Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203337323335.roa
File:                     3134372e32382e33382e302f32342d3234203d3e203337323335.roa (raw, json)
Hash identifier:          xMp8VxhUpmeIZeagKA66RjaLuNPaQAmy7qWFuLTBnvI=
Subject key identifier:   9E:13:33:63:1F:6B:20:6A:27:90:E9:C2:6B:A5:75:76:F6:7E:5D:4C
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       6A5523640A926042A906E360B2211729E65F2380
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203337323335.roa
Signing time:             Mon 06 Oct 2025 16:42:58 +0000
ROA not before:           Mon 06 Oct 2025 16:37:58 +0000
ROA not after:            Mon 05 Oct 2026 16:42:58 +0000
asID:                     37235
IP address blocks:        147.28.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:55:23:64:0a:92:60:42:a9:06:e3:60:b2:21:17:29:e6:5f:23:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Oct  6 16:37:58 2025 GMT
            Not After : Oct  5 16:42:58 2026 GMT
        Subject: CN=9E1333631F6B206A2790E9C26BA57576F67E5D4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:33:7c:59:ec:fa:6b:67:f8:6d:1f:21:f7:2c:
                    45:44:c5:4d:8f:c7:63:28:23:67:9d:d2:d5:99:de:
                    db:e3:d5:f5:5c:f2:16:5a:a8:4c:68:8c:94:9c:a6:
                    1c:fa:a2:60:ab:29:9f:e4:61:f4:cd:c7:ce:26:12:
                    1e:64:db:1d:5c:7c:9f:de:81:27:5e:6b:08:8a:24:
                    50:04:a5:ef:9d:7e:37:fb:70:4c:c9:54:31:8d:c2:
                    2a:a3:89:56:6a:76:7e:1e:12:e9:e1:be:23:b1:b8:
                    38:83:77:3b:3c:60:1a:50:ab:bd:8a:e4:d6:4e:b2:
                    3b:14:56:1f:5b:d6:30:c4:99:e8:a3:90:15:ef:52:
                    e8:22:a7:00:5c:d3:99:65:70:ab:fc:b3:83:6c:f5:
                    88:9c:9b:a6:b8:c4:49:52:0b:ca:65:f5:11:70:a5:
                    c1:b3:c6:d4:8b:35:f5:04:c9:3f:df:49:a6:07:ef:
                    59:0e:96:32:aa:30:a2:db:ef:88:17:0b:43:6e:9a:
                    5e:b6:09:cd:75:4d:be:ae:4b:32:b5:e0:22:46:ef:
                    ff:3b:53:2f:b3:32:e8:0a:65:44:83:d4:07:0b:c9:
                    d9:f3:b9:7f:7d:99:f6:f0:f7:16:0a:cc:0e:7f:bb:
                    99:cd:44:76:5b:fb:fa:dc:ac:75:1c:12:e3:98:59:
                    57:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:13:33:63:1F:6B:20:6A:27:90:E9:C2:6B:A5:75:76:F6:7E:5D:4C
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33382e302f32342d3234203d3e203337323335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:3f:96:b1:ad:71:c6:02:78:93:9a:25:01:99:3d:38:65:05:
         c5:69:ef:d4:b8:65:7b:c3:6f:04:86:fc:f3:73:e1:50:ab:6f:
         3e:bc:6e:dc:72:9c:0d:0b:38:c7:cf:50:dc:2d:f4:41:b4:24:
         7b:59:c7:4f:10:71:62:54:95:08:6e:4c:1b:ef:04:8a:d2:db:
         77:68:09:ec:1c:11:bd:ce:80:be:71:dd:d8:98:7c:4d:6d:f7:
         47:af:70:d5:c3:01:f7:2a:df:13:ed:d8:b9:72:17:82:33:65:
         40:bd:61:cb:6c:9b:68:0c:ac:dc:4d:f7:fd:0f:de:1a:98:c0:
         60:c7:15:0c:97:7c:fb:f9:e9:5d:53:ca:db:d3:73:d0:a0:75:
         d3:cb:55:ad:3c:8e:f9:15:24:82:f6:68:30:31:7b:e2:5e:88:
         43:1e:56:94:f7:02:10:6a:77:15:73:e7:7b:01:e0:c5:72:8c:
         0c:5a:06:0b:a8:3c:39:7d:49:d9:6e:14:c0:08:84:12:d0:fd:
         28:75:3d:cb:0a:bc:65:8b:82:ad:6d:7a:cf:1b:a8:ad:00:55:
         ae:a0:11:26:fc:c1:54:42:b4:eb:a9:a4:de:38:fd:07:4f:1f:
         f2:57:3b:3b:1b:8c:b4:a0:a7:5f:76:f6:29:c6:3f:d7:c2:73:
         f5:2a:07:8b
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUalUjZAqSYEKpBuNgsiEXKeZfI4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNTEwMDYxNjM3NThaFw0yNjEwMDUxNjQyNThaMDMxMTAvBgNV
BAMTKDlFMTMzMzYzMUY2QjIwNkEyNzkwRTlDMjZCQTU3NTc2RjY3RTVENEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDM3xZ7PprZ/htHyH3LEVExU2P
x2MoI2ed0tWZ3tvj1fVc8hZaqExojJScphz6omCrKZ/kYfTNx84mEh5k2x1cfJ/e
gSdeawiKJFAEpe+dfjf7cEzJVDGNwiqjiVZqdn4eEunhviOxuDiDdzs8YBpQq72K
5NZOsjsUVh9b1jDEmeijkBXvUugipwBc05llcKv8s4Ns9Yicm6a4xElSC8pl9RFw
pcGzxtSLNfUEyT/fSaYH71kOljKqMKLb74gXC0Numl62Cc11Tb6uSzK14CJG7/87
Uy+zMugKZUSD1AcLydnzuX99mfbw9xYKzA5/u5nNRHZb+/rcrHUcEuOYWVcRAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUnhMzYx9rIGonkOnCa6V1dvZ+XUwwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMzM3MzIzMzM1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwmMA0GCSqGSIb3DQEBCwUAA4IBAQBl
P5axrXHGAniTmiUBmT04ZQXFae/UuGV7w28Ehvzzc+FQq28+vG7ccpwNCzjHz1Dc
LfRBtCR7WcdPEHFiVJUIbkwb7wSK0tt3aAnsHBG9zoC+cd3YmHxNbfdHr3DVwwH3
Kt8T7di5cheCM2VAvWHLbJtoDKzcTff9D94amMBgxxUMl3z7+eldU8rb03PQoHXT
y1WtPI75FSSC9mgwMXviXohDHlaU9wIQancVc+d7AeDFcowMWgYLqDw5fUnZbhTA
CIQS0P0odT3LCrxli4KtbXrPG6itAFWuoBEm/MFUQrTrqaTeOP0HTx/yVzs7G4y0
oKdfdvYpxj/XwnP1KgeL
-----END CERTIFICATE-----