Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa
File:                     3139332e372e3230372e302f32342d3234203d3e203630343932.roa (raw, json)
Hash identifier:          tvXhFsRYtiC3kIwxPbAszsmESvosb1sxqOklTTpLUA4=
Subject key identifier:   40:94:31:57:C8:8A:BB:3D:97:C7:E7:44:74:AE:DE:79:DC:E6:63:B4
Certificate issuer:       /CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
Certificate serial:       0B0AC077F5C1715EA13963E0F6F5F9C1C514F7CB
Authority key identifier: 21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa
Signing time:             Fri 05 Jun 2026 12:30:45 +0000
ROA not before:           Fri 05 Jun 2026 12:25:45 +0000
ROA not after:            Fri 04 Jun 2027 12:30:45 +0000
asID:                     60492
IP address blocks:        193.7.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:0a:c0:77:f5:c1:71:5e:a1:39:63:e0:f6:f5:f9:c1:c5:14:f7:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
        Validity
            Not Before: Jun  5 12:25:45 2026 GMT
            Not After : Jun  4 12:30:45 2027 GMT
        Subject: CN=40943157C88ABB3D97C7E74474AEDE79DCE663B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e3:a8:73:db:88:ef:a0:6c:90:da:99:55:d8:
                    32:96:44:a6:5c:0a:db:29:2f:2c:37:2f:5a:bd:54:
                    d1:a4:d9:11:13:ad:f1:b7:f4:df:5d:f9:be:fc:01:
                    6e:67:31:7d:72:23:4b:f8:70:bd:81:8f:aa:4a:af:
                    e6:11:92:7b:e5:e1:19:57:7e:08:dd:b7:a9:d2:e3:
                    0d:2f:db:27:1f:99:29:03:36:92:0c:e6:7d:4a:df:
                    81:f5:1f:63:ec:11:7a:6a:fd:00:d4:7a:af:b8:3a:
                    34:67:4f:c3:eb:37:7f:20:bf:65:d9:39:41:52:57:
                    d4:a5:5b:5a:9b:1e:59:d2:a1:61:f7:81:a3:46:a0:
                    5f:81:1d:fd:8f:54:2e:00:2c:e7:03:9e:e9:9b:c1:
                    e9:81:4c:6b:a0:bd:40:a7:21:9c:5a:aa:ea:f5:47:
                    37:bd:f5:2f:67:6e:7c:d4:16:03:7f:0b:23:5c:f0:
                    52:a5:2f:ec:c1:2c:15:c5:d5:19:e9:da:9e:c2:9c:
                    15:b8:e3:aa:37:21:ac:b5:d0:a3:13:d8:4e:d5:f8:
                    17:ab:d2:cc:25:b8:f0:21:7f:63:0e:dc:10:50:12:
                    fe:9e:05:4b:20:6d:d2:85:e2:fa:22:e2:ad:f3:7f:
                    e8:db:94:92:b0:06:30:f1:f9:58:00:79:97:28:cf:
                    7f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:94:31:57:C8:8A:BB:3D:97:C7:E7:44:74:AE:DE:79:DC:E6:63:B4
            X509v3 Authority Key Identifier:
                keyid:21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:d0:ac:65:3f:05:7b:98:f9:24:72:91:b9:fd:e0:b2:ae:bc:
         c4:60:43:05:8e:17:6c:b3:6b:08:91:24:2a:1c:e4:70:fe:b5:
         2e:29:df:f1:8a:b1:12:c2:13:18:5f:c7:2d:e2:5d:bc:b2:a9:
         12:c7:a5:63:8f:6b:06:66:03:70:f6:16:1a:d2:0c:2a:d4:8a:
         a1:98:68:66:a2:d2:ac:20:c6:cd:f2:51:a3:30:17:98:29:1e:
         f8:8c:4b:a3:c7:ee:96:1b:93:39:1e:c9:46:32:4b:5f:64:5d:
         2c:84:32:3f:b4:1b:8b:49:6f:63:57:24:af:51:e4:23:6b:38:
         b6:c2:63:a8:e8:94:7a:b1:fd:b5:d5:1c:fd:44:66:68:fc:af:
         ca:32:dd:88:45:e2:24:38:ee:66:56:43:d2:2b:e4:9f:02:92:
         33:dc:e8:28:1e:8f:5e:00:89:00:08:24:71:c6:b0:44:78:83:
         34:80:23:f1:c4:b8:20:a0:bb:e8:9c:68:e3:2c:92:f7:42:ee:
         70:1b:46:e4:b6:0f:9e:16:dc:62:f1:e2:43:4d:8d:c9:c0:bf:
         8e:7c:83:f6:36:1a:a1:46:a3:a2:aa:a7:25:2c:12:ea:fe:56:
         77:1a:29:fe:ef:66:36:7e:5d:32:0e:3a:4c:62:80:d3:dc:12:
         a0:39:c2:ff
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUCwrAd/XBcV6hOWPg9vX5wcUU98swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjExYTA0ODg5MDk2OWZhN2Q0YjZhZWY4YzAyMGNkYTQ0
NDRlYzJlNTAeFw0yNjA2MDUxMjI1NDVaFw0yNzA2MDQxMjMwNDVaMDMxMTAvBgNV
BAMTKDQwOTQzMTU3Qzg4QUJCM0Q5N0M3RTc0NDc0QUVERTc5RENFNjYzQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF46hz24jvoGyQ2plV2DKWRKZc
CtspLyw3L1q9VNGk2RETrfG39N9d+b78AW5nMX1yI0v4cL2Bj6pKr+YRknvl4RlX
fgjdt6nS4w0v2ycfmSkDNpIM5n1K34H1H2PsEXpq/QDUeq+4OjRnT8PrN38gv2XZ
OUFSV9SlW1qbHlnSoWH3gaNGoF+BHf2PVC4ALOcDnumbwemBTGugvUCnIZxaqur1
Rze99S9nbnzUFgN/CyNc8FKlL+zBLBXF1Rnp2p7CnBW446o3Iay10KMT2E7V+Ber
0swluPAhf2MO3BBQEv6eBUsgbdKF4voi4q3zf+jblJKwBjDx+VgAeZcoz3/zAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUQJQxV8iKuz2Xx+dEdK7eedzmY7QwHwYDVR0j
BBgwFoAUIRoEiJCWn6fUtq74wCDNpEROwuUwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzIvMjExQTA0ODg5MDk2OUZBN0Q0QjZBRUY4QzAyMENE
QTQ0NDRFQzJFNS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lSb0VpSkNXbjZm
VXRxNzR3Q0ROcEVST3d1VS5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMi8zMTM5MzMyZTM3MmUzMjMwMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNjMwMzQzOTMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQfPMA0GCSqGSIb3DQEBCwUAA4IBAQCP
0KxlPwV7mPkkcpG5/eCyrrzEYEMFjhdss2sIkSQqHORw/rUuKd/xirESwhMYX8ct
4l28sqkSx6Vjj2sGZgNw9hYa0gwq1IqhmGhmotKsIMbN8lGjMBeYKR74jEujx+6W
G5M5HslGMktfZF0shDI/tBuLSW9jVySvUeQjazi2wmOo6JR6sf211Rz9RGZo/K/K
Mt2IReIkOO5mVkPSK+SfApIz3OgoHo9eAIkACCRxxrBEeIM0gCPxxLggoLvonGjj
LJL3Qu5wG0bktg+eFtxi8eJDTY3JwL+OfIP2NhqhRqOiqqclLBLq/lZ3Gin+72Y2
fl0yDjpMYoDT3BKgOcL/
-----END CERTIFICATE-----