Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33392e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          jydW01b5DafERoOHOH12h/9zCULuOBPpXCcUTDPaClU=
Subject key identifier:   8E:A9:EC:08:73:81:8A:6F:8A:BF:8D:54:5F:36:E0:06:94:AD:66:4C
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       0A813F1AFB9F85BD63C15120445C81E494212FA0
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203136353039.roa
Signing time:             Fri 20 Mar 2026 20:25:24 +0000
ROA not before:           Fri 20 Mar 2026 20:20:24 +0000
ROA not after:            Fri 19 Mar 2027 20:25:24 +0000
asID:                     16509
IP address blocks:        147.28.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:38:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:81:3f:1a:fb:9f:85:bd:63:c1:51:20:44:5c:81:e4:94:21:2f:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Mar 20 20:20:24 2026 GMT
            Not After : Mar 19 20:25:24 2027 GMT
        Subject: CN=8EA9EC0873818A6F8ABF8D545F36E00694AD664C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:2c:9d:3d:e0:09:e3:93:e7:bc:f2:0c:e0:55:
                    1e:1a:8b:fe:62:47:43:69:e0:75:c0:f8:c0:93:a2:
                    52:06:28:50:1b:05:e1:85:84:f8:d2:b7:45:aa:67:
                    0a:b2:91:8d:51:75:58:d3:5a:80:e4:61:5f:2e:9e:
                    de:e5:87:a8:87:03:7b:94:0d:24:d2:82:e1:30:66:
                    b2:36:95:8c:2c:25:fb:7f:49:1a:6e:ef:a1:fc:6e:
                    71:88:66:7b:ed:63:f6:de:c1:a0:e2:3c:63:ce:b5:
                    0f:48:ec:ba:fd:6d:07:54:f7:75:5a:26:0e:2d:70:
                    e2:6c:84:f4:62:57:33:7b:b1:56:24:cb:89:7e:4c:
                    94:07:15:47:aa:9f:de:0f:da:b4:4c:be:20:d8:e0:
                    82:f9:c4:6a:bb:7d:65:d1:4b:47:07:5a:6c:89:82:
                    07:cc:cf:d1:03:16:6f:c8:e8:66:1e:09:c3:a1:4f:
                    bb:98:60:b5:87:d7:82:f1:58:66:73:2e:22:0b:b0:
                    c3:c0:12:f9:1e:9f:fb:f5:e6:68:f4:f3:77:6b:1c:
                    a1:30:25:19:ee:19:00:bd:d5:2d:dd:f5:d3:a4:d5:
                    b5:11:c4:be:6f:c9:40:ce:b8:02:9b:64:ad:04:d5:
                    47:19:8e:10:af:0a:1c:13:91:eb:d3:0a:b9:70:9f:
                    fb:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:A9:EC:08:73:81:8A:6F:8A:BF:8D:54:5F:36:E0:06:94:AD:66:4C
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:49:e0:7d:10:16:84:c7:9d:a3:af:50:02:eb:2f:a8:8f:e1:
         7d:12:6e:47:32:96:fa:87:38:f8:9a:2c:83:21:f3:c9:ed:14:
         ef:75:71:c5:ba:23:12:18:e7:17:86:7f:02:1a:f0:b2:a3:aa:
         49:7d:75:c7:3e:05:36:4f:10:3b:c4:9e:dc:93:65:b1:a0:53:
         88:9c:71:63:8b:fb:30:bd:a5:d4:4c:00:22:a2:bc:df:68:02:
         4f:eb:a0:52:0f:86:37:0a:c7:ab:bc:42:15:fe:8d:8b:d5:20:
         76:b6:1c:f0:e2:e9:45:dd:1c:cc:ee:8b:51:5f:b5:5c:25:79:
         d3:9b:41:fc:be:24:96:ce:28:c5:f5:1b:47:f7:a8:71:72:91:
         99:69:0f:44:f8:85:1f:b2:2d:39:6a:20:80:65:30:27:63:b3:
         ac:5a:f0:72:5a:35:3e:17:09:03:f4:85:24:82:df:9d:42:bc:
         a9:55:59:33:9e:02:dc:cb:da:0b:6f:66:bd:67:e7:00:c4:00:
         22:51:26:37:33:ef:41:9f:f4:b5:a0:46:13:2f:7c:d6:9d:ff:
         5d:fa:24:15:e7:4e:6d:3a:78:a3:04:05:79:dd:b8:3c:73:6c:
         4a:c5:04:61:7e:84:75:bb:ab:64:7e:5e:91:ad:49:c7:f4:9a:
         9e:e0:52:c9
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUCoE/Gvufhb1jwVEgRFyB5JQhL6AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjAzMjAyMDIwMjRaFw0yNzAzMTkyMDI1MjRaMDMxMTAvBgNV
BAMTKDhFQTlFQzA4NzM4MThBNkY4QUJGOEQ1NDVGMzZFMDA2OTRBRDY2NEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYLJ094Anjk+e88gzgVR4ai/5i
R0Np4HXA+MCTolIGKFAbBeGFhPjSt0WqZwqykY1RdVjTWoDkYV8unt7lh6iHA3uU
DSTSguEwZrI2lYwsJft/SRpu76H8bnGIZnvtY/bewaDiPGPOtQ9I7Lr9bQdU93Va
Jg4tcOJshPRiVzN7sVYky4l+TJQHFUeqn94P2rRMviDY4IL5xGq7fWXRS0cHWmyJ
ggfMz9EDFm/I6GYeCcOhT7uYYLWH14LxWGZzLiILsMPAEvken/v15mj083drHKEw
JRnuGQC91S3d9dOk1bURxL5vyUDOuAKbZK0E1UcZjhCvChwTkevTCrlwn/s/AgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUjqnsCHOBim+Kv41UXzbgBpStZkwwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwnMA0GCSqGSIb3DQEBCwUAA4IBAQAy
SeB9EBaEx52jr1AC6y+oj+F9Em5HMpb6hzj4miyDIfPJ7RTvdXHFuiMSGOcXhn8C
GvCyo6pJfXXHPgU2TxA7xJ7ck2WxoFOInHFji/swvaXUTAAiorzfaAJP66BSD4Y3
CservEIV/o2L1SB2thzw4ulF3RzM7otRX7VcJXnTm0H8viSWzijF9RtH96hxcpGZ
aQ9E+IUfsi05aiCAZTAnY7OsWvByWjU+FwkD9IUkgt+dQrypVVkzngLcy9oLb2a9
Z+cAxAAiUSY3M+9Bn/S1oEYTL3zWnf9d+iQV505tOnijBAV53bg8c2xKxQRhfoR1
u6tkfl6RrUnH9Jqe4FLJ
-----END CERTIFICATE-----