Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/42/34352e3131362e31322e302f32322d3234203d3e2039333132.roa
File:                     34352e3131362e31322e302f32322d3234203d3e2039333132.roa (raw, json)
Hash identifier:          UWEL7CudYC92zt8CEiOQCyv8nDS9DnU3NbY49hTr/LU=
Subject key identifier:   B3:36:31:AD:CC:66:67:6F:DE:CB:D2:26:C0:DD:33:4E:B3:A5:8A:34
Certificate issuer:       /CN=A913250A0000/serialNumber=73683CF31A4147336D82C5218D7389B5D741DE1B
Certificate serial:       745BB2A2FEFCD5E8AE113AB44BAF9ED98F490C27
Authority key identifier: 73:68:3C:F3:1A:41:47:33:6D:82:C5:21:8D:73:89:B5:D7:41:DE:1B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/42/34352e3131362e31322e302f32322d3234203d3e2039333132.roa
Signing time:             Thu 12 Dec 2024 06:24:06 +0000
ROA not before:           Thu 12 Dec 2024 06:19:06 +0000
ROA not after:            Thu 11 Dec 2025 06:24:06 +0000
asID:                     9312
IP address blocks:        45.116.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.crl
                          rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 06 Apr 2025 02:30:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:5b:b2:a2:fe:fc:d5:e8:ae:11:3a:b4:4b:af:9e:d9:8f:49:0c:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913250A0000
        Validity
            Not Before: Dec 12 06:19:06 2024 GMT
            Not After : Dec 11 06:24:06 2025 GMT
        Subject: CN=B33631ADCC66676FDECBD226C0DD334EB3A58A34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:43:ce:2a:17:a6:53:a3:69:b8:da:17:b1:a7:
                    c9:9f:0a:f9:c3:61:da:c9:06:cc:c5:2f:f2:f3:32:
                    1b:fb:fd:68:d3:a7:ed:84:f8:6e:da:c3:61:eb:29:
                    71:69:b7:cb:b2:ad:71:32:eb:64:0e:cd:06:1a:cd:
                    ae:a7:d7:78:bb:2e:c2:d6:b2:75:87:50:48:04:ca:
                    42:ad:10:bb:51:9f:69:a9:ea:3c:83:54:63:e1:4c:
                    47:b0:3d:82:3d:f7:23:10:58:09:ad:b9:48:2a:2b:
                    52:15:e7:78:ba:0b:a6:ca:68:e8:59:6b:35:20:32:
                    a4:2e:ca:2f:4e:64:6d:78:b7:be:f8:a1:a9:f2:41:
                    bb:0f:ec:0f:f3:b0:92:c0:3d:36:66:f5:3b:ac:3d:
                    70:7a:4e:08:9a:87:b0:da:16:92:fe:08:d8:61:4a:
                    3e:31:d3:10:3d:85:0c:cb:5f:2c:7f:8a:d1:9b:fc:
                    e7:02:cc:0f:39:82:64:b4:8e:ac:b0:ce:8a:34:ab:
                    16:d5:12:10:6f:c3:c1:04:20:cb:32:cb:d5:15:a7:
                    0b:c6:af:1f:a8:bb:4f:7f:c0:21:91:f9:b9:5d:e6:
                    5d:0c:79:60:4e:31:32:fb:33:3b:1d:db:62:b1:95:
                    ce:5f:eb:3f:6f:77:31:67:85:55:95:49:bb:66:f8:
                    33:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:36:31:AD:CC:66:67:6F:DE:CB:D2:26:C0:DD:33:4E:B3:A5:8A:34
            X509v3 Authority Key Identifier:
                keyid:73:68:3C:F3:1A:41:47:33:6D:82:C5:21:8D:73:89:B5:D7:41:DE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/42/73683CF31A4147336D82C5218D7389B5D741DE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c2g88xpBRzNtgsUhjXOJtddB3hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/42/34352e3131362e31322e302f32322d3234203d3e2039333132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.116.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:a8:78:96:81:0c:45:de:1d:68:b0:b1:59:fe:13:0e:d4:12:
         28:e8:cb:a3:f8:bf:24:be:e8:e8:a9:28:85:79:49:81:54:9e:
         36:7a:ab:b4:ef:7e:a7:f3:40:0e:91:71:59:dd:79:7c:46:7f:
         00:9a:a3:e4:94:b0:ce:50:5c:02:c4:f2:e8:25:8b:51:87:5b:
         57:e3:9d:a3:b7:f2:20:25:fd:77:01:9f:ce:2b:88:d9:c7:64:
         4a:32:85:80:b3:af:82:a4:19:23:3f:10:54:4d:90:9e:57:fa:
         f3:91:ed:00:9c:12:03:2f:53:78:98:66:84:92:f4:6a:56:80:
         1f:29:0e:b4:ee:25:51:26:98:89:51:fb:b6:bd:9f:84:87:66:
         81:4a:ee:52:6e:ae:d3:2a:52:41:dc:8a:da:b6:9e:c2:bf:f6:
         39:e0:d2:f5:70:c2:1a:43:6d:8f:44:67:60:9e:c8:95:21:61:
         bc:3e:d0:65:79:cf:61:90:fb:b2:12:dd:c8:44:9e:ca:85:7f:
         8c:c1:18:75:8d:09:16:f7:48:f5:f9:e8:7b:00:d1:93:49:84:
         2f:4a:51:2f:3f:c0:b4:ee:50:0c:e2:35:ca:8a:17:18:9f:d7:
         7c:d7:b2:31:d2:a2:d7:f7:10:54:08:2b:26:e9:f8:6b:a3:48:
         5f:59:b3:a8
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUdFuyov781eiuETq0S6+e2Y9JDCcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxMzI1MEEwMDAwMTEwLwYDVQQFEyg3MzY4M0NGMzFB
NDE0NzMzNkQ4MkM1MjE4RDczODlCNUQ3NDFERTFCMB4XDTI0MTIxMjA2MTkwNloX
DTI1MTIxMTA2MjQwNlowMzExMC8GA1UEAxMoQjMzNjMxQURDQzY2Njc2RkRFQ0JE
MjI2QzBERDMzNEVCM0E1OEEzNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMhDzioXplOjabjaF7GnyZ8K+cNh2skGzMUv8vMyG/v9aNOn7YT4btrDYesp
cWm3y7KtcTLrZA7NBhrNrqfXeLsuwtaydYdQSATKQq0Qu1GfaanqPINUY+FMR7A9
gj33IxBYCa25SCorUhXneLoLpspo6FlrNSAypC7KL05kbXi3vvihqfJBuw/sD/Ow
ksA9Nmb1O6w9cHpOCJqHsNoWkv4I2GFKPjHTED2FDMtfLH+K0Zv85wLMDzmCZLSO
rLDOijSrFtUSEG/DwQQgyzLL1RWnC8avH6i7T3/AIZH5uV3mXQx5YE4xMvszOx3b
YrGVzl/rP293MWeFVZVJu2b4M38CAwEAAaOCAeYwggHiMB0GA1UdDgQWBBSzNjGt
zGZnb97L0ibA3TNOs6WKNDAfBgNVHSMEGDAWgBRzaDzzGkFHM22CxSGNc4m110He
GzAOBgNVHQ8BAf8EBAMCB4AwXwYDVR0fBFgwVjBUoFKgUIZOcnN5bmM6Ly9ycGtp
LnJvYS5uZXQvcnJkcC94VG9tLzQyLzczNjgzQ0YzMUE0MTQ3MzM2RDgyQzUyMThE
NzM4OUI1RDc0MURFMUIuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZi
cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjEx
RTJCQjQ2OEY3QzcyRkQxRkYyL2MyZzg4eHBCUnpOdGdzVWhqWE9KdGRkQjNocy5j
ZXIwdAYIKwYBBQUHAQsEaDBmMGQGCCsGAQUFBzALhlhyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDIvMzQzNTJlMzEzMTM2MmUzMTMyMmUzMDJmMzIzMjJk
MzIzNDIwM2QzZTIwMzkzMzMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItdAwwDQYJKoZIhvcNAQEL
BQADggEBAIeoeJaBDEXeHWiwsVn+Ew7UEijoy6P4vyS+6OipKIV5SYFUnjZ6q7Tv
fqfzQA6RcVndeXxGfwCao+SUsM5QXALE8ugli1GHW1fjnaO38iAl/XcBn84riNnH
ZEoyhYCzr4KkGSM/EFRNkJ5X+vOR7QCcEgMvU3iYZoSS9GpWgB8pDrTuJVEmmIlR
+7a9n4SHZoFK7lJurtMqUkHcitq2nsK/9jng0vVwwhpDbY9EZ2CeyJUhYbw+0GV5
z2GQ+7IS3chEnsqFf4zBGHWNCRb3SPX56HsA0ZNJhC9KUS8/wLTuUAziNcqKFxif
13zXsjHSotf3EFQIKybp+GujSF9Zs6g=
-----END CERTIFICATE-----