Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33352e302f32342d3234203d3e203339353838.roa
File:                     3134372e32382e33352e302f32342d3234203d3e203339353838.roa (raw, json)
Hash identifier:          nKWYIYipy+kkS651LXio+ODafOv/pwV7WhCbd99QR+c=
Subject key identifier:   2E:11:E4:8B:90:08:B3:A9:29:FC:42:A9:42:5F:67:83:1C:C3:D2:62
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       57C25FE215C28313829D749BA1D22720F937FA37
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33352e302f32342d3234203d3e203339353838.roa
Signing time:             Fri 05 Jun 2026 12:30:55 +0000
ROA not before:           Fri 05 Jun 2026 12:25:55 +0000
ROA not after:            Fri 04 Jun 2027 12:30:55 +0000
asID:                     39588
IP address blocks:        147.28.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:c2:5f:e2:15:c2:83:13:82:9d:74:9b:a1:d2:27:20:f9:37:fa:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun  5 12:25:55 2026 GMT
            Not After : Jun  4 12:30:55 2027 GMT
        Subject: CN=2E11E48B9008B3A929FC42A9425F67831CC3D262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ce:c6:90:13:0d:d0:d6:db:ec:06:41:5a:f4:
                    d3:27:f0:e9:aa:b9:25:4f:69:b2:ce:db:75:63:41:
                    c3:8c:27:38:36:c6:d9:40:fc:c5:30:bb:a3:89:9b:
                    69:c9:07:b1:6e:56:1a:07:2e:c9:65:b8:bf:32:06:
                    38:66:ce:a9:a1:38:27:42:4b:bb:d6:c9:04:8d:ce:
                    f9:eb:05:bb:f6:39:ce:01:ff:3e:d6:7d:24:4d:3f:
                    03:d8:77:c8:82:63:89:22:6f:b6:92:22:51:07:e0:
                    0f:6d:22:eb:35:8c:71:61:2b:b7:b6:d6:51:84:23:
                    c4:d1:af:48:81:07:18:63:4c:54:45:11:76:6b:03:
                    73:92:f7:09:21:43:99:34:e8:cb:14:29:00:d5:d0:
                    94:5f:46:16:6b:a7:8a:d7:65:f6:6e:d6:a0:02:56:
                    cf:00:40:6c:43:ee:68:86:6d:0e:b1:74:c0:d8:2d:
                    12:80:20:d6:ad:75:2b:86:90:03:90:19:1f:e0:13:
                    ca:b6:c8:e3:9a:d1:52:bc:08:30:0a:b5:fb:2c:49:
                    65:1b:10:78:64:eb:c9:5b:c7:76:cd:9d:e3:bd:00:
                    da:2e:33:e9:1d:64:6c:e3:15:14:2f:e6:3c:d4:62:
                    0a:d0:b8:cc:b6:2f:00:5d:42:62:f7:56:6c:dc:cb:
                    21:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:11:E4:8B:90:08:B3:A9:29:FC:42:A9:42:5F:67:83:1C:C3:D2:62
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33352e302f32342d3234203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:5a:ac:be:70:fd:b9:ce:7d:b6:a6:78:0d:ee:75:e8:e9:3c:
         11:f3:77:cd:37:aa:35:ea:fa:5e:6d:4a:42:e0:1f:81:d4:ff:
         0f:13:3c:38:ee:0d:aa:00:cb:9b:e0:2e:a8:62:4c:26:8a:9e:
         cd:de:c3:c6:e9:6b:24:1a:5e:06:da:25:e5:e0:d3:dd:18:f8:
         45:bc:23:65:31:6e:2a:d4:4b:a2:83:ff:3a:b1:33:9b:75:78:
         59:81:0c:de:21:8a:bc:73:57:cc:fa:c2:3a:58:12:ef:d1:8e:
         d5:1f:14:a7:39:d4:02:c3:5e:d5:96:fd:ef:6f:3e:3a:17:4b:
         95:32:79:a0:fd:c3:7a:7c:4e:7d:95:6b:f3:06:20:82:8b:83:
         51:8e:1b:0b:17:6e:51:52:a8:ff:ca:2a:4a:fa:b5:d2:5d:15:
         5f:bb:b9:0e:4b:eb:3c:96:05:30:71:5c:3d:79:cb:c9:7c:05:
         7f:dc:0b:75:39:65:17:01:62:6d:30:e1:69:9e:0d:e2:f4:86:
         f1:4f:aa:ae:c3:d7:c4:fd:5f:d5:0c:7d:93:4d:72:c9:75:70:
         69:b9:05:fe:bd:f0:3c:e1:84:c1:e6:16:27:49:00:3a:24:b1:
         43:16:f7:e2:14:57:25:a3:ff:dc:f7:a4:b2:ab:6e:ec:2f:ad:
         09:31:1f:f6
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUV8Jf4hXCgxOCnXSbodInIPk3+jcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA2MDUxMjI1NTVaFw0yNzA2MDQxMjMwNTVaMDMxMTAvBgNV
BAMTKDJFMTFFNDhCOTAwOEIzQTkyOUZDNDJBOTQyNUY2NzgzMUNDM0QyNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDzsaQEw3Q1tvsBkFa9NMn8Omq
uSVPabLO23VjQcOMJzg2xtlA/MUwu6OJm2nJB7FuVhoHLslluL8yBjhmzqmhOCdC
S7vWyQSNzvnrBbv2Oc4B/z7WfSRNPwPYd8iCY4kib7aSIlEH4A9tIus1jHFhK7e2
1lGEI8TRr0iBBxhjTFRFEXZrA3OS9wkhQ5k06MsUKQDV0JRfRhZrp4rXZfZu1qAC
Vs8AQGxD7miGbQ6xdMDYLRKAINatdSuGkAOQGR/gE8q2yOOa0VK8CDAKtfssSWUb
EHhk68lbx3bNneO9ANouM+kdZGzjFRQv5jzUYgrQuMy2LwBdQmL3VmzcyyFLAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQULhHki5AIs6kp/EKpQl9ngxzD0mIwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMzM5MzUzODM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwjMA0GCSqGSIb3DQEBCwUAA4IBAQA/
Wqy+cP25zn22pngN7nXo6TwR83fNN6o16vpebUpC4B+B1P8PEzw47g2qAMub4C6o
Ykwmip7N3sPG6WskGl4G2iXl4NPdGPhFvCNlMW4q1Euig/86sTObdXhZgQzeIYq8
c1fM+sI6WBLv0Y7VHxSnOdQCw17Vlv3vbz46F0uVMnmg/cN6fE59lWvzBiCCi4NR
jhsLF25RUqj/yipK+rXSXRVfu7kOS+s8lgUwcVw9ecvJfAV/3At1OWUXAWJtMOFp
ng3i9IbxT6quw9fE/V/VDH2TTXLJdXBpuQX+vfA84YTB5hYnSQA6JLFDFvfiFFcl
o//c96Syq27sL60JMR/2
-----END CERTIFICATE-----