Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203339353838.roa
File:                     326130323a356265303a373a3a2f34382d3438203d3e203339353838.roa (raw, json)
Hash identifier:          tqZJi515Gj/ZroHwimEroKWnu9AmdRCD0HX0pvSepFo=
Subject key identifier:   A7:82:19:5D:4E:E0:6E:5A:B9:73:9D:1E:20:A9:C0:5F:DB:91:F6:A5
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       79454D0F86180F2D6DA715240FDC084FBCC739E8
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203339353838.roa
Signing time:             Thu 19 Jun 2025 10:58:46 +0000
ROA not before:           Thu 19 Jun 2025 10:53:46 +0000
ROA not after:            Thu 18 Jun 2026 10:58:46 +0000
asID:                     39588
IP address blocks:        2a02:5be0:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:45:4d:0f:86:18:0f:2d:6d:a7:15:24:0f:dc:08:4f:bc:c7:39:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jun 19 10:53:46 2025 GMT
            Not After : Jun 18 10:58:46 2026 GMT
        Subject: CN=A782195D4EE06E5AB9739D1E20A9C05FDB91F6A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:80:61:01:ae:84:86:2e:9a:6f:7b:9e:74:7e:
                    32:72:95:38:02:1c:2c:0d:ab:4b:7f:98:80:da:5f:
                    f5:41:9e:c3:59:16:f2:3a:e9:a2:ee:fb:81:c8:53:
                    00:d0:4f:a0:1c:62:62:c0:0f:a9:49:e2:44:4a:cf:
                    d3:8d:aa:16:ef:87:a0:99:25:eb:c7:1a:10:48:a0:
                    0a:1a:cc:3c:23:4c:7f:36:1b:7d:08:f1:da:48:7d:
                    3f:5a:db:3e:e8:7a:5b:78:5c:57:6b:36:27:b8:c5:
                    71:fb:97:45:fa:53:91:1d:11:ad:74:01:2f:bc:1c:
                    21:dc:af:2a:b3:92:5d:ad:81:aa:48:8e:d6:1f:26:
                    2a:03:eb:99:f1:33:5d:7c:4f:8d:45:5d:a2:bc:c0:
                    b8:6a:3b:d7:60:23:a6:bf:76:a1:27:44:39:1d:49:
                    ca:40:50:dd:49:58:99:81:65:d7:90:86:1b:b1:14:
                    7d:1f:0b:0d:7f:29:63:fe:e5:f7:9a:f9:73:98:4b:
                    d5:ee:b4:81:e4:59:2e:03:50:1a:8e:86:7c:2a:ca:
                    39:f6:03:3c:c0:3c:d9:4f:fb:00:2b:c1:51:87:4a:
                    4b:07:15:c2:93:ab:f7:2c:b3:14:e2:cf:82:47:4d:
                    07:6e:9f:64:5f:c8:c2:74:c0:84:2b:a6:a8:cf:c3:
                    ef:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:82:19:5D:4E:E0:6E:5A:B9:73:9D:1E:20:A9:C0:5F:DB:91:F6:A5
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:59:f8:3b:11:09:c9:b3:7e:c4:cd:f5:ef:83:68:2a:62:ca:
         90:87:46:22:77:ab:0d:3d:7e:e9:6f:2b:ba:ab:33:c8:77:bf:
         d1:44:4b:0e:90:75:7f:89:b8:1b:b9:10:6e:d6:c5:99:98:dc:
         54:ee:37:07:88:0b:c4:74:73:ec:c7:07:63:fe:62:79:ed:2f:
         c4:40:88:9d:be:92:76:66:80:7f:c0:3e:5a:bf:3d:09:71:ca:
         a9:a5:3a:ea:28:40:e8:56:7c:62:8b:e4:30:03:92:5c:a9:09:
         cc:40:9f:7b:33:85:de:b5:87:73:95:91:ff:8e:bd:ba:52:d6:
         f5:b7:52:1a:0b:14:66:2e:98:87:16:0f:c7:a5:7f:75:c4:e9:
         cc:07:3f:4f:47:4d:b5:9b:61:74:2c:0a:ee:1d:6e:c3:66:28:
         a5:9d:fd:8e:fe:a4:3a:24:b0:2b:f5:2c:ab:e5:04:9f:d0:d2:
         74:78:84:fd:b4:a6:8c:7a:40:0c:7d:88:66:0a:1a:63:96:fb:
         72:ca:1a:95:bf:77:3a:92:12:5d:b0:39:d8:bf:41:28:12:fe:
         24:0e:f0:aa:fa:61:1b:9c:48:3e:3b:99:41:07:9c:76:82:57:
         73:df:cd:60:02:5e:28:8b:3d:71:c2:33:fa:a5:a9:0f:7a:71:
         d2:da:e1:d7
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUeUVND4YYDy1tpxUkD9wIT7zHOegwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNTA2MTkxMDUzNDZaFw0yNjA2MTgxMDU4NDZaMDMxMTAvBgNV
BAMTKEE3ODIxOTVENEVFMDZFNUFCOTczOUQxRTIwQTlDMDVGREI5MUY2QTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1gGEBroSGLppve550fjJylTgC
HCwNq0t/mIDaX/VBnsNZFvI66aLu+4HIUwDQT6AcYmLAD6lJ4kRKz9ONqhbvh6CZ
JevHGhBIoAoazDwjTH82G30I8dpIfT9a2z7oelt4XFdrNie4xXH7l0X6U5EdEa10
AS+8HCHcryqzkl2tgapIjtYfJioD65nxM118T41FXaK8wLhqO9dgI6a/dqEnRDkd
ScpAUN1JWJmBZdeQhhuxFH0fCw1/KWP+5fea+XOYS9XutIHkWS4DUBqOhnwqyjn2
AzzAPNlP+wArwVGHSksHFcKTq/cssxTiz4JHTQdun2RfyMJ0wIQrpqjPw+9lAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUp4IZXU7gblq5c50eIKnAX9uR9qUwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNzNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMzMzkzNTM4Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAcwDQYJKoZIhvcNAQEL
BQADggEBADJZ+DsRCcmzfsTN9e+DaCpiypCHRiJ3qw09fulvK7qrM8h3v9FESw6Q
dX+JuBu5EG7WxZmY3FTuNweIC8R0c+zHB2P+YnntL8RAiJ2+knZmgH/APlq/PQlx
yqmlOuooQOhWfGKL5DADklypCcxAn3szhd61h3OVkf+OvbpS1vW3UhoLFGYumIcW
D8elf3XE6cwHP09HTbWbYXQsCu4dbsNmKKWd/Y7+pDoksCv1LKvlBJ/Q0nR4hP20
pox6QAx9iGYKGmOW+3LKGpW/dzqSEl2wOdi/QSgS/iQO8Kr6YRucSD47mUEHnHaC
V3PfzWACXiiLPXHCM/qlqQ96cdLa4dc=
-----END CERTIFICATE-----