Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e34322e302f32342d3234203d3e203134363138.roa
File:                     3134372e32382e34322e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          8/e+XEgCj31OHif0nAQqNwU5F45Hux2YoRU0ayp7zEc=
Subject key identifier:   84:9C:8B:9F:17:34:65:5C:57:9D:9B:E3:59:9D:2B:FA:B3:8A:0F:C5
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       24706C27B92DA403F192EACBBF4E3FE37AFC0CF5
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e34322e302f32342d3234203d3e203134363138.roa
Signing time:             Mon 08 Jun 2026 18:22:20 +0000
ROA not before:           Mon 08 Jun 2026 18:17:20 +0000
ROA not after:            Mon 07 Jun 2027 18:22:20 +0000
asID:                     14618
IP address blocks:        147.28.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:70:6c:27:b9:2d:a4:03:f1:92:ea:cb:bf:4e:3f:e3:7a:fc:0c:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun  8 18:17:20 2026 GMT
            Not After : Jun  7 18:22:20 2027 GMT
        Subject: CN=849C8B9F1734655C579D9BE3599D2BFAB38A0FC5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:cb:6d:fa:b4:e2:c3:07:5d:5c:e6:f6:73:b2:
                    e0:7b:6b:6e:91:d9:ee:38:79:d1:ba:73:0f:dc:6a:
                    f8:d2:79:c1:12:2f:06:d9:d4:33:7c:52:a6:d7:62:
                    42:43:99:81:25:1a:4c:64:d9:b1:19:f2:35:c5:c3:
                    fb:12:59:88:9d:9a:7f:bf:04:dc:7b:0c:48:d2:42:
                    69:a1:66:26:fb:96:94:a1:09:bd:4e:7b:1b:d5:5c:
                    4e:12:d8:24:61:60:46:bf:88:4d:68:bb:9d:4d:fa:
                    ff:6a:57:76:c7:96:e0:ff:cb:75:5f:1d:33:b3:aa:
                    52:91:ab:32:c0:1a:cc:b8:c7:c5:27:50:2d:1f:20:
                    43:aa:10:54:2f:06:33:cb:5a:8a:9a:6b:4b:49:94:
                    4b:c2:0c:01:d6:7d:d5:ca:ab:75:0b:6e:5e:a4:c1:
                    e9:ef:cd:f5:e9:3c:52:8b:e3:ce:be:84:45:df:a3:
                    db:1a:c7:52:6f:c3:30:22:de:17:38:93:35:1d:d2:
                    2c:c5:49:82:3e:ac:cf:f3:ca:ff:bc:55:bf:66:de:
                    03:db:c9:de:23:d5:9b:56:7c:34:5a:3d:ae:21:65:
                    95:f6:29:94:e7:8f:f9:3b:bf:88:21:5b:09:85:f5:
                    c1:56:4e:1f:8d:87:39:c4:a8:96:fc:ec:41:d6:94:
                    34:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:9C:8B:9F:17:34:65:5C:57:9D:9B:E3:59:9D:2B:FA:B3:8A:0F:C5
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e34322e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:c2:ed:e3:da:ea:e4:40:b0:1a:b6:d8:b0:94:20:24:bb:40:
         e1:f9:2d:73:bb:6b:e6:4f:72:22:df:bb:e6:9b:71:fc:87:a8:
         2f:2f:60:26:ca:0c:c9:c0:2d:12:4c:49:eb:40:9a:c9:11:84:
         01:d4:eb:0b:00:63:f5:f7:fe:74:2c:dd:7a:df:bd:ec:ed:58:
         8f:00:a9:fe:61:4f:54:1f:2d:aa:85:d2:ee:c0:bf:da:b3:14:
         9d:e1:2e:24:2f:68:6c:4a:29:a4:b0:f8:da:46:2f:fc:79:93:
         83:5c:5b:cc:40:cb:91:fd:5b:9f:a6:1c:e4:0f:30:0b:5f:75:
         4a:4a:bb:77:eb:97:f5:8a:82:7f:14:e2:2e:12:51:f3:2a:14:
         0d:1c:e8:7b:62:af:dd:d1:c2:65:b7:fc:98:35:f1:d0:04:df:
         a3:ca:1d:f0:56:19:55:0d:ba:4c:af:4c:f3:55:58:bf:d8:50:
         b9:5c:1c:73:76:a9:ba:4e:e8:8c:99:6b:50:6c:b7:e4:bb:19:
         4d:34:18:5e:45:a0:1c:a1:9c:4c:17:b3:bc:45:16:c4:15:bb:
         69:ef:3d:f0:43:e8:6d:40:85:2f:5a:91:e0:0b:67:7e:75:07:
         d8:97:27:61:c3:8e:15:8f:a5:fb:47:d6:3b:42:d6:06:52:a1:
         27:e0:bc:fe
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUJHBsJ7ktpAPxkurLv04/43r8DPUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA2MDgxODE3MjBaFw0yNzA2MDcxODIyMjBaMDMxMTAvBgNV
BAMTKDg0OUM4QjlGMTczNDY1NUM1NzlEOUJFMzU5OUQyQkZBQjM4QTBGQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7y236tOLDB11c5vZzsuB7a26R
2e44edG6cw/cavjSecESLwbZ1DN8UqbXYkJDmYElGkxk2bEZ8jXFw/sSWYidmn+/
BNx7DEjSQmmhZib7lpShCb1OexvVXE4S2CRhYEa/iE1ou51N+v9qV3bHluD/y3Vf
HTOzqlKRqzLAGsy4x8UnUC0fIEOqEFQvBjPLWoqaa0tJlEvCDAHWfdXKq3ULbl6k
wenvzfXpPFKL486+hEXfo9sax1JvwzAi3hc4kzUd0izFSYI+rM/zyv+8Vb9m3gPb
yd4j1ZtWfDRaPa4hZZX2KZTnj/k7v4ghWwmF9cFWTh+NhznEqJb87EHWlDSXAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUhJyLnxc0ZVxXnZvjWZ0r+rOKD8UwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTM0MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwqMA0GCSqGSIb3DQEBCwUAA4IBAQAp
wu3j2urkQLAattiwlCAku0Dh+S1zu2vmT3Ii37vmm3H8h6gvL2AmygzJwC0STEnr
QJrJEYQB1OsLAGP19/50LN16373s7ViPAKn+YU9UHy2qhdLuwL/asxSd4S4kL2hs
SimksPjaRi/8eZODXFvMQMuR/VufphzkDzALX3VKSrt365f1ioJ/FOIuElHzKhQN
HOh7Yq/d0cJlt/yYNfHQBN+jyh3wVhlVDbpMr0zzVVi/2FC5XBxzdqm6TuiMmWtQ
bLfkuxlNNBheRaAcoZxMF7O8RRbEFbtp7z3wQ+htQIUvWpHgC2d+dQfYlydhw44V
j6X7R9Y7QtYGUqEn4Lz+
-----END CERTIFICATE-----