Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/42/34352e3131362e31322e302f32322d3234203d3e2033323538.roa
File:                     34352e3131362e31322e302f32322d3234203d3e2033323538.roa (raw, json)
Hash identifier:          zVyF6jJ4txeTdRaatXCN+HfB5Icua3krS/M0wjETr/8=
Subject key identifier:   2A:15:B1:06:87:FB:A7:93:F8:C9:00:41:08:91:CC:B3:41:B6:8D:52
Certificate issuer:       /CN=A913250A0000/serialNumber=73683CF31A4147336D82C5218D7389B5D741DE1B
Certificate serial:       4D5A21D05FF3CB855A6B462613469D647D3D8C4D
Authority key identifier: 73:68:3C:F3:1A:41:47:33:6D:82:C5:21:8D:73:89:B5:D7:41:DE:1B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/42/34352e3131362e31322e302f32322d3234203d3e2033323538.roa
Signing time:             Thu 12 Dec 2024 06:24:14 +0000
ROA not before:           Thu 12 Dec 2024 06:19:14 +0000
ROA not after:            Thu 11 Dec 2025 06:24:14 +0000
asID:                     3258
IP address blocks:        45.116.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.crl
                          rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 06 Apr 2025 22:32:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:5a:21:d0:5f:f3:cb:85:5a:6b:46:26:13:46:9d:64:7d:3d:8c:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913250A0000
        Validity
            Not Before: Dec 12 06:19:14 2024 GMT
            Not After : Dec 11 06:24:14 2025 GMT
        Subject: CN=2A15B10687FBA793F8C900410891CCB341B68D52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:65:39:58:ef:8d:85:13:85:00:6a:7a:04:c3:
                    27:aa:53:79:dd:29:6f:37:aa:50:c9:92:1d:b5:2d:
                    8f:08:95:4b:17:6c:70:1e:5f:78:ec:df:79:76:8b:
                    47:24:4a:23:25:fd:7b:a3:08:60:f5:7b:d8:d0:65:
                    8c:be:39:b5:ce:a0:a4:92:65:82:cb:a9:57:fd:07:
                    02:b6:27:26:66:c3:84:98:dc:1c:2c:58:97:8c:68:
                    76:52:4c:00:3c:63:55:70:bb:64:81:29:00:ec:36:
                    68:4e:a7:df:dd:03:f3:ec:09:a6:3c:6a:00:36:d5:
                    0b:64:51:ef:e7:b3:46:0e:05:08:d5:f8:aa:fc:d8:
                    a6:75:82:4f:60:d8:7e:bb:c7:e3:b4:a1:06:86:3e:
                    23:5e:2d:0d:c7:a7:00:f9:df:09:57:25:12:89:4f:
                    8b:da:94:8a:51:cd:29:d8:91:df:6b:c1:a0:06:e0:
                    e3:7d:c3:cd:d4:ec:06:ea:bb:56:fc:e2:ca:9f:3d:
                    f4:2c:40:2c:92:c2:23:15:92:c7:b5:da:ef:56:94:
                    94:73:6a:77:21:dc:67:2e:bc:df:c0:91:e5:b0:1d:
                    0f:d4:2a:48:9d:9d:ee:9a:33:db:84:3b:13:a3:95:
                    28:10:50:a7:cc:f3:94:f4:97:0b:9c:f1:2a:8d:77:
                    3e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:15:B1:06:87:FB:A7:93:F8:C9:00:41:08:91:CC:B3:41:B6:8D:52
            X509v3 Authority Key Identifier:
                keyid:73:68:3C:F3:1A:41:47:33:6D:82:C5:21:8D:73:89:B5:D7:41:DE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/42/34352e3131362e31322e302f32322d3234203d3e2033323538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.116.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:5a:02:af:87:f4:f0:3c:1e:2d:8a:3d:45:58:41:86:0e:1e:
         48:e2:f4:47:8d:c1:95:97:bb:5f:93:0a:b6:3f:81:26:60:ac:
         b1:87:68:8b:c7:ee:0f:cf:2a:43:c2:97:27:69:e4:b5:77:32:
         ea:c6:41:b5:9d:a2:3b:fe:05:47:03:74:b7:08:6b:aa:17:7d:
         0d:57:85:20:40:9c:ec:74:ac:2e:1d:15:45:b5:bb:5c:54:15:
         dd:1b:b6:a9:1e:48:08:a8:34:99:82:a8:69:c8:1b:29:1f:16:
         f5:79:33:d7:21:cc:a6:9c:cc:53:20:6f:9f:7d:a0:1f:7a:31:
         b6:dd:ef:f0:dc:86:01:16:b2:ce:4a:68:b5:f4:fb:4b:10:59:
         54:69:9a:e9:f7:69:24:6e:79:7e:6f:1a:08:bd:c4:cf:cc:79:
         b2:8f:cc:50:31:a3:89:c9:9a:59:19:1f:70:b9:23:ba:ba:e1:
         d4:fb:36:c9:61:ee:7f:78:80:a4:4c:3c:1a:87:21:22:bb:b8:
         63:3a:c3:04:e2:a9:e1:24:46:a0:79:24:25:ea:fb:84:b5:d2:
         6f:11:8e:26:fb:1f:c1:ef:ce:d4:d0:91:cb:bb:58:60:e2:2b:
         a5:1f:90:f8:99:a0:53:a8:2b:ca:50:eb:1b:6f:63:6e:c0:84:
         86:59:eb:45
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUTVoh0F/zy4Vaa0YmE0adZH09jE0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxMzI1MEEwMDAwMTEwLwYDVQQFEyg3MzY4M0NGMzFB
NDE0NzMzNkQ4MkM1MjE4RDczODlCNUQ3NDFERTFCMB4XDTI0MTIxMjA2MTkxNFoX
DTI1MTIxMTA2MjQxNFowMzExMC8GA1UEAxMoMkExNUIxMDY4N0ZCQTc5M0Y4Qzkw
MDQxMDg5MUNDQjM0MUI2OEQ1MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOllOVjvjYUThQBqegTDJ6pTed0pbzeqUMmSHbUtjwiVSxdscB5feOzfeXaL
RyRKIyX9e6MIYPV72NBljL45tc6gpJJlgsupV/0HArYnJmbDhJjcHCxYl4xodlJM
ADxjVXC7ZIEpAOw2aE6n390D8+wJpjxqADbVC2RR7+ezRg4FCNX4qvzYpnWCT2DY
frvH47ShBoY+I14tDcenAPnfCVclEolPi9qUilHNKdiR32vBoAbg433DzdTsBuq7
Vvziyp899CxALJLCIxWSx7Xa71aUlHNqdyHcZy6838CR5bAdD9QqSJ2d7poz24Q7
E6OVKBBQp8zzlPSXC5zxKo13PtECAwEAAaOCAeYwggHiMB0GA1UdDgQWBBQqFbEG
h/unk/jJAEEIkcyzQbaNUjAfBgNVHSMEGDAWgBRzaDzzGkFHM22CxSGNc4m110He
GzAOBgNVHQ8BAf8EBAMCB4AwXwYDVR0fBFgwVjBUoFKgUIZOcnN5bmM6Ly9ycGtp
LnJvYS5uZXQvcnJkcC94VG9tLzQyLzczNjgzQ0YzMUE0MTQ3MzM2RDgyQzUyMThE
NzM4OUI1RDc0MURFMUIuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZi
cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjEx
RTJCQjQ2OEY3QzcyRkQxRkYyL2MyZzg4eHBCUnpOdGdzVWhqWE9KdGRkQjNocy5j
ZXIwdAYIKwYBBQUHAQsEaDBmMGQGCCsGAQUFBzALhlhyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDIvMzQzNTJlMzEzMTM2MmUzMTMyMmUzMDJmMzIzMjJk
MzIzNDIwM2QzZTIwMzMzMjM1Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItdAwwDQYJKoZIhvcNAQEL
BQADggEBABZaAq+H9PA8Hi2KPUVYQYYOHkji9EeNwZWXu1+TCrY/gSZgrLGHaIvH
7g/PKkPClydp5LV3MurGQbWdojv+BUcDdLcIa6oXfQ1XhSBAnOx0rC4dFUW1u1xU
Fd0btqkeSAioNJmCqGnIGykfFvV5M9chzKaczFMgb599oB96Mbbd7/DchgEWss5K
aLX0+0sQWVRpmun3aSRueX5vGgi9xM/MebKPzFAxo4nJmlkZH3C5I7q64dT7Nslh
7n94gKRMPBqHISK7uGM6wwTiqeEkRqB5JCXq+4S10m8Rjib7H8HvztTQkcu7WGDi
K6UfkPiZoFOoK8pQ6xtvY27AhIZZ60U=
-----END CERTIFICATE-----