Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a313a3a2f34382d3438203d3e203432343237.roa
File:                     326130323a356265303a313a3a2f34382d3438203d3e203432343237.roa (raw, json)
Hash identifier:          eHiRXPbyyNtaEoOIr+KI6qhaXunNDKFgqbAonrQxI8c=
Subject key identifier:   AE:63:DC:19:2D:90:E5:9E:F1:94:E0:AA:66:6B:F5:9D:84:A1:B4:13
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       453C218C922858E4EA9D2F1025C78FA35B48FADE
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a313a3a2f34382d3438203d3e203432343237.roa
Signing time:             Fri 05 Jun 2026 12:30:55 +0000
ROA not before:           Fri 05 Jun 2026 12:25:55 +0000
ROA not after:            Fri 04 Jun 2027 12:30:55 +0000
asID:                     42427
IP address blocks:        2a02:5be0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:3c:21:8c:92:28:58:e4:ea:9d:2f:10:25:c7:8f:a3:5b:48:fa:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun  5 12:25:55 2026 GMT
            Not After : Jun  4 12:30:55 2027 GMT
        Subject: CN=AE63DC192D90E59EF194E0AA666BF59D84A1B413
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ee:91:6e:5c:1f:c0:8d:53:ba:b9:5f:ce:04:
                    68:6a:27:c2:66:a7:ed:ee:5b:32:2b:67:80:88:1d:
                    c2:5f:67:6d:a5:64:57:cf:68:9e:19:3c:cf:4b:fb:
                    7d:86:40:ab:a4:e0:90:24:71:63:15:11:6b:2c:e9:
                    f5:ab:7f:be:71:b9:59:64:80:ef:b7:f6:8b:7c:f2:
                    6e:79:87:00:2b:b1:28:6b:f3:32:37:77:7a:c9:72:
                    1c:90:b9:11:42:18:09:04:be:2a:3f:da:57:9d:7d:
                    4d:3a:1e:9b:7a:8c:d9:90:48:38:64:14:8a:6c:dd:
                    0c:bd:e1:11:46:f3:05:fb:92:31:62:6b:02:c1:6f:
                    2b:07:fd:80:e1:97:2c:fb:6f:89:bf:49:01:9a:d9:
                    46:24:6a:d8:25:4e:89:05:e2:73:91:7c:f6:78:00:
                    82:96:7e:9d:b1:5c:c5:ec:9f:c8:18:80:6b:b2:5d:
                    71:32:15:d7:ca:5b:2d:b5:bc:61:af:8e:2e:c2:59:
                    f0:16:59:6c:f1:5b:82:6e:35:61:f8:6d:08:b3:92:
                    e0:e7:6e:8f:76:79:f1:40:8e:dd:43:42:49:61:16:
                    dc:5d:5c:bf:13:bd:73:a5:aa:8c:61:60:ae:6e:40:
                    32:a3:c7:72:d2:e4:37:3e:07:27:83:25:fd:7c:9f:
                    54:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:63:DC:19:2D:90:E5:9E:F1:94:E0:AA:66:6B:F5:9D:84:A1:B4:13
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a313a3a2f34382d3438203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:7f:86:d3:e3:73:4e:a7:f6:7b:04:54:af:c3:24:cb:3e:6f:
         47:76:c4:e9:08:f5:d3:5a:d9:3d:3c:ef:28:0e:24:f9:28:4b:
         d9:c3:11:0a:fd:e7:fb:c4:f4:96:ba:42:f7:e0:99:98:27:d3:
         b5:fd:93:7f:14:1c:a6:2b:9f:a5:c9:70:3f:7f:7e:cd:17:48:
         01:c9:83:0f:d9:62:10:ff:03:2f:5b:57:e6:fb:75:a7:22:25:
         5a:5f:05:3f:2d:96:d1:cf:40:cf:dc:87:57:49:73:af:0a:41:
         ae:30:40:20:6f:2d:d0:d4:a4:d9:66:e1:a2:82:56:7e:e1:bc:
         bb:5a:d5:f1:0e:8a:fb:f2:2d:82:1d:6e:ee:52:e9:5b:c4:d3:
         f1:a4:b3:7a:61:84:cd:a0:24:5e:12:d6:48:8c:0f:2e:4d:2c:
         72:17:d6:dc:80:71:e0:0d:f9:4d:c1:82:2b:25:c7:20:60:91:
         5d:1d:68:86:0b:cb:60:b6:f5:86:90:a7:15:4b:b8:b5:ab:64:
         66:a7:f5:b6:cb:2b:b3:74:53:15:37:c8:be:cb:8b:fe:ab:da:
         5d:70:a8:bf:55:6c:fa:45:0b:be:df:93:a0:f8:06:c5:de:b1:
         f3:02:b3:7f:ef:7c:ef:f7:0a:c2:19:9e:88:fd:df:07:a3:3c:
         6c:a4:11:1d
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIURTwhjJIoWOTqnS8QJcePo1tI+t4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA2MDUxMjI1NTVaFw0yNzA2MDQxMjMwNTVaMDMxMTAvBgNV
BAMTKEFFNjNEQzE5MkQ5MEU1OUVGMTk0RTBBQTY2NkJGNTlEODRBMUI0MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+7pFuXB/AjVO6uV/OBGhqJ8Jm
p+3uWzIrZ4CIHcJfZ22lZFfPaJ4ZPM9L+32GQKuk4JAkcWMVEWss6fWrf75xuVlk
gO+39ot88m55hwArsShr8zI3d3rJchyQuRFCGAkEvio/2ledfU06Hpt6jNmQSDhk
FIps3Qy94RFG8wX7kjFiawLBbysH/YDhlyz7b4m/SQGa2UYkatglTokF4nORfPZ4
AIKWfp2xXMXsn8gYgGuyXXEyFdfKWy21vGGvji7CWfAWWWzxW4JuNWH4bQizkuDn
bo92efFAjt1DQklhFtxdXL8TvXOlqoxhYK5uQDKjx3LS5Dc+ByeDJf18n1SxAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUrmPcGS2Q5Z7xlOCqZmv1nYShtBMwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzMTNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDM0MzIzNDMyMzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAEwDQYJKoZIhvcNAQEL
BQADggEBADZ/htPjc06n9nsEVK/DJMs+b0d2xOkI9dNa2T087ygOJPkoS9nDEQr9
5/vE9Ja6QvfgmZgn07X9k38UHKYrn6XJcD9/fs0XSAHJgw/ZYhD/Ay9bV+b7daci
JVpfBT8tltHPQM/ch1dJc68KQa4wQCBvLdDUpNlm4aKCVn7hvLta1fEOivvyLYId
bu5S6VvE0/Gks3phhM2gJF4S1kiMDy5NLHIX1tyAceAN+U3BgislxyBgkV0daIYL
y2C29YaQpxVLuLWrZGan9bbLK7N0UxU3yL7Li/6r2l1wqL9VbPpFC77fk6D4BsXe
sfMCs3/vfO/3CsIZnoj93wejPGykER0=
-----END CERTIFICATE-----