Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38362e302f32342d3234203d3e203432343237.roa
File:                     3138352e35382e38362e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          MbmfP7dsoCU0it278bSCYW1QFnoepLDzz3gIh7U9eTg=
Subject key identifier:   89:DB:71:D7:28:71:43:BC:9B:5A:F8:20:A4:DE:B1:F8:B4:8D:9D:E9
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       6B9FAE9F2622E4FB5742A269EA7F5E6C6A03A8F2
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38362e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 05 Jun 2026 12:30:55 +0000
ROA not before:           Fri 05 Jun 2026 12:25:55 +0000
ROA not after:            Fri 04 Jun 2027 12:30:55 +0000
asID:                     42427
IP address blocks:        185.58.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:9f:ae:9f:26:22:e4:fb:57:42:a2:69:ea:7f:5e:6c:6a:03:a8:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun  5 12:25:55 2026 GMT
            Not After : Jun  4 12:30:55 2027 GMT
        Subject: CN=89DB71D7287143BC9B5AF820A4DEB1F8B48D9DE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:93:23:05:fa:72:19:06:78:4c:9b:ee:36:31:
                    05:6f:bb:06:30:d8:05:3b:12:52:d9:89:1f:11:27:
                    de:c8:25:5f:87:5a:8d:96:8b:4f:e1:43:7e:71:b2:
                    a3:68:22:11:77:84:ae:ae:b2:c1:7e:f6:47:14:f7:
                    62:bf:2b:a3:75:78:27:f2:61:8f:b4:63:9c:d9:72:
                    2a:35:48:c2:b9:01:f6:8d:01:e3:24:72:dc:3e:92:
                    a8:c8:d9:c2:81:54:48:18:dc:ed:ba:c5:ed:ec:2e:
                    5f:d6:d3:a1:16:06:be:53:70:01:dc:e7:c8:0f:fc:
                    a5:6e:c0:ed:b1:da:a6:1c:f8:c7:47:3b:7b:cf:38:
                    26:4c:22:ce:87:9d:dd:1b:67:14:be:97:96:98:f2:
                    f4:02:c2:2a:99:db:ef:6c:69:c8:3d:c7:f5:68:2c:
                    e9:e5:01:e2:eb:7f:8b:f5:be:1b:ee:a7:e5:70:be:
                    84:de:97:f0:90:d1:d2:a0:7a:1c:17:9b:1d:f9:1e:
                    b0:d6:67:ca:78:fd:d4:0c:ce:dd:9f:8c:d2:a6:75:
                    73:fb:0b:17:21:d2:24:c4:7e:a0:8c:43:f5:22:f9:
                    10:fd:95:00:5a:81:06:f7:2a:20:5c:e3:21:84:31:
                    09:e8:dc:c1:ad:2a:d0:59:0f:be:32:72:1a:e8:17:
                    77:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:DB:71:D7:28:71:43:BC:9B:5A:F8:20:A4:DE:B1:F8:B4:8D:9D:E9
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38362e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:3f:f9:ad:58:b4:1d:f8:9b:18:19:45:55:4a:14:a6:ea:51:
         da:4a:3d:f6:80:b7:4b:77:12:d5:ca:a3:4c:b3:80:36:c3:48:
         b2:92:ff:0d:21:47:21:5e:2d:f2:3c:df:fd:c1:e5:92:b7:32:
         5a:3d:46:e3:b9:ed:55:dd:c2:43:91:54:17:66:be:00:9e:98:
         f6:4f:63:da:1f:d9:29:18:bf:0b:3c:ae:60:e9:5b:4a:c5:1b:
         7b:a0:f6:f7:2d:75:84:08:0c:c7:86:ed:74:6e:ac:51:04:8c:
         15:93:e6:7e:0f:06:7a:5d:03:e3:22:39:af:70:a6:40:8a:a3:
         ba:91:bb:db:0b:fd:61:be:78:24:9b:45:4a:8f:aa:4d:e4:d7:
         58:35:67:6d:cc:80:f8:31:df:94:32:e5:3d:11:ff:6a:5b:52:
         c1:af:fa:d4:3e:a8:dc:99:1a:da:e0:2e:be:b7:f4:77:75:85:
         0c:50:7e:49:fe:98:81:82:ec:60:2a:c0:d6:0c:ea:e6:53:15:
         78:69:56:97:f5:8c:21:16:11:52:62:d3:ac:07:5e:80:9f:64:
         51:f7:25:eb:bb:6c:f1:da:4f:c3:85:5b:0c:c7:d4:3b:80:e8:
         0d:50:c9:3d:5a:94:11:51:4a:cf:9c:b6:31:07:d6:23:b6:5b:
         c0:2a:7c:41
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUa5+unyYi5PtXQqJp6n9ebGoDqPIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA2MDUxMjI1NTVaFw0yNzA2MDQxMjMwNTVaMDMxMTAvBgNV
BAMTKDg5REI3MUQ3Mjg3MTQzQkM5QjVBRjgyMEE0REVCMUY4QjQ4RDlERTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBkyMF+nIZBnhMm+42MQVvuwYw
2AU7ElLZiR8RJ97IJV+HWo2Wi0/hQ35xsqNoIhF3hK6ussF+9kcU92K/K6N1eCfy
YY+0Y5zZcio1SMK5AfaNAeMkctw+kqjI2cKBVEgY3O26xe3sLl/W06EWBr5TcAHc
58gP/KVuwO2x2qYc+MdHO3vPOCZMIs6Hnd0bZxS+l5aY8vQCwiqZ2+9sacg9x/Vo
LOnlAeLrf4v1vhvup+VwvoTel/CQ0dKgehwXmx35HrDWZ8p4/dQMzt2fjNKmdXP7
Cxch0iTEfqCMQ/Ui+RD9lQBagQb3KiBc4yGEMQno3MGtKtBZD74ychroF3eHAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUidtx1yhxQ7ybWvggpN6x+LSNnekwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM4MzUyZTM1MzgyZTM4MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTpWMA0GCSqGSIb3DQEBCwUAA4IBAQAu
P/mtWLQd+JsYGUVVShSm6lHaSj32gLdLdxLVyqNMs4A2w0iykv8NIUchXi3yPN/9
weWStzJaPUbjue1V3cJDkVQXZr4Anpj2T2PaH9kpGL8LPK5g6VtKxRt7oPb3LXWE
CAzHhu10bqxRBIwVk+Z+DwZ6XQPjIjmvcKZAiqO6kbvbC/1hvngkm0VKj6pN5NdY
NWdtzID4Md+UMuU9Ef9qW1LBr/rUPqjcmRra4C6+t/R3dYUMUH5J/piBguxgKsDW
DOrmUxV4aVaX9YwhFhFSYtOsB16An2RR9yXru2zx2k/DhVsMx9Q7gOgNUMk9WpQR
UUrPnLYxB9YjtlvAKnxB
-----END CERTIFICATE-----