Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a393a3a2f34382d3438203d3e203136353039.roa
File:                     326130323a356265303a393a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          SGv4cib5Gqp4YvjXPlAZGGWmSeLC93cZEMZrvdWz3FE=
Subject key identifier:   EC:D8:AD:24:EB:24:56:79:A6:55:64:1E:CA:3A:8A:D6:D9:BC:68:72
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       4AB7B19AAB104DA22085AB21E644809C1842D958
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a393a3a2f34382d3438203d3e203136353039.roa
Signing time:             Fri 20 Mar 2026 20:25:24 +0000
ROA not before:           Fri 20 Mar 2026 20:20:24 +0000
ROA not after:            Fri 19 Mar 2027 20:25:24 +0000
asID:                     16509
IP address blocks:        2a02:5be0:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:38:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:b7:b1:9a:ab:10:4d:a2:20:85:ab:21:e6:44:80:9c:18:42:d9:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Mar 20 20:20:24 2026 GMT
            Not After : Mar 19 20:25:24 2027 GMT
        Subject: CN=ECD8AD24EB245679A655641ECA3A8AD6D9BC6872
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:06:76:b0:76:e1:25:5b:c8:28:d1:be:19:21:
                    ce:70:53:10:07:6d:8c:9d:41:2f:4c:b1:b9:2e:bb:
                    d5:f7:b7:4b:ce:56:0e:f4:b6:3a:4b:f2:1b:8b:39:
                    bf:85:f0:11:b3:2a:ff:bf:1e:07:f4:6c:1a:e3:bc:
                    02:c0:12:d3:8a:5c:97:fa:fd:96:1a:56:64:4e:ff:
                    23:1d:34:d5:df:b2:d4:a8:10:fd:a8:49:5a:a2:da:
                    21:5a:b6:cb:ed:ed:08:14:e6:51:29:69:54:fb:df:
                    90:8b:e9:24:3a:3a:e7:05:33:a6:49:92:97:23:22:
                    1d:15:73:d5:8b:b7:28:39:5d:71:ad:97:b6:86:86:
                    e2:d4:08:38:1e:e7:1f:d4:44:65:9c:d2:5e:ff:a7:
                    b3:83:92:51:48:6f:c2:2f:2c:16:ae:5e:d1:a2:b6:
                    3e:a2:10:f1:f6:1e:95:fa:f8:e4:98:f8:78:7c:eb:
                    3d:fc:c1:89:86:e4:96:1e:d9:4b:63:06:fe:05:c3:
                    ce:56:ac:6b:a5:8d:b6:e1:ab:a7:b3:61:f5:68:d1:
                    3b:0c:98:68:01:09:a2:75:86:4c:55:bc:a9:aa:08:
                    4c:0f:41:2c:ab:30:8a:40:81:4c:7e:d9:0b:01:37:
                    68:3e:4d:c6:8d:1f:c1:d9:bf:e3:51:86:db:d9:2b:
                    20:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:D8:AD:24:EB:24:56:79:A6:55:64:1E:CA:3A:8A:D6:D9:BC:68:72
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a393a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:c4:c2:58:bc:86:b0:ac:e5:32:3d:5f:7b:cd:45:11:de:15:
         92:7b:97:e8:8d:e5:f1:e7:bc:5b:15:17:ba:c3:e3:91:c8:73:
         94:9a:c9:b4:71:ba:13:be:80:4a:1d:c1:7f:7d:6c:a3:90:5f:
         9f:05:e8:19:52:8b:62:10:23:f4:b0:02:c2:0a:05:83:3f:df:
         10:bf:d2:ad:a9:0d:48:54:6f:e6:46:0c:a9:eb:be:06:f5:5a:
         42:17:c7:03:d8:3d:ac:2a:ca:00:49:c8:ff:d7:04:da:b8:4d:
         13:07:93:7f:6a:fb:6a:da:10:d8:6e:23:bb:fb:4d:f9:90:20:
         03:fa:dd:6d:af:21:78:24:ba:86:1d:79:64:38:83:3f:3d:93:
         7a:01:67:e2:86:11:6b:a3:06:b4:f1:e0:2a:d6:4b:03:27:86:
         03:af:21:0b:1b:db:6d:5d:d8:d3:8c:f4:f2:26:1b:dd:81:51:
         f7:46:f3:6f:4e:9d:5f:e9:e2:cc:05:5d:f3:49:24:16:77:fd:
         ed:f1:14:f4:4c:06:3b:74:c1:3f:d2:18:2d:4c:c7:04:c6:cc:
         f0:4d:9d:91:f7:98:b2:eb:0e:36:27:16:4c:f8:1a:f2:82:f2:
         41:2f:81:90:a6:90:67:0f:04:c3:94:71:56:f2:02:13:eb:3f:
         b5:f0:c1:c1
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUSrexmqsQTaIghash5kSAnBhC2VgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNjAzMjAyMDIwMjRaFw0yNzAzMTkyMDI1MjRaMDMxMTAvBgNV
BAMTKEVDRDhBRDI0RUIyNDU2NzlBNjU1NjQxRUNBM0E4QUQ2RDlCQzY4NzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvBnawduElW8go0b4ZIc5wUxAH
bYydQS9Msbkuu9X3t0vOVg70tjpL8huLOb+F8BGzKv+/Hgf0bBrjvALAEtOKXJf6
/ZYaVmRO/yMdNNXfstSoEP2oSVqi2iFatsvt7QgU5lEpaVT735CL6SQ6OucFM6ZJ
kpcjIh0Vc9WLtyg5XXGtl7aGhuLUCDge5x/URGWc0l7/p7ODklFIb8IvLBauXtGi
tj6iEPH2HpX6+OSY+Hh86z38wYmG5JYe2UtjBv4Fw85WrGuljbbhq6ezYfVo0TsM
mGgBCaJ1hkxVvKmqCEwPQSyrMIpAgUx+2QsBN2g+TcaNH8HZv+NRhtvZKyD5AgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQU7NitJOskVnmmVWQeyjqK1tm8aHIwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzOTNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAkwDQYJKoZIhvcNAQEL
BQADggEBAATEwli8hrCs5TI9X3vNRRHeFZJ7l+iN5fHnvFsVF7rD45HIc5SaybRx
uhO+gEodwX99bKOQX58F6BlSi2IQI/SwAsIKBYM/3xC/0q2pDUhUb+ZGDKnrvgb1
WkIXxwPYPawqygBJyP/XBNq4TRMHk39q+2raENhuI7v7TfmQIAP63W2vIXgkuoYd
eWQ4gz89k3oBZ+KGEWujBrTx4CrWSwMnhgOvIQsb221d2NOM9PImG92BUfdG829O
nV/p4swFXfNJJBZ3/e3xFPRMBjt0wT/SGC1MxwTGzPBNnZH3mLLrDjYnFkz4GvKC
8kEvgZCmkGcPBMOUcVbyAhPrP7XwwcE=
-----END CERTIFICATE-----