Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203432343237.roa
File:                     326130323a356265303a363a3a2f34382d3438203d3e203432343237.roa (raw, json)
Hash identifier:          k2trev7040H7nlCvrn7vfRen4GBl7pizAqBvpkLWLQk=
Subject key identifier:   3E:BA:D2:53:1E:BD:67:8A:99:E8:B6:33:EC:5A:57:0D:DE:57:7D:BA
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       6D3BA1E3F8B53F81572A6D739EED57FACD260418
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203432343237.roa
Signing time:             Thu 21 May 2026 11:15:48 +0000
ROA not before:           Thu 21 May 2026 11:10:48 +0000
ROA not after:            Thu 20 May 2027 11:15:48 +0000
asID:                     42427
IP address blocks:        2a02:5be0:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:3b:a1:e3:f8:b5:3f:81:57:2a:6d:73:9e:ed:57:fa:cd:26:04:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: May 21 11:10:48 2026 GMT
            Not After : May 20 11:15:48 2027 GMT
        Subject: CN=3EBAD2531EBD678A99E8B633EC5A570DDE577DBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:3a:d9:2e:db:90:a9:a4:ba:e5:d7:81:5a:40:
                    47:8f:b7:a0:df:2a:b6:03:c0:1e:64:d3:6b:d9:0d:
                    08:8d:d8:06:dc:4b:e4:82:34:b2:78:b9:9b:1d:61:
                    90:33:25:7c:f2:cf:c9:1b:f0:f1:fd:f6:e8:7a:4b:
                    79:ae:42:ed:4f:78:f9:7a:1f:68:16:38:5c:04:12:
                    6d:87:33:57:12:4d:45:d1:ad:c5:94:70:9a:39:15:
                    49:dd:25:d5:fe:58:b5:92:30:af:89:31:f5:d3:0f:
                    47:94:24:5b:43:59:0a:16:d9:29:39:b5:6a:61:34:
                    83:54:de:c3:4e:fd:c3:95:fb:19:42:49:62:ac:70:
                    aa:33:2b:84:5c:fb:88:87:a3:5a:8e:1e:bd:01:74:
                    6c:93:3c:9c:01:e5:38:55:0b:d6:1f:17:59:49:e4:
                    b2:68:b7:fa:0a:21:ef:6d:7a:0d:99:ba:cb:40:e3:
                    2b:6c:a7:a0:ee:11:b0:a3:d6:f2:dc:95:cd:fa:9f:
                    44:04:a9:43:b3:9b:9a:83:63:aa:04:ad:ee:9e:9c:
                    36:2a:70:83:c0:a3:18:41:75:00:8a:4c:35:c0:90:
                    c9:6e:3b:c2:58:40:05:a3:7d:5c:30:cf:69:55:bc:
                    d3:59:8d:4d:34:dd:d0:35:56:b3:c9:6e:b5:76:92:
                    b6:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:BA:D2:53:1E:BD:67:8A:99:E8:B6:33:EC:5A:57:0D:DE:57:7D:BA
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a363a3a2f34382d3438203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:9d:9e:52:0f:e9:9a:49:be:63:06:cf:31:11:e8:33:7d:9f:
         ef:ff:8a:4c:28:ca:fd:6a:34:c5:f1:a1:4f:d2:b4:07:7f:32:
         bb:a3:46:93:94:68:8e:52:4b:9a:1d:ef:2f:eb:21:ca:c3:01:
         cd:24:cb:5e:ad:41:0c:75:de:c3:d4:58:c9:98:fa:93:a6:1b:
         28:7e:34:59:3f:6a:68:5d:3a:3d:e0:9d:04:f8:d4:a1:86:10:
         cc:1f:bf:71:64:c3:95:d5:42:1d:16:71:40:0d:45:e9:e4:7c:
         12:bc:0b:88:9a:8c:74:1b:ca:82:46:f3:48:e1:45:b1:fa:21:
         cb:03:e1:39:49:df:59:c6:74:16:8e:54:71:50:0f:c0:95:bd:
         5f:ff:52:70:80:0b:48:07:a1:a0:27:47:6e:a7:2b:5d:0d:f7:
         9a:cb:98:f8:b6:e8:bc:a1:51:ce:92:b1:2e:8a:be:1b:c1:24:
         51:b8:04:ab:a0:97:43:c9:93:15:f8:ac:57:af:b2:a6:ef:3e:
         11:5b:88:88:08:89:d8:ff:44:66:fe:2d:7f:84:4a:39:3a:82:
         ef:88:77:4d:63:ec:07:ae:0a:dd:ed:72:92:5d:7f:85:53:90:
         e0:a9:e4:47:1d:f4:7f:3c:8a:93:e9:1c:9a:6f:c4:d1:17:b5:
         b9:75:3e:e9
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUbTuh4/i1P4FXKm1znu1X+s0mBBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA1MjExMTEwNDhaFw0yNzA1MjAxMTE1NDhaMDMxMTAvBgNV
BAMTKDNFQkFEMjUzMUVCRDY3OEE5OUU4QjYzM0VDNUE1NzBEREU1NzdEQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpOtku25CppLrl14FaQEePt6Df
KrYDwB5k02vZDQiN2AbcS+SCNLJ4uZsdYZAzJXzyz8kb8PH99uh6S3muQu1PePl6
H2gWOFwEEm2HM1cSTUXRrcWUcJo5FUndJdX+WLWSMK+JMfXTD0eUJFtDWQoW2Sk5
tWphNINU3sNO/cOV+xlCSWKscKozK4Rc+4iHo1qOHr0BdGyTPJwB5ThVC9YfF1lJ
5LJot/oKIe9teg2ZustA4ytsp6DuEbCj1vLclc36n0QEqUOzm5qDY6oEre6enDYq
cIPAoxhBdQCKTDXAkMluO8JYQAWjfVwwz2lVvNNZjU003dA1VrPJbrV2krbrAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUPrrSUx69Z4qZ6LYz7FpXDd5XfbowHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNjNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDM0MzIzNDMyMzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAYwDQYJKoZIhvcNAQEL
BQADggEBABadnlIP6ZpJvmMGzzER6DN9n+//ikwoyv1qNMXxoU/StAd/MrujRpOU
aI5SS5od7y/rIcrDAc0ky16tQQx13sPUWMmY+pOmGyh+NFk/amhdOj3gnQT41KGG
EMwfv3Fkw5XVQh0WcUANRenkfBK8C4iajHQbyoJG80jhRbH6IcsD4TlJ31nGdBaO
VHFQD8CVvV//UnCAC0gHoaAnR26nK10N95rLmPi26LyhUc6SsS6KvhvBJFG4BKug
l0PJkxX4rFevsqbvPhFbiIgIidj/RGb+LX+ESjk6gu+Id01j7AeuCt3tcpJdf4VT
kOCp5Ecd9H88ipPpHJpvxNEXtbl1Puk=
-----END CERTIFICATE-----