Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33372e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          hrVCguuyNTK4ngym6vhyFZVLk7zYljyRA55MmuX3Tpo=
Subject key identifier:   1D:B8:78:CE:82:86:B8:99:EE:67:BD:E5:92:6C:FF:31:AC:44:6C:8E
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       6FFC6DCD10F076009E8B18E4BE7F67AC0A47DDAD
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203136353039.roa
Signing time:             Wed 20 May 2026 14:15:24 +0000
ROA not before:           Wed 20 May 2026 14:10:24 +0000
ROA not after:            Wed 19 May 2027 14:15:24 +0000
asID:                     16509
IP address blocks:        147.28.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:fc:6d:cd:10:f0:76:00:9e:8b:18:e4:be:7f:67:ac:0a:47:dd:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: May 20 14:10:24 2026 GMT
            Not After : May 19 14:15:24 2027 GMT
        Subject: CN=1DB878CE8286B899EE67BDE5926CFF31AC446C8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:37:d8:0b:89:22:8c:e8:74:1e:56:74:b6:a5:
                    b2:bc:52:bd:a4:04:28:c1:29:fc:2c:a6:9a:68:15:
                    19:51:7c:34:f0:d2:7f:42:ea:71:73:90:cb:85:a2:
                    8f:8b:bb:3e:e3:93:43:61:18:71:25:63:35:cc:41:
                    8a:8c:aa:3e:3f:ae:b8:87:26:5d:19:48:c8:c4:ba:
                    36:98:13:9b:dd:b8:2f:46:bf:67:2f:5a:f0:4b:ad:
                    47:ff:cc:ab:0d:93:fb:bb:cf:7a:c8:ef:36:2a:b8:
                    4e:6f:09:25:4e:40:ae:67:4e:6c:15:8b:bb:5b:49:
                    aa:1c:6e:a8:a8:06:c2:8c:32:48:b9:83:f0:b4:87:
                    f1:9b:50:41:0a:1c:d3:f2:8e:b5:3a:49:0c:c8:96:
                    9f:24:07:fd:48:12:b9:58:e4:9f:78:67:9f:4b:19:
                    86:d8:56:20:2e:81:59:ee:bd:78:9c:bf:ed:b8:aa:
                    7f:f4:ba:3d:6d:cd:f4:90:a1:f7:a3:e3:0b:d3:e2:
                    40:54:c7:e8:a0:65:73:85:b5:7c:f7:6c:b4:59:54:
                    6f:db:95:9e:0d:cd:ed:de:95:cf:9f:a9:c1:23:6c:
                    e9:40:89:b5:da:f4:e5:29:c5:de:1e:ac:ff:01:89:
                    92:36:31:59:a5:63:cb:3c:ca:f7:28:49:34:fc:e0:
                    e1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B8:78:CE:82:86:B8:99:EE:67:BD:E5:92:6C:FF:31:AC:44:6C:8E
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:97:83:db:d2:cd:27:a1:7a:a3:65:38:0d:0c:92:bb:8c:ee:
         97:6e:65:39:56:7f:0e:1b:51:c4:7c:77:e8:19:1b:81:23:12:
         40:60:f2:37:55:00:bd:2d:35:7a:67:77:43:be:ee:31:26:69:
         9f:2e:a0:30:62:5b:78:ee:6a:f2:f0:c2:b5:45:7d:03:80:7a:
         4b:7c:50:3f:81:35:fc:fc:1e:8c:17:2b:d9:b9:a1:12:e0:4c:
         b8:7b:61:d8:c9:ef:62:80:d9:7a:c1:c5:c8:af:af:16:f1:89:
         e2:a1:e7:ac:62:2c:0e:63:c1:35:cb:e6:4c:5b:54:db:87:ed:
         0a:f9:29:57:dd:d2:3b:13:c7:ad:7d:04:09:ff:73:b0:5a:31:
         1a:b6:8b:1b:75:1a:04:92:3d:3a:73:34:f1:e7:1a:51:0d:b4:
         32:fe:eb:c1:a5:60:16:ee:1d:cd:0e:ac:fb:de:3e:2f:25:61:
         20:39:fc:ce:b1:76:fd:74:b9:ac:bc:cb:c8:e9:1e:87:bb:b2:
         33:e9:b7:7b:33:d9:6c:5c:d5:45:c0:0f:80:41:a1:39:b4:ae:
         79:22:b1:ad:f3:69:26:41:c3:0d:fb:36:aa:24:9c:83:1f:02:
         63:a7:34:e6:82:db:bd:d3:9c:8a:86:4c:dc:0e:0f:4c:17:5e:
         60:e3:4b:91
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUb/xtzRDwdgCeixjkvn9nrApH3a0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA1MjAxNDEwMjRaFw0yNzA1MTkxNDE1MjRaMDMxMTAvBgNV
BAMTKDFEQjg3OENFODI4NkI4OTlFRTY3QkRFNTkyNkNGRjMxQUM0NDZDOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+N9gLiSKM6HQeVnS2pbK8Ur2k
BCjBKfwspppoFRlRfDTw0n9C6nFzkMuFoo+Luz7jk0NhGHElYzXMQYqMqj4/rriH
Jl0ZSMjEujaYE5vduC9Gv2cvWvBLrUf/zKsNk/u7z3rI7zYquE5vCSVOQK5nTmwV
i7tbSaocbqioBsKMMki5g/C0h/GbUEEKHNPyjrU6SQzIlp8kB/1IErlY5J94Z59L
GYbYViAugVnuvXicv+24qn/0uj1tzfSQofej4wvT4kBUx+igZXOFtXz3bLRZVG/b
lZ4Nze3elc+fqcEjbOlAibXa9OUpxd4erP8BiZI2MVmlY8s8yvcoSTT84OGTAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUHbh4zoKGuJnuZ73lkmz/MaxEbI4wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwlMA0GCSqGSIb3DQEBCwUAA4IBAQAP
l4Pb0s0noXqjZTgNDJK7jO6XbmU5Vn8OG1HEfHfoGRuBIxJAYPI3VQC9LTV6Z3dD
vu4xJmmfLqAwYlt47mry8MK1RX0DgHpLfFA/gTX8/B6MFyvZuaES4Ey4e2HYye9i
gNl6wcXIr68W8YnioeesYiwOY8E1y+ZMW1Tbh+0K+SlX3dI7E8etfQQJ/3OwWjEa
tosbdRoEkj06czTx5xpRDbQy/uvBpWAW7h3NDqz73j4vJWEgOfzOsXb9dLmsvMvI
6R6Hu7Iz6bd7M9lsXNVFwA+AQaE5tK55IrGt82kmQcMN+zaqJJyDHwJjpzTmgtu9
05yKhkzcDg9MF15g40uR
-----END CERTIFICATE-----