Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33362e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          ifm2eCDnU2DiLswlvsuIhJKogwdgmULt+3Exnz+1+vU=
Subject key identifier:   41:6D:0D:F1:CF:06:15:DC:E5:E2:4E:06:B1:63:C0:72:BD:91:2B:C7
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       68FB896F72DAA6E7B30472A84BE47DE74EB8A648
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203136353039.roa
Signing time:             Fri 05 Jun 2026 12:30:54 +0000
ROA not before:           Fri 05 Jun 2026 12:25:54 +0000
ROA not after:            Fri 04 Jun 2027 12:30:54 +0000
asID:                     16509
IP address blocks:        147.28.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:fb:89:6f:72:da:a6:e7:b3:04:72:a8:4b:e4:7d:e7:4e:b8:a6:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun  5 12:25:54 2026 GMT
            Not After : Jun  4 12:30:54 2027 GMT
        Subject: CN=416D0DF1CF0615DCE5E24E06B163C072BD912BC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:78:3a:58:a1:6d:98:7f:4b:fb:22:cb:93:57:
                    98:32:3e:d8:1e:48:d9:c7:da:c7:34:12:a1:13:ef:
                    40:3a:82:80:81:b9:32:2a:e1:7c:13:43:41:4e:2c:
                    61:58:92:bd:fc:71:54:ec:8e:56:e7:1c:b7:cf:27:
                    92:3a:d3:82:e7:d5:61:b8:e4:94:d1:a4:39:63:42:
                    b4:0f:ff:09:12:d8:6c:ce:02:dd:eb:db:6f:41:4c:
                    30:35:66:e8:01:c0:bb:2c:e5:5d:fe:57:e0:ef:79:
                    a5:b8:b5:85:14:d4:1b:3a:e8:5e:f9:08:26:10:2a:
                    7a:0f:28:bc:3c:c8:67:57:35:f2:70:f5:c6:af:21:
                    ef:94:e0:31:98:6d:92:c6:cb:1c:39:20:35:8d:95:
                    fd:02:18:2c:f7:a9:cb:98:d3:59:e5:21:fc:34:ba:
                    1c:96:37:5a:10:aa:2b:dd:b8:bf:a5:f6:84:8a:3b:
                    1e:ab:a4:d8:34:c8:2d:ef:01:d5:92:de:68:7a:0c:
                    d1:ce:ff:44:92:a3:60:00:f4:38:bc:21:1f:68:8d:
                    e3:bf:b1:13:73:44:3e:f6:95:99:52:f4:33:fe:81:
                    b4:dc:74:e0:3d:3d:46:d6:ac:cf:4c:2e:c8:6b:9d:
                    81:9d:4b:f9:6d:97:30:bf:7d:c6:83:62:f0:c5:c8:
                    62:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:6D:0D:F1:CF:06:15:DC:E5:E2:4E:06:B1:63:C0:72:BD:91:2B:C7
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:be:b3:fc:d7:1d:ec:1a:72:38:63:2b:b1:29:d1:f0:85:5a:
         b9:33:28:17:5f:f1:23:b9:30:71:e1:5b:ae:ab:28:ed:42:8f:
         90:f4:88:f6:b7:25:7f:8a:5a:48:49:bd:37:47:f0:bc:34:ff:
         96:ea:d2:c1:46:15:8d:9e:45:dc:1c:e0:c0:72:7c:54:6d:3c:
         ac:52:db:c4:52:ee:2e:e8:dd:fe:73:36:15:fe:68:bd:ea:26:
         66:9b:e9:61:9e:33:12:86:9b:bf:50:7c:75:90:ba:43:da:d4:
         b0:58:af:9a:36:4f:87:09:5f:e9:67:6c:8e:7d:ba:a3:54:b2:
         b6:85:c4:fd:83:1e:2b:09:99:b6:99:6d:c1:64:73:a4:ea:d0:
         41:53:fc:a6:5d:97:8d:4c:14:c2:65:75:37:d3:82:bc:c2:46:
         e9:25:0f:19:64:8b:55:35:1f:7d:0b:2a:78:8f:de:91:64:7d:
         7d:54:ee:df:fd:88:a3:4c:7d:fd:6b:57:ac:35:d0:ac:db:10:
         35:15:fd:c9:57:5b:45:b9:95:e7:53:b4:e3:15:57:dc:45:18:
         b8:e3:ef:ca:8a:c3:1f:4c:31:a4:d2:47:0e:bf:e1:f0:fc:7e:
         17:3f:78:31:98:98:b8:0b:ab:c4:fc:b6:60:64:89:e3:e9:7d:
         23:b9:13:20
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUaPuJb3LapuezBHKoS+R95064pkgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA2MDUxMjI1NTRaFw0yNzA2MDQxMjMwNTRaMDMxMTAvBgNV
BAMTKDQxNkQwREYxQ0YwNjE1RENFNUUyNEUwNkIxNjNDMDcyQkQ5MTJCQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqeDpYoW2Yf0v7IsuTV5gyPtge
SNnH2sc0EqET70A6goCBuTIq4XwTQ0FOLGFYkr38cVTsjlbnHLfPJ5I604Ln1WG4
5JTRpDljQrQP/wkS2GzOAt3r229BTDA1ZugBwLss5V3+V+DveaW4tYUU1Bs66F75
CCYQKnoPKLw8yGdXNfJw9cavIe+U4DGYbZLGyxw5IDWNlf0CGCz3qcuY01nlIfw0
uhyWN1oQqivduL+l9oSKOx6rpNg0yC3vAdWS3mh6DNHO/0SSo2AA9Di8IR9ojeO/
sRNzRD72lZlS9DP+gbTcdOA9PUbWrM9MLshrnYGdS/ltlzC/fcaDYvDFyGLrAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUQW0N8c8GFdzl4k4GsWPAcr2RK8cwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwkMA0GCSqGSIb3DQEBCwUAA4IBAQAg
vrP81x3sGnI4YyuxKdHwhVq5MygXX/EjuTBx4VuuqyjtQo+Q9Ij2tyV/ilpISb03
R/C8NP+W6tLBRhWNnkXcHODAcnxUbTysUtvEUu4u6N3+czYV/mi96iZmm+lhnjMS
hpu/UHx1kLpD2tSwWK+aNk+HCV/pZ2yOfbqjVLK2hcT9gx4rCZm2mW3BZHOk6tBB
U/ymXZeNTBTCZXU304K8wkbpJQ8ZZItVNR99Cyp4j96RZH19VO7f/YijTH39a1es
NdCs2xA1Ff3JV1tFuZXnU7TjFVfcRRi44+/KisMfTDGk0kcOv+Hw/H4XP3gxmJi4
C6vE/LZgZInj6X0juRMg
-----END CERTIFICATE-----