Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/42/3135372e3131392e3130302e302f32322d3234203d3e2033323538.roa
File:                     3135372e3131392e3130302e302f32322d3234203d3e2033323538.roa (raw, json)
Hash identifier:          7c9jMtUbgGoPhR4Cn4grcg92ice/vIsoAgLxdNOL2jI=
Subject key identifier:   76:FA:53:22:37:38:93:D7:8B:2B:C5:81:BB:74:A3:76:B5:FC:11:81
Certificate issuer:       /CN=A913250A0000/serialNumber=73683CF31A4147336D82C5218D7389B5D741DE1B
Certificate serial:       7C521B8045891E09F3205B0D59778EED8E858CD7
Authority key identifier: 73:68:3C:F3:1A:41:47:33:6D:82:C5:21:8D:73:89:B5:D7:41:DE:1B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/42/3135372e3131392e3130302e302f32322d3234203d3e2033323538.roa
Signing time:             Tue 10 Dec 2024 07:28:59 +0000
ROA not before:           Tue 10 Dec 2024 07:23:59 +0000
ROA not after:            Tue 09 Dec 2025 07:28:59 +0000
asID:                     3258
IP address blocks:        157.119.100.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.crl
                          rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 07 Apr 2025 15:07:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:52:1b:80:45:89:1e:09:f3:20:5b:0d:59:77:8e:ed:8e:85:8c:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913250A0000
        Validity
            Not Before: Dec 10 07:23:59 2024 GMT
            Not After : Dec  9 07:28:59 2025 GMT
        Subject: CN=76FA5322373893D78B2BC581BB74A376B5FC1181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ce:ea:da:9d:64:be:be:81:43:bd:26:2a:39:
                    a7:52:9e:7f:c3:42:19:84:df:a4:6d:a5:d0:71:69:
                    0e:0a:b5:7e:39:21:6f:d6:b1:d1:ec:8f:00:6e:71:
                    5c:39:ce:53:9a:58:06:0e:66:b2:21:56:28:f1:9a:
                    8a:85:2d:ad:7a:a3:3a:74:8b:2c:30:5b:85:a0:79:
                    31:98:52:8e:5d:95:6e:36:cc:d5:3d:01:5c:22:78:
                    c6:9f:4a:38:4c:f8:e7:33:bd:1d:75:8d:74:fb:11:
                    78:69:c2:56:35:fc:3a:18:1f:92:a0:9b:65:e0:be:
                    47:5f:0c:f6:9d:43:c6:68:fc:67:e0:78:69:77:89:
                    6d:e4:5e:b4:e0:eb:1c:f6:65:6b:27:66:e9:6c:63:
                    a8:37:a3:0c:8a:e8:7e:2e:12:9f:ae:25:33:29:c1:
                    01:52:fd:a3:5e:82:7b:b6:6c:72:99:3a:ec:ed:b8:
                    3f:6f:e9:47:00:7c:2c:7e:bc:e3:59:fe:4f:66:e0:
                    b9:16:d4:cc:c3:29:bd:a8:d2:64:56:76:6d:c6:51:
                    22:cb:6e:7d:ed:48:e4:80:8f:27:e7:d6:18:2d:c5:
                    5f:d1:2d:80:61:3f:10:84:2b:e4:f9:d4:41:f4:b0:
                    c8:f4:a9:24:98:5f:8c:40:2e:45:ae:c6:66:47:5c:
                    63:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:FA:53:22:37:38:93:D7:8B:2B:C5:81:BB:74:A3:76:B5:FC:11:81
            X509v3 Authority Key Identifier:
                keyid:73:68:3C:F3:1A:41:47:33:6D:82:C5:21:8D:73:89:B5:D7:41:DE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/42/3135372e3131392e3130302e302f32322d3234203d3e2033323538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.119.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:ba:20:fa:49:8d:85:8f:38:45:03:2b:41:a9:09:b8:8c:8e:
         2a:e7:c5:a0:c5:68:7a:4f:bb:10:f1:84:01:4d:a3:16:57:57:
         66:8d:0e:4d:f5:34:47:90:a4:75:56:59:87:4b:ca:36:95:c8:
         e4:3f:94:b6:38:f7:08:97:a3:55:6d:ed:ca:e8:c4:e1:fd:40:
         23:03:cf:d4:09:4d:c1:b1:9b:0e:56:eb:f8:e5:27:c5:43:2b:
         a4:ba:54:71:b6:90:ca:9f:3e:1c:54:85:df:ab:78:e0:65:15:
         16:73:ac:87:b1:ed:20:c5:aa:a7:72:08:2c:cc:1c:0d:82:13:
         60:59:8d:82:97:32:c1:40:09:a7:11:97:0c:e4:db:a3:54:36:
         c0:a4:59:81:d8:a2:ec:57:be:57:8f:30:65:4e:99:37:d9:83:
         6d:9a:b9:af:e6:13:95:18:f6:7b:a2:98:76:20:01:1b:7b:69:
         8a:d3:e6:7d:3e:46:c2:83:ba:bf:5e:45:06:dc:92:82:23:bd:
         92:7f:fc:ff:f1:54:98:70:63:66:60:3d:c1:a3:59:f5:72:d3:
         4b:4a:75:4d:e8:76:75:39:c4:c1:16:c3:9a:0e:87:b6:06:32:
         da:72:47:a0:00:14:26:47:af:d9:6e:c1:cb:d2:45:f9:fc:32:
         21:2f:db:10
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIUfFIbgEWJHgnzIFsNWXeO7Y6FjNcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxMzI1MEEwMDAwMTEwLwYDVQQFEyg3MzY4M0NGMzFB
NDE0NzMzNkQ4MkM1MjE4RDczODlCNUQ3NDFERTFCMB4XDTI0MTIxMDA3MjM1OVoX
DTI1MTIwOTA3Mjg1OVowMzExMC8GA1UEAxMoNzZGQTUzMjIzNzM4OTNENzhCMkJD
NTgxQkI3NEEzNzZCNUZDMTE4MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMPO6tqdZL6+gUO9Jio5p1Kef8NCGYTfpG2l0HFpDgq1fjkhb9ax0eyPAG5x
XDnOU5pYBg5msiFWKPGaioUtrXqjOnSLLDBbhaB5MZhSjl2VbjbM1T0BXCJ4xp9K
OEz45zO9HXWNdPsReGnCVjX8OhgfkqCbZeC+R18M9p1Dxmj8Z+B4aXeJbeRetODr
HPZlaydm6WxjqDejDIrofi4Sn64lMynBAVL9o16Ce7Zscpk67O24P2/pRwB8LH68
41n+T2bguRbUzMMpvajSZFZ2bcZRIstufe1I5ICPJ+fWGC3FX9EtgGE/EIQr5PnU
QfSwyPSpJJhfjEAuRa7GZkdcY+cCAwEAAaOCAeowggHmMB0GA1UdDgQWBBR2+lMi
NziT14srxYG7dKN2tfwRgTAfBgNVHSMEGDAWgBRzaDzzGkFHM22CxSGNc4m110He
GzAOBgNVHQ8BAf8EBAMCB4AwXwYDVR0fBFgwVjBUoFKgUIZOcnN5bmM6Ly9ycGtp
LnJvYS5uZXQvcnJkcC94VG9tLzQyLzczNjgzQ0YzMUE0MTQ3MzM2RDgyQzUyMThE
NzM4OUI1RDc0MURFMUIuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZi
cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjEx
RTJCQjQ2OEY3QzcyRkQxRkYyL2MyZzg4eHBCUnpOdGdzVWhqWE9KdGRkQjNocy5j
ZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDIvMzEzNTM3MmUzMTMxMzkyZTMxMzAzMDJlMzAyZjMy
MzIyZDMyMzQyMDNkM2UyMDMzMzIzNTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCnXdkMA0GCSqGSIb3
DQEBCwUAA4IBAQBTuiD6SY2FjzhFAytBqQm4jI4q58WgxWh6T7sQ8YQBTaMWV1dm
jQ5N9TRHkKR1VlmHS8o2lcjkP5S2OPcIl6NVbe3K6MTh/UAjA8/UCU3BsZsOVuv4
5SfFQyukulRxtpDKnz4cVIXfq3jgZRUWc6yHse0gxaqncggszBwNghNgWY2ClzLB
QAmnEZcM5NujVDbApFmB2KLsV75XjzBlTpk32YNtmrmv5hOVGPZ7oph2IAEbe2mK
0+Z9PkbCg7q/XkUG3JKCI72Sf/z/8VSYcGNmYD3Bo1n1ctNLSnVN6HZ1OcTBFsOa
Doe2BjLackegABQmR6/ZbsHL0kX5/DIhL9sQ
-----END CERTIFICATE-----