Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203339353838.roa
File:                     3134372e32382e33372e302f32342d3234203d3e203339353838.roa (raw, json)
Hash identifier:          XdL9kfoEHx7hnKbTtXxwBvb/MOuO+mcZTMLIwxfsUi4=
Subject key identifier:   84:FC:22:51:AD:64:58:DE:1B:E6:E7:2E:CA:A0:99:F0:E0:80:57:52
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       6425DB5E23580D5F8E0716B31C16D9D44411B722
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203339353838.roa
Signing time:             Wed 18 Jun 2025 13:58:21 +0000
ROA not before:           Wed 18 Jun 2025 13:53:21 +0000
ROA not after:            Wed 17 Jun 2026 13:58:21 +0000
asID:                     39588
IP address blocks:        147.28.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:25:db:5e:23:58:0d:5f:8e:07:16:b3:1c:16:d9:d4:44:11:b7:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun 18 13:53:21 2025 GMT
            Not After : Jun 17 13:58:21 2026 GMT
        Subject: CN=84FC2251AD6458DE1BE6E72ECAA099F0E0805752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ad:9c:e9:03:ad:c2:bf:05:9d:a7:ca:82:57:
                    a9:a8:9c:fc:d7:9b:16:a6:bb:98:e4:66:78:69:07:
                    53:19:5d:6e:e1:7e:47:bc:96:f8:0d:c4:a9:25:3e:
                    ee:51:08:0f:f1:1d:71:e1:ac:1c:83:ad:b7:87:85:
                    b2:ef:82:1b:c3:56:51:a2:fb:69:d0:71:31:2a:cd:
                    ab:c0:0a:ab:c8:fb:6d:81:fe:b6:6d:b3:13:cd:41:
                    0a:45:78:a1:06:fc:f2:1b:e1:98:6c:de:b1:78:48:
                    10:0d:27:43:47:09:bf:c2:42:b0:bb:50:f2:06:d4:
                    ac:af:ce:b0:e0:b3:a2:9f:d1:4b:e1:ec:d4:86:b4:
                    e6:5d:d3:7f:35:8f:ed:a5:a6:e7:e5:3e:60:a2:8f:
                    48:e5:29:38:47:61:bf:e9:f4:dd:78:50:ed:d3:a5:
                    30:85:e3:7b:8e:6f:e7:6e:46:02:c2:46:a1:df:3c:
                    8c:21:19:ef:ad:8a:4c:5b:11:79:e5:29:ca:a9:7c:
                    9f:7e:90:c8:fa:a5:5b:5e:fc:35:a0:ad:c7:3b:03:
                    a3:52:34:16:a4:93:56:e2:fa:b1:a6:00:cc:6f:38:
                    27:27:2f:d1:47:97:c3:96:2c:de:7a:fe:05:72:82:
                    a7:f1:72:7d:3b:2f:bd:92:d4:cc:8d:c0:47:a5:bc:
                    cf:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:FC:22:51:AD:64:58:DE:1B:E6:E7:2E:CA:A0:99:F0:E0:80:57:52
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33372e302f32342d3234203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:17:c4:67:92:8c:f4:41:21:12:d5:75:b4:fa:de:64:df:b0:
         97:d6:7f:a2:25:d6:41:cc:27:4f:bd:bf:f4:2f:84:34:81:b7:
         34:ed:e1:f2:54:d8:67:fb:eb:94:53:0c:03:93:49:ee:c5:fe:
         41:1c:03:84:b4:31:e9:8f:be:4a:fa:e6:7e:f0:fe:5b:57:c4:
         af:4f:10:a8:49:c3:e6:83:c2:27:35:ab:d2:87:94:13:0a:11:
         51:0f:d2:85:1f:f7:b4:24:9b:b8:d6:b7:7b:63:fc:d0:c8:3a:
         86:c8:59:7f:6f:62:d7:8c:8d:70:78:53:df:2f:c3:6b:bf:6d:
         86:61:df:50:5b:4d:e7:d1:d0:10:6f:1e:9c:06:8e:d2:f6:45:
         f5:b2:f0:ca:10:be:d5:da:06:48:59:2c:a7:4d:88:7e:82:c2:
         0b:13:41:62:a5:3d:a3:9a:27:eb:f1:15:e4:fd:c0:4c:e9:05:
         6b:75:32:3b:51:ed:25:1e:84:3f:e2:05:31:dc:42:93:b8:22:
         33:90:8b:e0:79:4c:c5:d3:49:37:be:09:81:75:da:39:8f:f4:
         9b:fa:53:b6:75:d0:cc:2c:31:c7:8c:a3:15:4a:61:b9:b2:98:
         5f:62:12:fe:8b:49:f6:f8:8f:1a:73:b9:ac:e8:1d:8f:43:e1:
         e5:68:4a:b4
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUZCXbXiNYDV+OBxazHBbZ1EQRtyIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNTA2MTgxMzUzMjFaFw0yNjA2MTcxMzU4MjFaMDMxMTAvBgNV
BAMTKDg0RkMyMjUxQUQ2NDU4REUxQkU2RTcyRUNBQTA5OUYwRTA4MDU3NTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8rZzpA63CvwWdp8qCV6monPzX
mxamu5jkZnhpB1MZXW7hfke8lvgNxKklPu5RCA/xHXHhrByDrbeHhbLvghvDVlGi
+2nQcTEqzavACqvI+22B/rZtsxPNQQpFeKEG/PIb4Zhs3rF4SBANJ0NHCb/CQrC7
UPIG1KyvzrDgs6Kf0Uvh7NSGtOZd0381j+2lpuflPmCij0jlKThHYb/p9N14UO3T
pTCF43uOb+duRgLCRqHfPIwhGe+tikxbEXnlKcqpfJ9+kMj6pVte/DWgrcc7A6NS
NBakk1bi+rGmAMxvOCcnL9FHl8OWLN56/gVygqfxcn07L72S1MyNwEelvM8VAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUhPwiUa1kWN4b5ucuyqCZ8OCAV1IwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMzM5MzUzODM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwlMA0GCSqGSIb3DQEBCwUAA4IBAQCV
F8Rnkoz0QSES1XW0+t5k37CX1n+iJdZBzCdPvb/0L4Q0gbc07eHyVNhn++uUUwwD
k0nuxf5BHAOEtDHpj75K+uZ+8P5bV8SvTxCoScPmg8InNavSh5QTChFRD9KFH/e0
JJu41rd7Y/zQyDqGyFl/b2LXjI1weFPfL8Nrv22GYd9QW03n0dAQbx6cBo7S9kX1
svDKEL7V2gZIWSynTYh+gsILE0FipT2jmifr8RXk/cBM6QVrdTI7Ue0lHoQ/4gUx
3EKTuCIzkIvgeUzF00k3vgmBddo5j/Sb+lO2ddDMLDHHjKMVSmG5sphfYhL+i0n2
+I8ac7ms6B2PQ+HlaEq0
-----END CERTIFICATE-----