Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e34322e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e34322e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          bZX9tDvpukx+XI5usefuaYNTGigc/SfBnlBC2D55Rg0=
Subject key identifier:   14:F8:8A:B2:0E:D3:CB:4A:F3:06:A1:32:5F:A6:D8:45:B8:2C:06:4D
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       32E6DB2D46E3F13EE519147C458D36B1221932F6
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e34322e302f32342d3234203d3e203136353039.roa
Signing time:             Mon 08 Jun 2026 18:21:43 +0000
ROA not before:           Mon 08 Jun 2026 18:16:43 +0000
ROA not after:            Mon 07 Jun 2027 18:21:43 +0000
asID:                     16509
IP address blocks:        147.28.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:e6:db:2d:46:e3:f1:3e:e5:19:14:7c:45:8d:36:b1:22:19:32:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun  8 18:16:43 2026 GMT
            Not After : Jun  7 18:21:43 2027 GMT
        Subject: CN=14F88AB20ED3CB4AF306A1325FA6D845B82C064D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8e:0b:76:b0:19:97:ff:bc:09:9b:9c:20:aa:
                    bf:37:a5:1a:61:6e:19:0d:ce:f1:41:d6:03:c4:87:
                    4f:75:16:e5:77:c3:30:55:5b:04:40:3a:05:9c:28:
                    f0:89:97:60:34:7e:22:62:83:ae:13:e1:93:cc:56:
                    b9:9e:89:21:cf:55:4f:eb:e7:de:f8:d1:d4:bc:be:
                    eb:0f:19:9c:15:2c:15:29:04:fd:01:e1:35:e4:09:
                    02:31:6e:02:68:6f:70:08:9f:1f:35:89:8f:51:2b:
                    50:e9:03:10:bc:7c:d8:96:69:60:6c:53:61:37:61:
                    89:69:03:e4:ea:8f:4b:b6:d1:78:63:d2:d5:62:d3:
                    b6:f8:35:d6:84:a8:c0:cb:94:71:af:59:ea:06:b9:
                    e7:5e:80:8b:59:4f:7f:ad:fb:8a:ba:a1:fd:00:3d:
                    95:fe:17:68:26:53:9c:c1:ba:65:70:ba:35:23:e5:
                    7d:83:02:59:48:aa:4a:35:59:b6:2a:58:cf:30:95:
                    e1:d0:3e:9c:ac:23:df:a9:ab:b4:4c:05:b7:67:25:
                    ca:db:de:3e:fb:6e:38:83:a2:91:e7:e4:f0:93:42:
                    d7:d3:61:35:ba:e7:5a:cf:48:c0:31:d2:67:22:ac:
                    f3:67:7b:0f:19:e9:b9:29:a6:13:9d:64:aa:8a:37:
                    07:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:F8:8A:B2:0E:D3:CB:4A:F3:06:A1:32:5F:A6:D8:45:B8:2C:06:4D
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e34322e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:80:46:d9:1e:2a:6d:f0:86:a8:1a:ca:63:04:f9:3a:5f:29:
         5d:8b:15:bc:0d:1d:bc:ad:10:2b:05:bf:26:b6:0e:1c:d3:e5:
         08:df:cf:19:1b:78:bf:95:79:51:fa:86:27:4b:e3:bd:cf:55:
         17:26:46:fc:66:10:0b:40:e4:f7:f6:75:84:85:ea:30:e3:a4:
         de:df:8c:a5:61:df:eb:62:0e:19:de:5d:c4:02:14:af:b5:66:
         df:6a:b9:ee:0f:4f:36:29:9f:5b:45:cd:f8:d0:a9:e2:fe:0e:
         8b:ac:44:2a:5d:fc:ff:4e:3e:35:d7:ed:6b:7e:78:cb:a5:98:
         dc:c9:b1:59:df:6b:6d:24:ce:3b:66:6a:9f:ad:1d:5c:9e:03:
         01:cd:3f:29:a0:bc:f7:02:2c:1c:5c:3c:d1:bf:b7:0e:56:04:
         87:2c:c1:81:73:60:e1:93:48:36:be:86:53:c7:92:1b:9e:b3:
         a0:be:f3:ea:98:71:d2:ff:82:55:5e:6d:64:57:5d:25:59:39:
         43:3a:42:c2:d7:fd:4b:50:5e:4a:fd:2c:5f:94:95:8f:ea:f5:
         76:9e:f9:64:d8:48:15:ab:31:44:93:84:2c:97:46:79:f1:d5:
         25:5b:e0:37:26:1c:27:10:4e:86:49:21:c3:b9:3c:a9:a0:62:
         74:65:d4:82
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUMubbLUbj8T7lGRR8RY02sSIZMvYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA2MDgxODE2NDNaFw0yNzA2MDcxODIxNDNaMDMxMTAvBgNV
BAMTKDE0Rjg4QUIyMEVEM0NCNEFGMzA2QTEzMjVGQTZEODQ1QjgyQzA2NEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVjgt2sBmX/7wJm5wgqr83pRph
bhkNzvFB1gPEh091FuV3wzBVWwRAOgWcKPCJl2A0fiJig64T4ZPMVrmeiSHPVU/r
59740dS8vusPGZwVLBUpBP0B4TXkCQIxbgJob3AInx81iY9RK1DpAxC8fNiWaWBs
U2E3YYlpA+Tqj0u20Xhj0tVi07b4NdaEqMDLlHGvWeoGuedegItZT3+t+4q6of0A
PZX+F2gmU5zBumVwujUj5X2DAllIqko1WbYqWM8wleHQPpysI9+pq7RMBbdnJcrb
3j77bjiDopHn5PCTQtfTYTW651rPSMAx0mcirPNnew8Z6bkpphOdZKqKNwfbAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUFPiKsg7Ty0rzBqEyX6bYRbgsBk0wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTM0MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwqMA0GCSqGSIb3DQEBCwUAA4IBAQA8
gEbZHipt8IaoGspjBPk6XyldixW8DR28rRArBb8mtg4c0+UI388ZG3i/lXlR+oYn
S+O9z1UXJkb8ZhALQOT39nWEheow46Te34ylYd/rYg4Z3l3EAhSvtWbfarnuD082
KZ9bRc340Kni/g6LrEQqXfz/Tj411+1rfnjLpZjcybFZ32ttJM47ZmqfrR1cngMB
zT8poLz3AiwcXDzRv7cOVgSHLMGBc2Dhk0g2voZTx5IbnrOgvvPqmHHS/4JVXm1k
V10lWTlDOkLC1/1LUF5K/SxflJWP6vV2nvlk2EgVqzFEk4Qsl0Z58dUlW+A3Jhwn
EE6GSSHDuTypoGJ0ZdSC
-----END CERTIFICATE-----