Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa
File:                     326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa (raw, json)
Hash identifier:          pc8vlpVbqnSap2EPdfEtCqUHYYVlR9sWivQlyxLG3gU=
Subject key identifier:   BB:17:0A:43:FB:FF:6B:2A:5F:65:0B:44:BE:08:4E:23:67:A7:09:9A
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       4D46415C5932DDEC500073D441E8C5636076A91C
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa
Signing time:             Thu 19 Jun 2025 10:58:47 +0000
ROA not before:           Thu 19 Jun 2025 10:53:47 +0000
ROA not after:            Thu 18 Jun 2026 10:58:47 +0000
asID:                     60492
IP address blocks:        2a02:5be0:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 22:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:46:41:5c:59:32:dd:ec:50:00:73:d4:41:e8:c5:63:60:76:a9:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun 19 10:53:47 2025 GMT
            Not After : Jun 18 10:58:47 2026 GMT
        Subject: CN=BB170A43FBFF6B2A5F650B44BE084E2367A7099A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:5f:a2:d9:f2:4b:52:23:b4:41:7f:21:fb:ef:
                    1a:b7:3a:1d:d2:4a:a9:3a:6e:5c:17:ce:b3:27:07:
                    5e:df:44:67:5d:35:76:8d:fa:c7:27:7f:45:9e:21:
                    c5:64:09:19:de:a9:a1:95:da:37:b2:29:29:13:59:
                    15:90:7a:8a:f1:c0:67:1d:0d:1c:ce:88:4b:eb:82:
                    29:f0:c1:e4:c1:39:cd:b0:ab:d1:1c:9c:5a:97:76:
                    d9:41:1b:c3:c7:07:7a:6d:8c:b6:bb:dc:86:67:df:
                    29:5a:c7:69:d9:3f:4d:50:79:bd:36:26:d3:ef:51:
                    f5:89:d2:15:90:d2:43:70:f5:50:83:e4:34:f5:e4:
                    19:2c:20:9f:46:9c:7a:2b:c8:c8:7f:3f:ec:1c:d0:
                    dd:7e:54:12:87:03:41:38:be:7b:65:e2:5a:09:09:
                    30:70:07:be:39:69:3d:d6:5b:8d:83:e5:c7:04:56:
                    0b:63:b4:06:72:72:11:21:38:0f:92:36:a1:4d:5a:
                    1a:6c:b3:69:fd:82:43:1e:7e:c4:6b:c5:96:ff:f1:
                    59:cd:17:cf:58:42:49:e5:79:18:e9:79:e5:ab:78:
                    2a:af:c8:1f:f6:cc:c2:4c:2a:2f:f0:3d:95:66:cb:
                    89:d0:a6:72:4a:c3:23:03:61:da:b0:a5:64:5f:7a:
                    74:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:17:0A:43:FB:FF:6B:2A:5F:65:0B:44:BE:08:4E:23:67:A7:09:9A
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a353a3a2f34382d3438203d3e203630343932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:6d:d4:ae:38:1d:8b:a5:06:7e:0f:ca:da:dc:e3:03:8b:9d:
         62:0b:5c:08:bb:0b:bb:52:6f:2a:ce:39:70:0b:9f:8b:ae:73:
         26:44:ec:05:d6:d7:42:55:4d:42:17:5d:f2:49:09:70:4e:05:
         28:9a:35:e7:32:44:fb:a8:b6:1f:ff:04:c6:81:0f:9f:ef:85:
         67:a0:7a:d8:d5:02:8e:f3:08:6c:47:ae:e5:10:8e:cb:c0:40:
         f9:b7:01:2e:bd:f3:f9:f7:5e:53:f8:aa:01:14:f0:82:05:63:
         73:f9:f9:02:06:4d:72:6f:15:69:3a:43:84:5b:ad:2a:1f:f4:
         ff:a4:cd:3f:4b:4c:bc:aa:b0:f3:4b:3f:31:66:bd:25:3a:0c:
         c4:6a:92:65:ed:d3:a9:b9:a6:9a:d3:7e:54:77:a8:1a:3b:35:
         c2:fe:d0:8b:ff:9c:90:3b:7a:de:19:a5:6e:b9:8c:9b:9a:4b:
         e8:03:bb:62:39:2a:2c:53:61:c1:9a:fe:00:da:7c:bb:b1:b3:
         f8:3f:60:71:07:be:72:a9:c0:75:f4:25:e4:d0:c4:89:33:0a:
         da:5c:d3:f7:46:7e:b7:ee:29:fa:60:46:d5:c0:90:aa:f2:4b:
         5a:45:09:ce:b4:6e:01:8a:b4:e3:45:a3:e9:7c:a4:8f:f6:bd:
         73:e0:7c:33
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUTUZBXFky3exQAHPUQejFY2B2qRwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNTA2MTkxMDUzNDdaFw0yNjA2MTgxMDU4NDdaMDMxMTAvBgNV
BAMTKEJCMTcwQTQzRkJGRjZCMkE1RjY1MEI0NEJFMDg0RTIzNjdBNzA5OUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWX6LZ8ktSI7RBfyH77xq3Oh3S
Sqk6blwXzrMnB17fRGddNXaN+scnf0WeIcVkCRneqaGV2jeyKSkTWRWQeorxwGcd
DRzOiEvrginwweTBOc2wq9EcnFqXdtlBG8PHB3ptjLa73IZn3ylax2nZP01Qeb02
JtPvUfWJ0hWQ0kNw9VCD5DT15BksIJ9GnHoryMh/P+wc0N1+VBKHA0E4vntl4loJ
CTBwB745aT3WW42D5ccEVgtjtAZychEhOA+SNqFNWhpss2n9gkMefsRrxZb/8VnN
F89YQknleRjpeeWreCqvyB/2zMJMKi/wPZVmy4nQpnJKwyMDYdqwpWRfenSzAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUuxcKQ/v/aypfZQtEvghOI2enCZowHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNTNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDM2MzAzNDM5MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAUwDQYJKoZIhvcNAQEL
BQADggEBAF1t1K44HYulBn4Pytrc4wOLnWILXAi7C7tSbyrOOXALn4uucyZE7AXW
10JVTUIXXfJJCXBOBSiaNecyRPuoth//BMaBD5/vhWegetjVAo7zCGxHruUQjsvA
QPm3AS698/n3XlP4qgEU8IIFY3P5+QIGTXJvFWk6Q4RbrSof9P+kzT9LTLyqsPNL
PzFmvSU6DMRqkmXt06m5pprTflR3qBo7NcL+0Iv/nJA7et4ZpW65jJuaS+gDu2I5
KixTYcGa/gDafLuxs/g/YHEHvnKpwHX0JeTQxIkzCtpc0/dGfrfuKfpgRtXAkKry
S1pFCc60bgGKtONFo+l8pI/2vXPgfDM=
-----END CERTIFICATE-----