Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa
File:                     326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          EJj57BQ/MebAsBdEPV86CcLWC4zn3/g6CXCTpRUXF00=
Subject key identifier:   77:12:C0:E2:17:9A:D9:E1:12:A6:8D:B2:82:E9:C6:F7:F6:18:A7:D0
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       37DE6EE650400BFAAB532DDEC821A72767F98341
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa
Signing time:             Thu 21 May 2026 11:15:48 +0000
ROA not before:           Thu 21 May 2026 11:10:48 +0000
ROA not after:            Thu 20 May 2027 11:15:48 +0000
asID:                     16509
IP address blocks:        2a02:5be0:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:de:6e:e6:50:40:0b:fa:ab:53:2d:de:c8:21:a7:27:67:f9:83:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: May 21 11:10:48 2026 GMT
            Not After : May 20 11:15:48 2027 GMT
        Subject: CN=7712C0E2179AD9E112A68DB282E9C6F7F618A7D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b7:6e:a1:40:ff:1a:9c:d5:84:6f:96:1d:fc:
                    e3:30:ef:f0:c4:ba:d7:45:e9:6b:7c:04:c3:98:bf:
                    af:74:68:f9:fd:3f:c6:7b:d8:d7:3c:8a:68:45:06:
                    7a:52:1b:48:4a:cc:c9:b8:25:d3:e4:2f:79:02:e1:
                    a4:84:d2:e1:f1:dd:b1:0f:21:45:53:89:5f:59:22:
                    4d:44:8d:bb:98:7c:6c:50:26:f1:32:6f:06:86:ac:
                    48:66:5f:17:d0:75:aa:72:69:4d:2b:c7:a4:69:79:
                    35:4c:35:e3:e3:4c:47:05:e6:03:47:b2:ff:30:b1:
                    93:cd:74:76:b0:6d:c6:d5:fa:fb:fc:c0:bb:b4:5f:
                    06:1c:44:d3:0a:60:f8:49:18:80:fd:ee:86:16:f5:
                    59:e5:eb:1f:23:f9:8a:26:3c:89:98:da:60:63:13:
                    45:10:0a:9d:88:68:4a:7c:90:3d:ff:f0:e7:ad:2f:
                    cf:74:73:3c:32:d1:32:95:58:02:a9:9d:77:c6:0e:
                    50:2c:ea:66:2a:8f:c6:2d:e3:32:63:29:6d:c8:2b:
                    c0:15:33:43:5b:b3:e9:f2:5e:3b:05:b9:7a:42:c2:
                    12:74:78:cf:04:7a:b9:78:45:ec:03:a7:9d:85:25:
                    ae:9d:21:ee:0c:b3:3d:65:f2:26:2b:28:e5:a0:04:
                    f9:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:12:C0:E2:17:9A:D9:E1:12:A6:8D:B2:82:E9:C6:F7:F6:18:A7:D0
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:50:80:e2:54:af:54:eb:8b:0f:11:18:69:42:6a:90:b2:25:
         85:e2:67:8e:f0:c6:70:12:c7:9a:67:0f:22:71:5c:e9:2e:d4:
         dc:52:c7:d3:6d:b4:0d:40:76:fe:26:49:af:e4:62:19:29:99:
         59:4d:91:4c:bd:e5:98:0f:4f:3d:7c:1e:af:64:4a:70:03:43:
         08:0b:7d:de:92:c6:1a:69:80:85:67:6f:c8:9b:11:23:9e:0c:
         c1:7c:b6:7e:a2:5f:1d:5c:96:5f:27:3b:b7:d3:61:23:f8:14:
         37:65:77:4d:87:1b:99:a2:ae:61:92:b5:98:fa:20:69:4a:e1:
         a1:d4:fb:36:78:14:01:4d:3a:67:fc:85:57:f5:64:d2:7c:13:
         84:a4:65:25:73:ec:72:e7:a4:8c:e6:42:2f:de:84:62:dc:f3:
         5e:3e:29:9b:61:85:af:69:f7:99:35:75:0c:d7:39:a5:f6:f4:
         71:74:8d:29:19:b0:aa:a7:dc:81:c8:84:ef:3c:9f:52:aa:6d:
         d9:9f:d7:58:2d:75:3b:61:fc:91:3e:29:46:1b:1f:fe:a4:67:
         de:44:6d:00:af:98:3f:43:67:00:60:05:a3:d3:00:87:b0:de:
         de:0d:5f:27:b0:43:2f:9e:79:7c:c2:23:8a:bf:74:01:3e:a9:
         f8:d9:e1:aa
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUN95u5lBAC/qrUy3eyCGnJ2f5g0EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA1MjExMTEwNDhaFw0yNzA1MjAxMTE1NDhaMDMxMTAvBgNV
BAMTKDc3MTJDMEUyMTc5QUQ5RTExMkE2OERCMjgyRTlDNkY3RjYxOEE3RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgt26hQP8anNWEb5Yd/OMw7/DE
utdF6Wt8BMOYv690aPn9P8Z72Nc8imhFBnpSG0hKzMm4JdPkL3kC4aSE0uHx3bEP
IUVTiV9ZIk1EjbuYfGxQJvEybwaGrEhmXxfQdapyaU0rx6RpeTVMNePjTEcF5gNH
sv8wsZPNdHawbcbV+vv8wLu0XwYcRNMKYPhJGID97oYW9Vnl6x8j+YomPImY2mBj
E0UQCp2IaEp8kD3/8OetL890czwy0TKVWAKpnXfGDlAs6mYqj8Yt4zJjKW3IK8AV
M0Nbs+nyXjsFuXpCwhJ0eM8Eerl4RewDp52FJa6dIe4Msz1l8iYrKOWgBPntAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUdxLA4hea2eESpo2ygunG9/YYp9AwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNzNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAcwDQYJKoZIhvcNAQEL
BQADggEBAABQgOJUr1Triw8RGGlCapCyJYXiZ47wxnASx5pnDyJxXOku1NxSx9Nt
tA1Adv4mSa/kYhkpmVlNkUy95ZgPTz18Hq9kSnADQwgLfd6SxhppgIVnb8ibESOe
DMF8tn6iXx1cll8nO7fTYSP4FDdld02HG5mirmGStZj6IGlK4aHU+zZ4FAFNOmf8
hVf1ZNJ8E4SkZSVz7HLnpIzmQi/ehGLc814+KZthha9p95k1dQzXOaX29HF0jSkZ
sKqn3IHIhO88n1Kqbdmf11gtdTth/JE+KUYbH/6kZ95EbQCvmD9DZwBgBaPTAIew
3t4NXyewQy+eeXzCI4q/dAE+qfjZ4ao=
-----END CERTIFICATE-----