Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33392e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          KprWR9UmHkk6vC+KUPGwa09LtiHUL6MlAtnvxf/WnZo=
Subject key identifier:   04:23:35:54:5C:8D:2E:6D:0B:40:4D:29:CE:EC:95:19:91:75:CA:CE
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       21564B93997C3AB0BA97B0F245FF61F3AF3FB532
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203136353039.roa
Signing time:             Fri 18 Apr 2025 19:29:45 +0000
ROA not before:           Fri 18 Apr 2025 19:24:45 +0000
ROA not after:            Fri 17 Apr 2026 19:29:45 +0000
asID:                     16509
IP address blocks:        147.28.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:56:4b:93:99:7c:3a:b0:ba:97:b0:f2:45:ff:61:f3:af:3f:b5:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Apr 18 19:24:45 2025 GMT
            Not After : Apr 17 19:29:45 2026 GMT
        Subject: CN=042335545C8D2E6D0B404D29CEEC95199175CACE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:42:79:4d:35:f5:c5:4d:41:f2:22:63:ff:e7:
                    c0:e6:ca:38:90:1d:c0:aa:82:a7:7a:b8:93:9c:92:
                    22:c0:62:ff:09:63:ff:c7:24:25:5a:12:90:ef:d7:
                    29:94:71:94:da:0e:de:ef:e4:66:77:97:68:fd:66:
                    5b:37:6d:29:dd:70:b3:24:f0:1f:1b:88:6d:6c:13:
                    b2:56:06:8c:91:f2:6c:5b:de:37:4a:4b:df:ad:36:
                    81:c8:89:8e:e2:ac:c0:ee:a1:f7:e7:b4:29:cd:29:
                    68:e4:ac:12:01:da:ce:65:9f:36:05:3b:3e:fd:06:
                    97:ec:5b:7a:21:42:7d:a7:94:40:bf:a3:a6:b9:86:
                    3f:02:f8:07:d6:ad:67:8e:47:f4:ca:82:28:7c:c3:
                    0a:7c:b9:dc:07:c2:bf:54:72:e8:8c:a5:92:db:a5:
                    7b:12:9b:d2:56:5c:86:47:f9:3b:1e:07:e9:7c:6c:
                    a5:fb:12:3b:87:23:dc:cf:5a:ca:56:35:08:4f:1a:
                    df:8b:c7:8c:a0:42:ca:97:97:e4:8d:a6:55:8c:84:
                    8e:94:f7:00:e1:44:74:78:02:d8:3b:32:5e:83:73:
                    65:a7:52:de:06:7a:39:3e:73:7f:8d:11:01:92:b9:
                    6b:18:28:01:fc:02:f0:c5:6a:b5:78:fc:54:34:cc:
                    92:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:23:35:54:5C:8D:2E:6D:0B:40:4D:29:CE:EC:95:19:91:75:CA:CE
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:be:27:85:93:7c:26:4e:06:1a:e8:4e:f7:5e:1e:05:ba:36:
         ea:d2:42:68:00:6a:ae:63:1e:b6:2a:d6:31:6e:37:dc:51:20:
         eb:29:41:ce:73:89:6c:d4:4f:ea:46:8d:b2:37:93:07:3d:00:
         66:6d:55:64:8c:61:dc:12:23:96:2c:38:ac:94:fd:bb:8b:9f:
         af:08:a8:18:26:fb:08:da:03:ed:c7:c5:e0:b4:83:a4:b3:11:
         19:ef:7f:4e:bd:2b:9b:49:73:26:53:ad:4a:04:91:1f:8b:2c:
         ba:22:a5:c0:84:78:58:83:d8:be:72:ce:1f:59:98:d5:65:82:
         b4:d1:be:4e:5c:dd:e5:36:47:d8:b9:ba:b4:df:ae:00:b8:34:
         e9:d3:63:3a:50:df:a7:4a:66:6e:f5:9d:ea:97:a1:8a:ae:d6:
         3a:7e:3b:ef:7b:a7:a8:ac:1b:30:0a:78:c8:84:35:81:6e:b6:
         c0:01:ef:97:19:6a:37:f0:00:c6:8f:5c:a6:c5:12:a5:7b:49:
         4d:d3:b7:79:e2:e2:8b:97:5b:ac:87:b0:3d:1e:1b:e1:c8:70:
         38:00:d3:8b:8f:0a:73:99:a8:98:75:75:ab:f3:ad:59:15:59:
         5e:61:89:13:04:c1:bb:c6:d5:21:4a:62:ca:89:ef:58:89:a3:
         3d:4a:c4:b9
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUIVZLk5l8OrC6l7DyRf9h868/tTIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNTA0MTgxOTI0NDVaFw0yNjA0MTcxOTI5NDVaMDMxMTAvBgNV
BAMTKDA0MjMzNTU0NUM4RDJFNkQwQjQwNEQyOUNFRUM5NTE5OTE3NUNBQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKQnlNNfXFTUHyImP/58DmyjiQ
HcCqgqd6uJOckiLAYv8JY//HJCVaEpDv1ymUcZTaDt7v5GZ3l2j9Zls3bSndcLMk
8B8biG1sE7JWBoyR8mxb3jdKS9+tNoHIiY7irMDuoffntCnNKWjkrBIB2s5lnzYF
Oz79BpfsW3ohQn2nlEC/o6a5hj8C+AfWrWeOR/TKgih8wwp8udwHwr9UcuiMpZLb
pXsSm9JWXIZH+TseB+l8bKX7EjuHI9zPWspWNQhPGt+Lx4ygQsqXl+SNplWMhI6U
9wDhRHR4Atg7Ml6Dc2WnUt4Gejk+c3+NEQGSuWsYKAH8AvDFarV4/FQ0zJIVAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUBCM1VFyNLm0LQE0pzuyVGZF1ys4wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwnMA0GCSqGSIb3DQEBCwUAA4IBAQCU
vieFk3wmTgYa6E73Xh4Fujbq0kJoAGquYx62KtYxbjfcUSDrKUHOc4ls1E/qRo2y
N5MHPQBmbVVkjGHcEiOWLDislP27i5+vCKgYJvsI2gPtx8XgtIOksxEZ739OvSub
SXMmU61KBJEfiyy6IqXAhHhYg9i+cs4fWZjVZYK00b5OXN3lNkfYubq0364AuDTp
02M6UN+nSmZu9Z3ql6GKrtY6fjvve6eorBswCnjIhDWBbrbAAe+XGWo38ADGj1ym
xRKle0lN07d54uKLl1ush7A9HhvhyHA4ANOLjwpzmaiYdXWr861ZFVleYYkTBMG7
xtUhSmLKie9YiaM9SsS5
-----END CERTIFICATE-----