Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/42/3130332e35362e35322e302f32322d3234203d3e2033323538.roa
File:                     3130332e35362e35322e302f32322d3234203d3e2033323538.roa (raw, json)
Hash identifier:          Se1kElTDtTHyunNZ20CviOqqJYoWbn/Tmfcy/ve9hfQ=
Subject key identifier:   A0:94:07:35:68:04:D4:F9:09:1E:5A:4F:91:1A:3C:59:66:E9:4D:96
Certificate issuer:       /CN=A913250A0000/serialNumber=73683CF31A4147336D82C5218D7389B5D741DE1B
Certificate serial:       3B225D8DA0F45EF42D173AFBE7118B0341643636
Authority key identifier: 73:68:3C:F3:1A:41:47:33:6D:82:C5:21:8D:73:89:B5:D7:41:DE:1B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/42/3130332e35362e35322e302f32322d3234203d3e2033323538.roa
Signing time:             Thu 12 Dec 2024 06:23:25 +0000
ROA not before:           Thu 12 Dec 2024 06:18:25 +0000
ROA not after:            Thu 11 Dec 2025 06:23:25 +0000
asID:                     3258
IP address blocks:        103.56.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.crl
                          rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 06 Apr 2025 22:32:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:22:5d:8d:a0:f4:5e:f4:2d:17:3a:fb:e7:11:8b:03:41:64:36:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913250A0000
        Validity
            Not Before: Dec 12 06:18:25 2024 GMT
            Not After : Dec 11 06:23:25 2025 GMT
        Subject: CN=A09407356804D4F9091E5A4F911A3C5966E94D96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:13:36:ef:ea:ba:58:ee:f0:c5:2a:60:ec:17:
                    0b:61:1c:d8:b7:c6:d7:80:9f:a0:2b:81:93:86:7b:
                    38:1e:c1:e0:13:2c:04:27:25:d8:7b:c6:f3:d9:72:
                    96:18:bd:78:a4:59:78:56:4e:8f:b0:e2:fc:08:65:
                    90:b0:38:91:80:7d:d1:86:0d:1a:35:14:76:24:a2:
                    3e:c9:df:85:f4:ea:38:03:d4:b2:74:6b:6d:56:bc:
                    b3:c0:ca:fd:23:41:36:c6:7a:d3:7d:0a:50:62:0e:
                    cf:11:29:ad:65:2a:52:29:6b:b6:9f:55:73:4f:2d:
                    bd:94:00:7d:7a:36:0b:5c:0c:7b:89:bc:ec:9f:53:
                    e7:5a:33:1b:71:48:0f:e0:2c:15:96:3a:3d:f0:94:
                    4b:9f:c2:72:9a:30:41:54:e3:58:78:70:db:8e:4b:
                    c5:a0:32:8f:f5:8c:65:a4:24:cf:bd:27:17:65:71:
                    70:8e:66:21:8f:a1:93:88:54:3f:5f:d8:dc:e0:bf:
                    89:f0:06:e3:cf:38:5a:ef:8c:2b:aa:5b:05:91:fa:
                    ff:5a:0b:2c:fa:65:4d:16:0a:c3:3f:8a:56:0c:42:
                    12:58:12:86:77:12:13:87:60:7d:8c:98:2c:fd:76:
                    f9:9f:0e:d0:9c:18:9d:cb:e9:0b:f1:ac:d0:e4:f1:
                    78:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:94:07:35:68:04:D4:F9:09:1E:5A:4F:91:1A:3C:59:66:E9:4D:96
            X509v3 Authority Key Identifier:
                keyid:73:68:3C:F3:1A:41:47:33:6D:82:C5:21:8D:73:89:B5:D7:41:DE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/42/3130332e35362e35322e302f32322d3234203d3e2033323538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.56.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:ea:fc:8a:13:02:eb:7e:42:ca:00:22:04:94:51:0c:85:de:
         05:f4:ae:ee:bc:d4:cb:20:5c:bb:a7:2e:db:e6:00:bb:60:dd:
         3c:39:e8:44:51:74:a0:c0:06:e2:02:3d:84:f4:c6:82:0b:6a:
         62:95:b8:8a:25:66:e3:c9:21:e7:57:df:ba:7a:e0:b2:fe:f1:
         73:38:64:5b:c9:17:a2:7d:3e:69:31:26:95:63:07:54:fd:d6:
         75:dd:ad:6b:80:58:f5:45:ec:65:53:3b:31:b9:bc:8f:3b:84:
         f3:2c:d2:fc:ab:af:fb:16:33:29:ea:67:4d:82:b9:73:35:ab:
         eb:4d:07:de:88:d0:81:e6:48:ed:40:82:b8:b7:99:76:86:f6:
         ba:3f:0e:0b:ee:bf:8e:b6:ab:e2:92:81:3b:45:60:02:77:d7:
         a4:3b:6d:ac:c4:0e:09:c5:ea:26:98:ed:eb:63:f9:49:a3:c3:
         7d:94:b3:32:0f:b6:9f:50:8c:e6:95:f0:90:a6:3a:f1:12:cb:
         dd:20:5b:51:69:1a:f8:0e:d8:bb:50:74:11:ed:17:ee:82:59:
         c2:61:d9:c8:3f:c3:b4:df:b4:33:07:8b:ff:bd:66:97:1b:5b:
         e7:f8:ef:d0:67:fd:56:f1:b1:43:46:e7:89:c8:b3:2e:06:41:
         17:3c:a5:5a
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUOyJdjaD0XvQtFzr75xGLA0FkNjYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxMzI1MEEwMDAwMTEwLwYDVQQFEyg3MzY4M0NGMzFB
NDE0NzMzNkQ4MkM1MjE4RDczODlCNUQ3NDFERTFCMB4XDTI0MTIxMjA2MTgyNVoX
DTI1MTIxMTA2MjMyNVowMzExMC8GA1UEAxMoQTA5NDA3MzU2ODA0RDRGOTA5MUU1
QTRGOTExQTNDNTk2NkU5NEQ5NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKUTNu/qulju8MUqYOwXC2Ec2LfG14CfoCuBk4Z7OB7B4BMsBCcl2HvG89ly
lhi9eKRZeFZOj7Di/AhlkLA4kYB90YYNGjUUdiSiPsnfhfTqOAPUsnRrbVa8s8DK
/SNBNsZ6030KUGIOzxEprWUqUilrtp9Vc08tvZQAfXo2C1wMe4m87J9T51ozG3FI
D+AsFZY6PfCUS5/CcpowQVTjWHhw245LxaAyj/WMZaQkz70nF2VxcI5mIY+hk4hU
P1/Y3OC/ifAG4884Wu+MK6pbBZH6/1oLLPplTRYKwz+KVgxCElgShncSE4dgfYyY
LP12+Z8O0JwYncvpC/Gs0OTxeNkCAwEAAaOCAeYwggHiMB0GA1UdDgQWBBSglAc1
aATU+QkeWk+RGjxZZulNljAfBgNVHSMEGDAWgBRzaDzzGkFHM22CxSGNc4m110He
GzAOBgNVHQ8BAf8EBAMCB4AwXwYDVR0fBFgwVjBUoFKgUIZOcnN5bmM6Ly9ycGtp
LnJvYS5uZXQvcnJkcC94VG9tLzQyLzczNjgzQ0YzMUE0MTQ3MzM2RDgyQzUyMThE
NzM4OUI1RDc0MURFMUIuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZi
cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjEx
RTJCQjQ2OEY3QzcyRkQxRkYyL2MyZzg4eHBCUnpOdGdzVWhqWE9KdGRkQjNocy5j
ZXIwdAYIKwYBBQUHAQsEaDBmMGQGCCsGAQUFBzALhlhyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDIvMzEzMDMzMmUzNTM2MmUzNTMyMmUzMDJmMzIzMjJk
MzIzNDIwM2QzZTIwMzMzMjM1Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJnODQwDQYJKoZIhvcNAQEL
BQADggEBAH/q/IoTAut+QsoAIgSUUQyF3gX0ru681MsgXLunLtvmALtg3Tw56ERR
dKDABuICPYT0xoILamKVuIolZuPJIedX37p64LL+8XM4ZFvJF6J9PmkxJpVjB1T9
1nXdrWuAWPVF7GVTOzG5vI87hPMs0vyrr/sWMynqZ02CuXM1q+tNB96I0IHmSO1A
gri3mXaG9ro/Dgvuv462q+KSgTtFYAJ316Q7bazEDgnF6iaY7etj+Umjw32UszIP
tp9QjOaV8JCmOvESy90gW1FpGvgO2LtQdBHtF+6CWcJh2cg/w7TftDMHi/+9Zpcb
W+f479Bn/VbxsUNG54nIsy4GQRc8pVo=
-----END CERTIFICATE-----