Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a3a2f34382d3438203d3e203432343237.roa
File:                     326130323a356265303a3a2f34382d3438203d3e203432343237.roa (raw, json)
Hash identifier:          +ZKTugzAp4BNH5JTanebxVymIZbw+69cUYQqEf4ElpQ=
Subject key identifier:   30:37:76:26:90:40:1D:67:5E:93:20:B4:E6:81:B5:28:8C:31:86:2C
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       31ECF5DCD17DE1B03DA5730E54D8287EB9A0FC45
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a3a2f34382d3438203d3e203432343237.roa
Signing time:             Fri 05 Jun 2026 12:30:56 +0000
ROA not before:           Fri 05 Jun 2026 12:25:56 +0000
ROA not after:            Fri 04 Jun 2027 12:30:56 +0000
asID:                     42427
IP address blocks:        2a02:5be0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 11:55:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ec:f5:dc:d1:7d:e1:b0:3d:a5:73:0e:54:d8:28:7e:b9:a0:fc:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun  5 12:25:56 2026 GMT
            Not After : Jun  4 12:30:56 2027 GMT
        Subject: CN=3037762690401D675E9320B4E681B5288C31862C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f1:f5:92:89:09:5a:a7:3c:fa:7d:50:2d:45:
                    e1:d0:a9:37:ce:fb:b4:21:73:e3:90:fe:9a:fd:53:
                    ca:d4:a8:a4:a1:63:c6:88:15:ea:11:3f:bc:aa:6d:
                    ff:11:af:35:7c:d6:60:3b:88:07:f5:96:56:4f:b1:
                    f9:29:18:3e:20:b2:82:62:89:39:91:20:b9:cb:2b:
                    99:d9:89:ac:30:12:de:18:2b:e3:49:58:6f:67:51:
                    6b:32:a1:29:9f:df:c1:e0:c7:65:ad:56:60:07:2d:
                    34:d3:b6:81:22:5b:5b:ef:7e:4c:67:5a:83:b2:ae:
                    6e:3c:56:e9:27:9a:4d:39:12:72:fb:2c:5e:b5:50:
                    11:e3:27:fa:44:4f:a5:08:72:70:f8:5f:cc:d6:5f:
                    e0:e2:bb:f9:c1:e3:9e:22:98:27:4d:c0:8f:83:41:
                    f2:8c:ef:83:05:21:bc:02:19:97:97:9d:7c:89:9a:
                    27:90:0f:74:84:8c:c0:33:30:32:c9:ae:73:b5:3e:
                    a2:e7:25:42:6c:6d:25:30:39:38:8e:69:db:a3:0b:
                    ad:d7:ac:05:b6:d5:bb:13:d2:d1:da:bc:f6:e9:76:
                    8f:e8:58:10:83:f9:44:e2:7a:95:f0:e3:9d:7a:22:
                    61:b9:2e:fe:2e:fc:44:34:9e:8c:23:33:bc:1b:09:
                    69:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:37:76:26:90:40:1D:67:5E:93:20:B4:E6:81:B5:28:8C:31:86:2C
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a3a2f34382d3438203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:75:92:e2:7a:7b:05:55:aa:7d:c7:55:ff:21:89:ac:99:cd:
         b9:ac:6c:49:cf:30:a0:db:35:bb:9e:a5:34:d0:8d:2b:92:b1:
         75:91:d4:79:ee:b4:4d:45:69:37:5d:72:4c:d2:ee:58:af:9e:
         26:72:e1:c2:76:84:7d:31:d7:27:75:9e:3b:98:97:c2:5f:e3:
         64:c1:d0:8d:f9:b0:1a:96:f2:93:b1:7a:59:83:28:7e:e1:50:
         04:2c:f3:8e:a6:d1:cb:93:45:94:3f:58:b9:3e:b4:60:4a:f5:
         e7:e9:67:aa:41:d3:79:97:55:99:98:fb:35:c9:00:fb:7c:09:
         ff:ca:1f:4d:fb:f5:d1:b2:c4:46:cd:93:36:a0:8d:1a:0a:dc:
         e2:10:09:26:f8:e3:a6:a6:2f:d1:13:3c:f6:a3:7a:25:f0:36:
         2b:33:73:9c:fd:ce:18:3a:cf:95:4b:4d:a1:13:db:73:9b:3b:
         e6:71:21:c3:7a:12:ed:a2:c3:fa:49:09:ae:10:ca:79:8f:ab:
         42:83:95:c1:4a:b0:b1:17:92:0c:5f:5f:aa:cb:c8:5f:a0:a6:
         7e:a1:ff:39:14:04:99:74:f6:cf:45:d9:d7:bb:d5:fe:e2:54:
         ec:8e:a4:1b:62:ff:6a:12:d1:4c:a2:65:10:0c:79:e5:a3:e2:
         3c:08:a8:fa
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIUMez13NF94bA9pXMOVNgofrmg/EUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjA2MDUxMjI1NTZaFw0yNzA2MDQxMjMwNTZaMDMxMTAvBgNV
BAMTKDMwMzc3NjI2OTA0MDFENjc1RTkzMjBCNEU2ODFCNTI4OEMzMTg2MkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ8fWSiQlapzz6fVAtReHQqTfO
+7Qhc+OQ/pr9U8rUqKShY8aIFeoRP7yqbf8RrzV81mA7iAf1llZPsfkpGD4gsoJi
iTmRILnLK5nZiawwEt4YK+NJWG9nUWsyoSmf38Hgx2WtVmAHLTTTtoEiW1vvfkxn
WoOyrm48Vuknmk05EnL7LF61UBHjJ/pET6UIcnD4X8zWX+Diu/nB454imCdNwI+D
QfKM74MFIbwCGZeXnXyJmieQD3SEjMAzMDLJrnO1PqLnJUJsbSUwOTiOadujC63X
rAW21bsT0tHavPbpdo/oWBCD+UTiepXw4516ImG5Lv4u/EQ0nowjM7wbCWlDAgMB
AAGjggH4MIIB9DAdBgNVHQ4EFgQUMDd2JpBAHWdekyC05oG1KIwxhiwwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMjYxMzAzMjNhMzU2MjY1MzAzYTNhMmYzNDM4MmQzNDM4MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsG
AQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgJb4AAAMA0GCSqGSIb3DQEBCwUAA4IB
AQCBdZLiensFVap9x1X/IYmsmc25rGxJzzCg2zW7nqU00I0rkrF1kdR57rRNRWk3
XXJM0u5Yr54mcuHCdoR9MdcndZ47mJfCX+NkwdCN+bAalvKTsXpZgyh+4VAELPOO
ptHLk0WUP1i5PrRgSvXn6WeqQdN5l1WZmPs1yQD7fAn/yh9N+/XRssRGzZM2oI0a
CtziEAkm+OOmpi/REzz2o3ol8DYrM3Oc/c4YOs+VS02hE9tzmzvmcSHDehLtosP6
SQmuEMp5j6tCg5XBSrCxF5IMX1+qy8hfoKZ+of85FASZdPbPRdnXu9X+4lTsjqQb
Yv9qEtFMomUQDHnlo+I8CKj6
-----END CERTIFICATE-----