Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa
File:                     326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa (raw, json)
Hash identifier:          2SgI82VGeinvyb6ghJoBdyBmAu3gdAC4/hgnquLnxBk=
Subject key identifier:   10:38:05:37:1C:FC:1B:2C:B3:60:70:D8:B1:54:C2:BF:D7:11:CB:34
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       19953ED60746F5993E7417E4226FBBAEFB135477
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa
Signing time:             Thu 21 May 2026 11:15:49 +0000
ROA not before:           Thu 21 May 2026 11:10:49 +0000
ROA not after:            Thu 20 May 2027 11:15:49 +0000
asID:                     60492
IP address blocks:        2a02:5be0:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:95:3e:d6:07:46:f5:99:3e:74:17:e4:22:6f:bb:ae:fb:13:54:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: May 21 11:10:49 2026 GMT
            Not After : May 20 11:15:49 2027 GMT
        Subject: CN=103805371CFC1B2CB36070D8B154C2BFD711CB34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e0:60:94:0c:fb:33:73:a5:f1:a5:6d:c3:0f:
                    2d:e5:aa:0d:7a:79:30:2f:cc:32:d8:ae:41:61:09:
                    35:dd:2f:4c:18:44:92:d6:3a:bb:70:f6:f8:34:bc:
                    33:00:43:de:5d:56:dc:fa:1a:c6:18:63:24:ba:64:
                    76:e9:6f:f2:6e:30:04:03:72:57:6f:e1:2b:60:02:
                    ce:93:30:ba:01:a5:0f:1e:47:ec:22:db:5d:b5:a3:
                    35:74:08:fc:70:2b:81:98:c6:7a:97:7f:27:4c:3a:
                    fb:cb:a7:bc:c8:5a:a0:cc:5c:8f:8d:92:37:06:81:
                    7d:de:2a:ce:ae:05:63:b6:06:df:49:3a:71:00:d7:
                    c3:f9:60:51:e9:a5:b2:22:28:83:de:ba:59:59:4c:
                    2d:2c:b2:e3:7e:6c:a8:46:7e:f4:f7:37:47:5e:cc:
                    be:a3:2f:96:fc:40:41:28:68:d0:31:7f:bf:da:49:
                    05:01:34:a3:f7:91:89:50:c1:cd:7a:99:d5:ff:19:
                    64:db:41:49:be:ff:18:50:a3:1c:c9:8f:be:80:2a:
                    99:e6:2a:34:18:8d:b7:11:4b:01:11:02:d2:cc:2e:
                    ba:b6:11:3f:87:ad:da:c3:f8:10:fd:d3:ac:7f:7a:
                    ad:8c:4b:43:68:bf:44:62:91:eb:fb:22:45:60:52:
                    e3:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:38:05:37:1C:FC:1B:2C:B3:60:70:D8:B1:54:C2:BF:D7:11:CB:34
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:91:ee:87:c0:d5:0d:32:b6:c2:37:6d:5f:64:32:e9:88:dd:
         f3:c1:c1:f0:f7:ca:ff:14:8d:16:38:06:6d:c4:99:90:51:a1:
         2a:67:71:65:68:c4:f3:0c:45:60:70:d8:ec:21:15:81:c8:11:
         c7:6b:47:e0:80:9d:79:a8:06:ba:15:3c:39:4e:4d:10:b0:c5:
         2c:91:3c:85:2d:4b:26:9b:c5:7a:34:21:a8:f3:6a:3e:d6:4e:
         b7:4b:1d:20:c4:a5:15:43:1d:0a:82:55:01:c0:1e:00:2f:29:
         5b:3a:2d:6d:30:21:bf:d0:27:41:a6:b3:09:a9:78:85:cb:01:
         d5:c1:1d:57:a8:be:10:3c:46:bf:5a:4b:4a:d3:20:8b:3e:2f:
         da:14:d9:e0:d1:88:34:fe:2a:34:a6:a7:19:e2:b2:71:11:67:
         51:92:ac:6b:c7:14:42:86:95:af:45:5f:5b:a9:ec:35:71:8e:
         65:05:53:b9:d0:a8:50:dc:98:64:0c:92:ef:43:64:f1:ac:a8:
         f0:fb:df:d8:60:db:03:1f:7e:50:b5:63:d8:1c:c7:49:78:d7:
         1f:ab:b8:76:7f:5c:8e:04:b2:d5:aa:9d:18:7d:57:b0:e3:de:
         de:ee:99:84:37:82:ce:5c:8c:cc:44:35:72:4f:8e:41:38:5d:
         99:fe:f3:de
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUGZU+1gdG9Zk+dBfkIm+7rvsTVHcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA1MjExMTEwNDlaFw0yNzA1MjAxMTE1NDlaMDMxMTAvBgNV
BAMTKDEwMzgwNTM3MUNGQzFCMkNCMzYwNzBEOEIxNTRDMkJGRDcxMUNCMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT4GCUDPszc6XxpW3DDy3lqg16
eTAvzDLYrkFhCTXdL0wYRJLWOrtw9vg0vDMAQ95dVtz6GsYYYyS6ZHbpb/JuMAQD
cldv4StgAs6TMLoBpQ8eR+wi2121ozV0CPxwK4GYxnqXfydMOvvLp7zIWqDMXI+N
kjcGgX3eKs6uBWO2Bt9JOnEA18P5YFHppbIiKIPeullZTC0ssuN+bKhGfvT3N0de
zL6jL5b8QEEoaNAxf7/aSQUBNKP3kYlQwc16mdX/GWTbQUm+/xhQoxzJj76AKpnm
KjQYjbcRSwERAtLMLrq2ET+HrdrD+BD906x/eq2MS0Nov0Rikev7IkVgUuMFAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUEDgFNxz8GyyzYHDYsVTCv9cRyzQwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNTNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDM2MzAzNDM5MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAUwDQYJKoZIhvcNAQEL
BQADggEBACWR7ofA1Q0ytsI3bV9kMumI3fPBwfD3yv8UjRY4Bm3EmZBRoSpncWVo
xPMMRWBw2OwhFYHIEcdrR+CAnXmoBroVPDlOTRCwxSyRPIUtSyabxXo0Iajzaj7W
TrdLHSDEpRVDHQqCVQHAHgAvKVs6LW0wIb/QJ0GmswmpeIXLAdXBHVeovhA8Rr9a
S0rTIIs+L9oU2eDRiDT+KjSmpxnisnERZ1GSrGvHFEKGla9FX1up7DVxjmUFU7nQ
qFDcmGQMku9DZPGsqPD739hg2wMfflC1Y9gcx0l41x+ruHZ/XI4EstWqnRh9V7Dj
3t7umYQ3gs5cjMxENXJPjkE4XZn+894=
-----END CERTIFICATE-----