:ce:ed:15:b5:a8:
         b5:bc:68:23:5c:49:d4:3b:14:b8:61:47:97:bd:c7:c6:94:01:
         fc:42:d6:61:c3:a2:f3:41:8a:a3:bf:0a:5a:fb:a1:80:bb:31:
         32:b5:02:2b:ab:17:c6:4f:b3:57:48:79:76:e6:42:38:a1:c3:
         7d:1f:87:f1:57:04:95:bb:36:7f:f1:fe:7a:45:c1:83:39:ef:
         99:34:1a:9f:d1:4a:92:51:6d:31:5c:69:74:e3:3a:96:1b:ba:
         b7:b8:66:23:04:6a:c0:e9:25:8a:56:75:cc:c2:e6:14:44:02:
         e1:65:f6:f0:28:37:cb:c7:3d:8d:64:9e:51:94:d6:61:5d:65:
         05:c3:1d:68:6e:e8:f6:ff:4a:a5:46:f4:b5:04:bf:90:0a:3b:
         8d:50:c0:25:9c:53:fd:77:9a:ed:99:97:cb:72:46:ca:6b:7e:
         cc:e1:de:99:c2:ea:37:ba:5b:7c:bc:82:d5:b0:63:16:0f:03:
         d3:09:19:08:1b:b3:5e:cb:60:69:bf:d3:9c:54:9b:cb:6f:53:
         53:1a:92:98:01:50:c7:78:25:89:e6:bf:31:f9:9e:54:45:da:
         e1:e2:a4:bd:fc:37:39:10:13:7c:ac:ba:92:cc:7f:2b:a5:42:
         66:43:1d:8f
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUHXyEWppbOs5sAOqIpntOY5Bkgb4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjExYTA0ODg5MDk2OWZhN2Q0YjZhZWY4YzAyMGNkYTQ0
NDRlYzJlNTAeFw0yNjA2MDUxMjI1NDVaFw0yNzA2MDQxMjMwNDVaMDMxMTAvBgNV
BAMTKDYzQjhCNkI3NDEwQTI1NTY2QUQ5QkY4NkYwNTNFQzREREY4NzlGMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg74sQ3YGnGS20VKHyNmcgzgL9
7Tz/U5ba0b8LmVonHFrxbHIiVmNep1AzX7aZxsXOSJKJ7cGhE38HEaq4t+WpXG+T
EP5AXu9fV490FvVyJLDsjs048lRlU/b4Xve4K+IGLlF74VD6wMmQoe7Enwm7FdaD
cbvJJVqx2oU8qqy3KSTdMDcsETDz3aknRUe48qpOWvNZJehjF5eHNAHRJXTjlipc
ObmWamIamUBvxhVskeSajUWab/s/rNkI9pVBofeap7mEQNc+uaWApm0SSwCl/R7O
IMsxiTTcKPn3zFdbrDcfUJgu9DLQ5Ytl+rlEga0kiVT0B1r6XZkPZU3DKOJdAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUY7i2t0EKJVZq2b+G8FPsTd+HnwowHwYDVR0j
BBgwFoAUIRoEiJCWn6fUtq74wCDNpEROwuUwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzIvMjExQTA0ODg5MDk2OUZBN0Q0QjZBRUY4QzAyMENE
QTQ0NDRFQzJFNS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lSb0VpSkNXbjZm
VXRxNzR3Q0ROcEVST3d1VS5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMi8zMTM5MzMyZTM3MmUzMjMwMzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQfNMA0GCSqGSIb3DQEBCwUAA4IBAQBw
CijkKHlIHICdKK0mzu0Vtai1vGgjXEnUOxS4YUeXvcfGlAH8QtZhw6LzQYqjvwpa
+6GAuzEytQIrqxfGT7NXSHl25kI4ocN9H4fxVwSVuzZ/8f56RcGDOe+ZNBqf0UqS
UW0xXGl04zqWG7q3uGYjBGrA6SWKVnXMwuYURALhZfbwKDfLxz2NZJ5RlNZhXWUF
wx1obuj2/0qlRvS1BL+QCjuNUMAlnFP9d5rtmZfLckbKa37M4d6Zwuo3ult8vILV
sGMWDwPTCRkIG7Ney2Bpv9OcVJvLb1NTGpKYAVDHeCWJ5r8x+Z5URdrh4qS9/Dc5
EBN8rLqSzH8rpUJmQx2P
-----END CERTIFICATE-----