Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/42/3138302e3233352e3133362e302f32342d3234203d3e2039333132.roa
File:                     3138302e3233352e3133362e302f32342d3234203d3e2039333132.roa (raw, json)
Hash identifier:          pvW8+6JnmjAbAPlcqudfu9Zq7kXq735/LbZQ+cssRyw=
Subject key identifier:   3B:82:72:27:23:F5:B9:80:C7:80:D9:76:73:2E:98:C7:13:07:77:C7
Certificate issuer:       /CN=A913250A0000/serialNumber=73683CF31A4147336D82C5218D7389B5D741DE1B
Certificate serial:       2B2E2C51D98BDA87AC88CCCC584F3F21841C3286
Authority key identifier: 73:68:3C:F3:1A:41:47:33:6D:82:C5:21:8D:73:89:B5:D7:41:DE:1B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/42/3138302e3233352e3133362e302f32342d3234203d3e2039333132.roa
Signing time:             Thu 12 Dec 2024 06:24:33 +0000
ROA not before:           Thu 12 Dec 2024 06:19:33 +0000
ROA not after:            Thu 11 Dec 2025 06:24:33 +0000
asID:                     9312
IP address blocks:        180.235.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.crl
                          rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 06 Apr 2025 02:30:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:2e:2c:51:d9:8b:da:87:ac:88:cc:cc:58:4f:3f:21:84:1c:32:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913250A0000
        Validity
            Not Before: Dec 12 06:19:33 2024 GMT
            Not After : Dec 11 06:24:33 2025 GMT
        Subject: CN=3B82722723F5B980C780D976732E98C7130777C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2b:03:68:d0:49:a1:d0:c3:cb:50:8b:ec:b0:
                    63:9d:e8:48:86:17:e5:e5:c9:90:c8:38:04:87:e3:
                    bf:c2:49:0f:56:94:0a:e7:ab:ee:6c:85:28:2d:46:
                    b3:0f:eb:db:e7:10:5f:ed:fb:4d:c2:1c:cd:46:d5:
                    50:18:d0:e5:01:7b:35:92:8b:6f:69:cf:22:c7:da:
                    be:b2:89:31:a2:b0:39:26:90:d7:62:c2:e5:6c:de:
                    a0:99:e2:d5:f9:69:8a:a8:1b:84:80:06:ff:fc:97:
                    57:4f:7e:b1:7f:df:6e:b9:3b:02:c4:5a:13:ed:c2:
                    9d:d8:b8:42:9a:67:fa:43:34:a5:0c:37:4b:73:7d:
                    0a:7b:13:53:b0:b8:52:66:1c:b4:2c:8a:38:61:47:
                    a0:c3:de:d7:77:80:31:6b:0b:87:8c:b2:2b:11:86:
                    6e:01:98:e6:ae:a4:8b:d4:ec:be:35:fd:35:cb:54:
                    78:33:20:ba:d9:f9:f1:b2:cc:67:15:a4:1b:9e:2d:
                    6e:c1:eb:14:eb:d6:0d:83:bb:f3:88:ec:d3:33:3d:
                    67:72:ee:2a:66:ce:d2:4f:ca:f8:b2:fb:c9:52:f2:
                    42:65:91:8e:be:f3:67:b3:e9:c9:74:b3:fd:96:b0:
                    27:14:35:1d:34:43:63:da:bb:e1:7b:21:58:b3:00:
                    6b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:82:72:27:23:F5:B9:80:C7:80:D9:76:73:2E:98:C7:13:07:77:C7
            X509v3 Authority Key Identifier:
                keyid:73:68:3C:F3:1A:41:47:33:6D:82:C5:21:8D:73:89:B5:D7:41:DE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/42/3138302e3233352e3133362e302f32342d3234203d3e2039333132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  180.235.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:d8:f3:ab:4e:24:ed:b4:62:fb:f7:9f:e5:5b:ad:6a:90:57:
         db:27:12:f9:0a:0f:c3:b7:97:af:0d:2b:b6:fa:c3:c1:e9:37:
         ca:85:a5:5e:a8:4f:74:3a:45:61:7a:52:08:0f:68:01:01:a0:
         6b:ea:37:9f:52:dd:ca:af:3c:72:e5:f6:9e:80:b9:bd:c6:d0:
         4d:2c:19:df:cf:cd:3f:7e:aa:f5:81:16:24:04:c5:4b:2b:a2:
         38:c0:bd:5b:9a:e6:7e:08:d6:c7:07:ad:4b:68:c6:8a:6f:a4:
         8d:ba:cb:0a:14:6e:e1:ec:52:23:c0:21:d5:c6:2e:11:60:35:
         b1:1a:c8:cd:d6:5c:e2:89:42:b0:f5:df:3f:fd:2c:10:05:17:
         17:37:ee:9a:b8:a4:f1:de:54:7c:34:eb:77:7b:3f:76:81:17:
         94:70:a7:2c:eb:df:26:26:4b:57:9e:f5:f0:ed:44:1f:c5:35:
         c2:2c:08:57:41:96:8c:f5:b4:5b:73:af:ae:73:17:56:1e:bf:
         7c:62:ed:fe:c0:c6:05:49:e6:e0:5d:a3:6c:91:d0:83:c6:19:
         8b:82:78:36:cb:71:3f:37:6d:17:fc:f7:fd:6a:92:8f:de:b7:
         86:c4:07:5f:45:ee:57:4a:1a:c4:d2:64:e9:80:f4:31:42:44:
         11:6f:07:7b
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIUKy4sUdmL2oesiMzMWE8/IYQcMoYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxMzI1MEEwMDAwMTEwLwYDVQQFEyg3MzY4M0NGMzFB
NDE0NzMzNkQ4MkM1MjE4RDczODlCNUQ3NDFERTFCMB4XDTI0MTIxMjA2MTkzM1oX
DTI1MTIxMTA2MjQzM1owMzExMC8GA1UEAxMoM0I4MjcyMjcyM0Y1Qjk4MEM3ODBE
OTc2NzMyRTk4QzcxMzA3NzdDNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJUrA2jQSaHQw8tQi+ywY53oSIYX5eXJkMg4BIfjv8JJD1aUCuer7myFKC1G
sw/r2+cQX+37TcIczUbVUBjQ5QF7NZKLb2nPIsfavrKJMaKwOSaQ12LC5WzeoJni
1flpiqgbhIAG//yXV09+sX/fbrk7AsRaE+3Cndi4Qppn+kM0pQw3S3N9CnsTU7C4
UmYctCyKOGFHoMPe13eAMWsLh4yyKxGGbgGY5q6ki9TsvjX9NctUeDMgutn58bLM
ZxWkG54tbsHrFOvWDYO784js0zM9Z3LuKmbO0k/K+LL7yVLyQmWRjr7zZ7PpyXSz
/ZawJxQ1HTRDY9q74XshWLMAawsCAwEAAaOCAeowggHmMB0GA1UdDgQWBBQ7gnIn
I/W5gMeA2XZzLpjHEwd3xzAfBgNVHSMEGDAWgBRzaDzzGkFHM22CxSGNc4m110He
GzAOBgNVHQ8BAf8EBAMCB4AwXwYDVR0fBFgwVjBUoFKgUIZOcnN5bmM6Ly9ycGtp
LnJvYS5uZXQvcnJkcC94VG9tLzQyLzczNjgzQ0YzMUE0MTQ3MzM2RDgyQzUyMThE
NzM4OUI1RDc0MURFMUIuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZi
cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjEx
RTJCQjQ2OEY3QzcyRkQxRkYyL2MyZzg4eHBCUnpOdGdzVWhqWE9KdGRkQjNocy5j
ZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDIvMzEzODMwMmUzMjMzMzUyZTMxMzMzNjJlMzAyZjMy
MzQyZDMyMzQyMDNkM2UyMDM5MzMzMTMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtOuIMA0GCSqGSIb3
DQEBCwUAA4IBAQBN2POrTiTttGL795/lW61qkFfbJxL5Cg/Dt5evDSu2+sPB6TfK
haVeqE90OkVhelIID2gBAaBr6jefUt3Krzxy5faegLm9xtBNLBnfz80/fqr1gRYk
BMVLK6I4wL1bmuZ+CNbHB61LaMaKb6SNussKFG7h7FIjwCHVxi4RYDWxGsjN1lzi
iUKw9d8//SwQBRcXN+6auKTx3lR8NOt3ez92gReUcKcs698mJktXnvXw7UQfxTXC
LAhXQZaM9bRbc6+ucxdWHr98Yu3+wMYFSebgXaNskdCDxhmLgng2y3E/N20X/Pf9
apKP3reGxAdfRe5XShrE0mTpgPQxQkQRbwd7
-----END CERTIFICATE-----