Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203134363138.roa
File:                     3134372e32382e33372e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          tmNvHVdHzX+59DNi/i1gt/23t9NeG7jtkTuyUkazxO8=
Subject key identifier:   5A:FF:08:31:FC:D9:20:85:41:64:FC:44:06:C6:2C:C3:59:9A:58:3A
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       4082A929C4F9F493B66E42FC8BBC96543946972D
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203134363138.roa
Signing time:             Wed 20 May 2026 14:15:24 +0000
ROA not before:           Wed 20 May 2026 14:10:24 +0000
ROA not after:            Wed 19 May 2027 14:15:24 +0000
asID:                     14618
IP address blocks:        147.28.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:82:a9:29:c4:f9:f4:93:b6:6e:42:fc:8b:bc:96:54:39:46:97:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: May 20 14:10:24 2026 GMT
            Not After : May 19 14:15:24 2027 GMT
        Subject: CN=5AFF0831FCD920854164FC4406C62CC3599A583A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:97:57:f6:e2:71:5c:95:74:0e:4a:3d:19:a7:
                    c3:48:fe:15:7f:22:ef:65:12:48:98:b8:d4:d6:22:
                    38:5d:89:10:bb:45:81:e2:0c:1e:62:23:3d:5c:c5:
                    8a:e2:c2:ad:b8:d9:aa:3a:3d:08:1d:04:c7:70:cd:
                    d1:12:b6:4d:1a:d7:7e:bc:b2:c5:1b:f8:00:9f:4f:
                    9a:95:73:8d:a5:a6:68:5c:5d:4f:71:ff:a4:6f:56:
                    6a:ab:d2:bb:9c:3c:f6:13:77:19:3d:d5:5e:6f:26:
                    f8:fd:24:5a:e3:67:ed:bc:01:a9:45:c2:04:bd:b8:
                    df:fb:9e:7b:56:1b:a6:cb:85:eb:fc:62:23:9b:b7:
                    e7:1f:d6:7e:6f:d0:40:48:a2:55:c8:b2:e8:a4:2e:
                    7d:03:76:5a:4e:29:f6:30:fa:df:c0:db:85:dc:81:
                    2f:28:c5:b4:1b:53:00:3b:c6:56:ff:a6:16:b7:c2:
                    42:2d:6a:f1:0f:29:16:2f:b6:14:6f:71:4a:48:33:
                    4d:ed:cc:84:f9:ae:84:fd:b7:65:e6:60:71:f5:4f:
                    99:6e:0b:ac:84:bc:3f:8e:2d:b1:95:98:12:39:9b:
                    6e:b3:b4:80:d2:4f:ff:2e:ed:15:7a:cb:41:97:36:
                    40:52:86:09:a7:b4:0f:50:5f:6a:0e:aa:fa:19:12:
                    41:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:FF:08:31:FC:D9:20:85:41:64:FC:44:06:C6:2C:C3:59:9A:58:3A
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:81:5f:f1:45:28:de:61:ac:22:0b:ba:65:8e:32:39:5a:4d:
         74:66:f6:ce:88:83:2f:2f:78:d9:4d:3c:f8:15:64:8f:e6:7e:
         b6:2e:21:d7:75:e5:74:d6:68:35:d4:16:be:ee:97:29:a2:c2:
         be:1d:76:74:c9:61:7c:f4:b1:cc:ba:b4:d6:3a:d0:31:46:10:
         63:1d:0b:95:04:c3:e3:43:06:61:59:a5:6b:94:02:0e:80:d2:
         51:36:be:6d:60:f7:1c:c4:b5:c8:76:6a:16:a7:a9:72:93:6e:
         ad:69:41:e4:2e:de:09:93:bc:68:29:a4:4f:58:df:0c:11:c1:
         68:35:ae:e5:23:b2:d7:94:59:2b:ad:eb:25:21:26:36:9e:93:
         dd:da:85:d6:89:ea:1c:93:57:da:ff:99:f4:55:22:31:de:cc:
         3c:5d:b7:4e:49:1d:90:ad:9b:84:d2:30:64:33:99:d6:ec:e9:
         10:32:d5:fd:f1:25:d8:12:50:9c:8d:c7:a8:c7:7e:50:a6:4f:
         7a:2e:4f:57:15:e4:cf:f6:96:8b:e3:48:0c:47:f4:65:b1:7b:
         a7:49:d3:f5:ba:d0:07:f2:99:0c:cc:fa:e4:4e:ef:40:8c:42:
         06:c3:a0:c2:0c:9f:e5:37:0b:59:26:ad:9b:9f:cc:fd:5d:91:
         80:d8:bf:83
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUQIKpKcT59JO2bkL8i7yWVDlGly0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA1MjAxNDEwMjRaFw0yNzA1MTkxNDE1MjRaMDMxMTAvBgNV
BAMTKDVBRkYwODMxRkNEOTIwODU0MTY0RkM0NDA2QzYyQ0MzNTk5QTU4M0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnl1f24nFclXQOSj0Zp8NI/hV/
Iu9lEkiYuNTWIjhdiRC7RYHiDB5iIz1cxYriwq242ao6PQgdBMdwzdEStk0a1368
ssUb+ACfT5qVc42lpmhcXU9x/6RvVmqr0rucPPYTdxk91V5vJvj9JFrjZ+28AalF
wgS9uN/7nntWG6bLhev8YiObt+cf1n5v0EBIolXIsuikLn0DdlpOKfYw+t/A24Xc
gS8oxbQbUwA7xlb/pha3wkItavEPKRYvthRvcUpIM03tzIT5roT9t2XmYHH1T5lu
C6yEvD+OLbGVmBI5m26ztIDST/8u7RV6y0GXNkBShgmntA9QX2oOqvoZEkGVAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUWv8IMfzZIIVBZPxEBsYsw1maWDowHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwlMA0GCSqGSIb3DQEBCwUAA4IBAQBT
gV/xRSjeYawiC7pljjI5Wk10ZvbOiIMvL3jZTTz4FWSP5n62LiHXdeV01mg11Ba+
7pcposK+HXZ0yWF89LHMurTWOtAxRhBjHQuVBMPjQwZhWaVrlAIOgNJRNr5tYPcc
xLXIdmoWp6lyk26taUHkLt4Jk7xoKaRPWN8MEcFoNa7lI7LXlFkrreslISY2npPd
2oXWieock1fa/5n0VSIx3sw8XbdOSR2QrZuE0jBkM5nW7OkQMtX98SXYElCcjceo
x35Qpk96Lk9XFeTP9paL40gMR/RlsXunSdP1utAH8pkMzPrkTu9AjEIGw6DCDJ/l
NwtZJq2bn8z9XZGA2L+D
-----END CERTIFICATE-----