Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38372e302f32342d3234203d3e203432343237.roa
File:                     3138352e35382e38372e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          I8cn3d7zHea4/m2Yhc52t4Hcm5cgH2rxJGoQPRkV+c4=
Subject key identifier:   27:3B:AA:B3:81:BE:22:B0:E6:15:C8:06:F5:10:A1:FE:7F:3F:30:84
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       7C156170B8959A58D1171014FD734966C349A5BC
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38372e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 05 Jun 2026 12:30:54 +0000
ROA not before:           Fri 05 Jun 2026 12:25:54 +0000
ROA not after:            Fri 04 Jun 2027 12:30:54 +0000
asID:                     42427
IP address blocks:        185.58.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:15:61:70:b8:95:9a:58:d1:17:10:14:fd:73:49:66:c3:49:a5:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun  5 12:25:54 2026 GMT
            Not After : Jun  4 12:30:54 2027 GMT
        Subject: CN=273BAAB381BE22B0E615C806F510A1FE7F3F3084
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:75:67:0a:ce:f9:4c:df:74:79:ba:69:31:e1:
                    58:05:38:df:28:48:c3:e4:d8:13:10:24:5a:65:39:
                    53:a1:09:21:b1:31:b9:14:e2:99:20:d0:f6:17:c2:
                    c1:21:84:68:ba:37:19:8b:39:4f:f1:28:8c:ff:19:
                    d0:a8:18:22:59:6b:24:6b:52:7f:bf:08:78:b4:06:
                    82:b2:19:37:e0:38:08:1b:69:ff:e9:33:55:86:c5:
                    15:70:e5:de:d0:76:dc:2a:86:10:32:d7:22:ab:c6:
                    a6:3c:18:4a:07:77:a1:04:e2:ee:52:a9:2a:a5:19:
                    8b:d3:f7:0d:c8:ee:ca:8a:bf:b3:fe:c8:50:d2:57:
                    1a:1f:fd:f9:a4:51:8c:0d:5b:eb:1d:98:ea:1a:41:
                    19:c0:1c:ee:02:77:67:98:81:1c:6c:45:39:b0:40:
                    84:9f:a2:80:a1:ff:f7:b9:1a:e4:fc:a7:60:b2:6a:
                    b4:82:ac:23:2f:54:f4:53:72:9d:65:93:fe:2d:4e:
                    3f:a4:a5:e5:98:cf:e3:ca:03:a4:f7:b9:29:c0:32:
                    df:48:c1:ae:37:f1:35:96:e7:aa:8a:9c:e9:01:d4:
                    72:df:e7:09:ad:42:59:97:e4:1a:f6:b6:38:30:14:
                    19:a8:a1:44:5b:f9:a2:a5:be:9f:6b:ca:58:4f:64:
                    75:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:3B:AA:B3:81:BE:22:B0:E6:15:C8:06:F5:10:A1:FE:7F:3F:30:84
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38372e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:4d:86:af:13:2f:35:1e:03:bb:74:2c:7c:a7:3f:09:ae:9f:
         80:6d:28:35:0f:99:8a:6f:cb:59:03:b6:3e:49:ac:a5:7c:f0:
         ab:6f:fb:1f:61:33:d7:67:31:72:e6:7e:0f:c2:81:06:38:c4:
         26:89:5a:86:fc:53:42:97:13:ee:39:30:eb:77:18:00:f0:7d:
         41:70:97:2e:ee:7e:c2:35:4f:1a:6b:47:88:65:5e:76:32:67:
         e3:ac:f6:c9:05:ba:23:0c:50:7d:6c:e6:35:cf:b0:a3:67:78:
         de:6c:36:4a:c8:ca:fa:4f:2b:04:2c:e2:09:a0:7d:dd:18:55:
         6c:76:64:a7:f7:8f:36:31:70:04:ec:93:a4:63:a3:90:f3:f0:
         8f:53:a3:98:17:97:9b:a4:36:fe:15:34:23:a9:2f:f8:48:bd:
         a4:a1:d6:27:51:17:4d:6a:24:6c:35:06:34:18:33:74:36:65:
         94:f7:63:61:42:74:0c:be:7d:4e:5b:fa:27:b7:5a:02:b2:c2:
         eb:fe:fb:a3:be:8c:a0:d6:f8:c3:e1:6d:2b:e9:fe:a2:69:fa:
         01:25:48:92:d8:54:ac:96:56:99:03:7a:0b:e5:74:0c:63:8c:
         2c:c0:91:d9:c1:a7:aa:9c:63:1c:ba:78:8d:60:00:84:49:85:
         4b:ba:e8:ba
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUfBVhcLiVmljRFxAU/XNJZsNJpbwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA2MDUxMjI1NTRaFw0yNzA2MDQxMjMwNTRaMDMxMTAvBgNV
BAMTKDI3M0JBQUIzODFCRTIyQjBFNjE1QzgwNkY1MTBBMUZFN0YzRjMwODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDudWcKzvlM33R5umkx4VgFON8o
SMPk2BMQJFplOVOhCSGxMbkU4pkg0PYXwsEhhGi6NxmLOU/xKIz/GdCoGCJZayRr
Un+/CHi0BoKyGTfgOAgbaf/pM1WGxRVw5d7QdtwqhhAy1yKrxqY8GEoHd6EE4u5S
qSqlGYvT9w3I7sqKv7P+yFDSVxof/fmkUYwNW+sdmOoaQRnAHO4Cd2eYgRxsRTmw
QISfooCh//e5GuT8p2CyarSCrCMvVPRTcp1lk/4tTj+kpeWYz+PKA6T3uSnAMt9I
wa438TWW56qKnOkB1HLf5wmtQlmX5Br2tjgwFBmooURb+aKlvp9rylhPZHVFAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUJzuqs4G+IrDmFcgG9RCh/n8/MIQwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM4MzUyZTM1MzgyZTM4MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTpXMA0GCSqGSIb3DQEBCwUAA4IBAQAq
TYavEy81HgO7dCx8pz8Jrp+AbSg1D5mKb8tZA7Y+SaylfPCrb/sfYTPXZzFy5n4P
woEGOMQmiVqG/FNClxPuOTDrdxgA8H1BcJcu7n7CNU8aa0eIZV52MmfjrPbJBboj
DFB9bOY1z7CjZ3jebDZKyMr6TysELOIJoH3dGFVsdmSn9482MXAE7JOkY6OQ8/CP
U6OYF5ebpDb+FTQjqS/4SL2kodYnURdNaiRsNQY0GDN0NmWU92NhQnQMvn1OW/on
t1oCssLr/vujvoyg1vjD4W0r6f6iafoBJUiS2FSsllaZA3oL5XQMY4wswJHZwaeq
nGMcuniNYACESYVLuui6
-----END CERTIFICATE-----