Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33382e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          PArDOJ2JKCgzfrjqgYDohpRmaViVKMXken0iH6D8JzU=
Subject key identifier:   34:E1:CE:DF:41:C6:89:C3:D2:4B:7C:D1:77:2E:33:AE:7E:30:05:7C
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       2EF7A30282744A4BB867BD850DEB658D5144D31C
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203136353039.roa
Signing time:             Mon 06 Oct 2025 16:42:58 +0000
ROA not before:           Mon 06 Oct 2025 16:37:58 +0000
ROA not after:            Mon 05 Oct 2026 16:42:58 +0000
asID:                     16509
IP address blocks:        147.28.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:f7:a3:02:82:74:4a:4b:b8:67:bd:85:0d:eb:65:8d:51:44:d3:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Oct  6 16:37:58 2025 GMT
            Not After : Oct  5 16:42:58 2026 GMT
        Subject: CN=34E1CEDF41C689C3D24B7CD1772E33AE7E30057C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f3:07:24:9a:b4:4b:10:b5:5f:71:01:f1:5c:
                    75:7f:a4:37:7a:6c:70:ba:23:d1:2b:51:36:9f:fb:
                    f6:b5:9b:75:37:10:36:5e:15:f5:48:2c:74:67:c3:
                    cf:c0:86:9f:2b:bf:c5:14:f5:8c:0e:e6:6d:d7:f1:
                    00:97:ab:93:0e:dd:93:93:b0:dd:8c:87:5a:30:f5:
                    6e:38:f2:a3:59:63:87:50:81:f9:a1:ab:44:13:9a:
                    b0:11:0d:68:7c:6e:76:cf:3a:28:14:51:d9:ce:d4:
                    85:c5:3d:91:e1:d6:a0:20:c5:4e:b1:26:80:51:f0:
                    99:02:0e:9d:69:63:94:46:e2:01:5e:1b:2e:bf:c5:
                    c8:cc:ce:b8:da:87:12:66:d9:4f:99:06:df:da:71:
                    31:72:94:0c:4f:85:55:4c:9a:da:85:72:67:05:7d:
                    e9:f8:90:fb:5e:45:bf:af:73:6d:41:0a:df:9e:4e:
                    7f:36:30:43:e0:ab:cb:48:47:56:4d:8f:00:87:a2:
                    d6:fd:88:59:20:d2:d5:eb:0e:84:58:4b:3f:f4:05:
                    9f:69:00:c1:d6:4c:8c:8b:bb:e7:85:4d:e7:a1:ad:
                    34:f4:86:d4:fc:02:16:58:a7:d8:e0:b4:d5:b3:14:
                    de:f9:58:49:09:b2:19:9a:e5:52:f5:7a:95:85:69:
                    d4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E1:CE:DF:41:C6:89:C3:D2:4B:7C:D1:77:2E:33:AE:7E:30:05:7C
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:ec:52:f7:05:9f:18:e9:5a:00:33:6b:d8:56:b8:d8:a3:44:
         22:30:15:dc:1b:5a:80:03:60:a0:b4:c8:ee:4c:f0:39:4a:47:
         48:d8:f7:c8:10:cd:c9:6b:a4:ef:ed:90:40:5e:c8:d2:03:cb:
         cc:24:83:32:85:66:2a:3f:c6:dc:fb:0c:12:dd:6c:9c:6b:db:
         71:e5:c5:29:ff:d0:0d:75:8e:6f:40:87:f7:78:40:74:83:0c:
         f2:33:4d:88:9a:e2:41:0c:07:2e:18:4e:a3:11:0d:a4:cf:a4:
         cf:7f:e2:58:b5:9b:ee:77:76:61:44:dc:1b:d0:d3:90:83:76:
         5f:3b:7b:4e:d2:97:2e:4a:3d:1c:9b:24:6a:bd:e1:aa:03:2b:
         cd:d7:f3:42:55:93:90:f8:4f:2b:aa:c8:f3:4f:ed:32:1a:8b:
         7f:e7:d6:bf:ba:c3:60:9f:3e:da:3d:d3:5c:99:8f:f4:fc:74:
         e1:4f:db:39:ef:82:d9:f7:42:8d:95:c1:0b:32:3d:70:b4:95:
         4b:13:21:94:03:d5:0f:98:e0:f7:3c:15:a1:c6:6a:0d:de:1c:
         1f:25:cb:76:aa:2c:1c:12:7b:aa:ba:b4:78:af:f0:b2:8d:2e:
         65:b3:9f:8b:44:c8:76:43:b4:91:95:3b:6b:e8:b5:cf:95:f7:
         e6:09:13:97
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIULvejAoJ0Sku4Z72FDetljVFE0xwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNTEwMDYxNjM3NThaFw0yNjEwMDUxNjQyNThaMDMxMTAvBgNV
BAMTKDM0RTFDRURGNDFDNjg5QzNEMjRCN0NEMTc3MkUzM0FFN0UzMDA1N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA8wckmrRLELVfcQHxXHV/pDd6
bHC6I9ErUTaf+/a1m3U3EDZeFfVILHRnw8/Ahp8rv8UU9YwO5m3X8QCXq5MO3ZOT
sN2Mh1ow9W448qNZY4dQgfmhq0QTmrARDWh8bnbPOigUUdnO1IXFPZHh1qAgxU6x
JoBR8JkCDp1pY5RG4gFeGy6/xcjMzrjahxJm2U+ZBt/acTFylAxPhVVMmtqFcmcF
fen4kPteRb+vc21BCt+eTn82MEPgq8tIR1ZNjwCHotb9iFkg0tXrDoRYSz/0BZ9p
AMHWTIyLu+eFTeehrTT0htT8AhZYp9jgtNWzFN75WEkJshma5VL1epWFadShAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUNOHO30HGicPSS3zRdy4zrn4wBXwwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwmMA0GCSqGSIb3DQEBCwUAA4IBAQAa
7FL3BZ8Y6VoAM2vYVrjYo0QiMBXcG1qAA2CgtMjuTPA5SkdI2PfIEM3Ja6Tv7ZBA
XsjSA8vMJIMyhWYqP8bc+wwS3Wyca9tx5cUp/9ANdY5vQIf3eEB0gwzyM02ImuJB
DAcuGE6jEQ2kz6TPf+JYtZvud3ZhRNwb0NOQg3ZfO3tO0pcuSj0cmyRqveGqAyvN
1/NCVZOQ+E8rqsjzT+0yGot/59a/usNgnz7aPdNcmY/0/HThT9s574LZ90KNlcEL
Mj1wtJVLEyGUA9UPmOD3PBWhxmoN3hwfJct2qiwcEnuqurR4r/CyjS5ls5+LRMh2
Q7SRlTtr6LXPlffmCROX
-----END CERTIFICATE-----