Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203432343237.roa
File:                     3134372e32382e33362e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          tmU16zzZorhWypT+zqTEm3VAmhSRA+uSlAERDG058oA=
Subject key identifier:   3B:64:89:AE:93:C9:E4:73:A5:27:7D:4D:8F:31:22:DE:71:CE:13:EE
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       1CFA215DF6DB0F2DEDC392F11A22D148E4733F29
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 05 Jun 2026 12:30:55 +0000
ROA not before:           Fri 05 Jun 2026 12:25:55 +0000
ROA not after:            Fri 04 Jun 2027 12:30:55 +0000
asID:                     42427
IP address blocks:        147.28.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:fa:21:5d:f6:db:0f:2d:ed:c3:92:f1:1a:22:d1:48:e4:73:3f:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun  5 12:25:55 2026 GMT
            Not After : Jun  4 12:30:55 2027 GMT
        Subject: CN=3B6489AE93C9E473A5277D4D8F3122DE71CE13EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:44:c3:eb:7a:58:41:ec:86:ad:52:f8:8f:ea:
                    63:22:e9:2e:31:5f:1d:0e:86:64:6a:93:4b:8c:12:
                    a6:c2:28:31:3b:47:36:54:11:84:94:0b:cb:e4:ae:
                    e1:7e:42:e7:44:cc:bc:99:91:37:8d:f7:4f:35:ea:
                    24:3a:6f:5c:2f:b2:79:c4:d2:8a:7c:bb:dd:37:5a:
                    82:3b:79:e4:6e:85:67:68:9c:f9:84:0c:a3:89:4a:
                    1c:c5:6d:66:a6:e0:40:a4:20:d5:64:4d:a7:dc:13:
                    ac:34:07:e8:27:e3:48:8b:30:cd:ed:eb:a8:c0:16:
                    04:44:7d:26:46:19:a2:a0:47:dd:53:d5:31:b4:b3:
                    30:d9:99:d8:17:8c:43:cd:93:ae:dd:4c:51:05:09:
                    b5:b6:e8:9f:50:14:b7:d1:21:3d:83:9c:f6:bd:1c:
                    89:ea:5d:aa:e4:be:9c:50:3e:85:d3:15:73:ef:eb:
                    93:3f:bb:36:a8:56:13:18:e5:d3:07:66:45:2d:be:
                    59:fc:97:5b:73:4c:f1:a7:37:8d:b5:0b:12:9e:93:
                    ab:e8:5a:97:f1:26:23:a2:23:c5:f0:49:0b:32:33:
                    a2:97:40:38:05:dc:b1:53:87:06:d8:1f:0a:ca:31:
                    60:7c:f8:04:54:f9:db:61:3d:43:6e:10:d9:cd:96:
                    7a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:64:89:AE:93:C9:E4:73:A5:27:7D:4D:8F:31:22:DE:71:CE:13:EE
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:5b:70:5d:5a:ab:2a:ce:9e:02:e9:a3:2f:6d:37:2c:81:6c:
         e9:99:b7:73:24:d8:f9:f1:27:d7:09:dc:a4:b7:f3:89:a6:5f:
         0f:1f:0f:d6:48:f2:14:d0:e3:34:99:5d:f1:40:62:92:b2:44:
         07:aa:10:2f:e7:6c:af:b2:d3:75:fb:a8:4b:c3:e8:c8:48:7b:
         9f:39:ed:ca:ef:8a:74:4c:34:0f:b6:3c:cb:f3:f6:dd:e7:20:
         13:8d:69:61:91:64:ec:a5:ea:4e:35:12:46:66:54:64:fa:17:
         4a:79:7d:a0:10:10:0a:c0:bc:90:84:66:2e:3f:66:cc:b1:9f:
         c1:dd:9f:30:4a:a1:a3:c9:96:9a:5b:d7:d3:a0:92:e4:94:23:
         96:78:2d:7b:39:c7:52:cc:f3:ae:ec:5b:b1:07:e1:3c:52:b9:
         ac:5d:e6:ca:94:6b:ec:d9:f3:82:3b:1b:a7:48:2a:d6:c7:fa:
         5f:43:df:f3:73:66:11:c8:c4:62:8c:74:86:82:57:47:15:ef:
         f0:dc:cb:1c:c6:fe:e0:ad:4a:89:26:cf:ef:ef:5c:10:e7:80:
         69:32:26:fe:93:24:1d:33:25:20:18:45:56:55:00:77:52:b0:
         d9:4b:5e:fd:33:97:cf:88:05:67:8d:4f:23:b1:cf:8f:65:29:
         e7:83:91:3b
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUHPohXfbbDy3tw5LxGiLRSORzPykwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA2MDUxMjI1NTVaFw0yNzA2MDQxMjMwNTVaMDMxMTAvBgNV
BAMTKDNCNjQ4OUFFOTNDOUU0NzNBNTI3N0Q0RDhGMzEyMkRFNzFDRTEzRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4RMPrelhB7IatUviP6mMi6S4x
Xx0OhmRqk0uMEqbCKDE7RzZUEYSUC8vkruF+QudEzLyZkTeN90816iQ6b1wvsnnE
0op8u903WoI7eeRuhWdonPmEDKOJShzFbWam4ECkINVkTafcE6w0B+gn40iLMM3t
66jAFgREfSZGGaKgR91T1TG0szDZmdgXjEPNk67dTFEFCbW26J9QFLfRIT2DnPa9
HInqXarkvpxQPoXTFXPv65M/uzaoVhMY5dMHZkUtvln8l1tzTPGnN421CxKek6vo
WpfxJiOiI8XwSQsyM6KXQDgF3LFThwbYHwrKMWB8+ARU+dthPUNuENnNlnq/AgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUO2SJrpPJ5HOlJ31NjzEi3nHOE+4wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwkMA0GCSqGSIb3DQEBCwUAA4IBAQAR
W3BdWqsqzp4C6aMvbTcsgWzpmbdzJNj58SfXCdykt/OJpl8PHw/WSPIU0OM0mV3x
QGKSskQHqhAv52yvstN1+6hLw+jISHufOe3K74p0TDQPtjzL8/bd5yATjWlhkWTs
pepONRJGZlRk+hdKeX2gEBAKwLyQhGYuP2bMsZ/B3Z8wSqGjyZaaW9fToJLklCOW
eC17OcdSzPOu7FuxB+E8UrmsXebKlGvs2fOCOxunSCrWx/pfQ9/zc2YRyMRijHSG
gldHFe/w3Mscxv7grUqJJs/v71wQ54BpMib+kyQdMyUgGEVWVQB3UrDZS179M5fP
iAVnjU8jsc+PZSnng5E7
-----END CERTIFICATE-----