Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/56/3130332e3139332e3132382e302f32342d3234203d3e2036313334.roa
File:                     3130332e3139332e3132382e302f32342d3234203d3e2036313334.roa (raw, json)
Hash identifier:          Gkk3pjPcBn1ydDwbDsy1KlefEvRWum7WwjI0/dDLNr0=
Subject key identifier:   74:33:5E:6D:7E:D3:FF:5C:E1:99:70:8B:1B:64:61:1A:44:B1:3B:2B
Certificate issuer:       /CN=A9181FC40000/serialNumber=E13D7744B2156E4150A1AF5D732E2A10994D8729
Certificate serial:       2D3B72CD20FD66A1E6F7F1ACC03BB203159F3142
Authority key identifier: E1:3D:77:44:B2:15:6E:41:50:A1:AF:5D:73:2E:2A:10:99:4D:87:29
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4T13RLIVbkFQoa9dcy4qEJlNhyk.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/56/3130332e3139332e3132382e302f32342d3234203d3e2036313334.roa
Signing time:             Wed 06 Nov 2024 18:22:05 +0000
ROA not before:           Wed 06 Nov 2024 18:17:05 +0000
ROA not after:            Wed 05 Nov 2025 18:22:05 +0000
asID:                     6134
IP address blocks:        103.193.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/56/E13D7744B2156E4150A1AF5D732E2A10994D8729.crl
                          rsync://rpki.roa.net/rrdp/xTom/56/E13D7744B2156E4150A1AF5D732E2A10994D8729.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4T13RLIVbkFQoa9dcy4qEJlNhyk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 17 Feb 2025 10:53:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:3b:72:cd:20:fd:66:a1:e6:f7:f1:ac:c0:3b:b2:03:15:9f:31:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9181FC40000
        Validity
            Not Before: Nov  6 18:17:05 2024 GMT
            Not After : Nov  5 18:22:05 2025 GMT
        Subject: CN=74335E6D7ED3FF5CE199708B1B64611A44B13B2B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:41:a8:68:5f:c5:70:dc:1d:a9:33:6c:ea:f7:
                    bd:0c:42:0c:bd:f9:bd:72:22:34:a4:91:7d:3c:6e:
                    ca:1f:d9:b1:47:ce:8b:98:81:8d:6a:07:9d:85:a4:
                    f3:7e:9e:c5:6d:97:3b:55:1e:75:dd:69:d1:b3:c6:
                    8b:6b:5a:a0:89:ef:2b:2c:c3:0f:7d:18:ae:c3:9e:
                    68:56:91:bf:6f:0c:e4:75:2c:c1:84:8f:fb:37:8e:
                    48:48:e7:75:93:9b:c7:bc:f0:3a:59:ad:7b:d7:23:
                    ed:f0:84:5f:e6:80:e9:b1:21:b8:93:91:3d:49:05:
                    8c:22:20:82:9a:72:a2:21:ee:83:0a:4a:d9:37:d7:
                    3a:a5:1c:16:6a:9c:e8:5e:dc:30:ad:84:d6:fa:10:
                    33:26:18:02:26:33:cc:a9:86:34:d9:44:cd:13:3d:
                    23:55:90:68:3d:47:d3:9d:34:59:97:f7:f7:9b:d2:
                    e7:0c:2b:af:4d:eb:11:4b:d4:d6:39:96:33:18:6f:
                    73:1f:7d:c2:9f:ef:a8:8e:de:63:22:81:62:d1:e6:
                    77:83:fc:b6:54:d5:22:b5:2e:e6:84:ce:61:c0:d5:
                    d6:c9:65:f0:c5:ed:35:62:39:fb:3a:cd:e4:c8:4e:
                    4e:ac:b6:3f:e5:2a:1e:4a:b7:b1:1f:91:c0:d0:06:
                    e6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:33:5E:6D:7E:D3:FF:5C:E1:99:70:8B:1B:64:61:1A:44:B1:3B:2B
            X509v3 Authority Key Identifier:
                keyid:E1:3D:77:44:B2:15:6E:41:50:A1:AF:5D:73:2E:2A:10:99:4D:87:29

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/56/E13D7744B2156E4150A1AF5D732E2A10994D8729.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4T13RLIVbkFQoa9dcy4qEJlNhyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/56/3130332e3139332e3132382e302f32342d3234203d3e2036313334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.193.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:ed:2d:6d:1d:28:55:47:32:59:0c:7a:24:41:83:ef:0b:cb:
         5c:de:3e:1b:ab:6f:7b:9d:ef:6a:a3:76:fb:c4:cc:7d:af:78:
         40:4d:8d:7d:fe:13:97:04:81:28:9e:2b:d4:90:a5:97:f3:97:
         af:26:16:a8:44:39:ba:93:3d:d1:f5:67:16:57:22:1a:ce:91:
         c5:a2:b5:27:73:68:e5:5e:56:8a:ae:d7:62:18:8a:1c:af:34:
         ea:fb:e9:f9:99:f3:f8:30:35:85:14:ea:73:d9:0a:b7:0f:0d:
         0f:1e:c1:a9:c2:a2:54:16:c3:10:c4:f1:66:aa:9c:99:33:ba:
         5c:da:38:c3:e9:bb:78:0f:c6:b7:de:cd:cf:38:fa:a7:96:43:
         67:8a:03:e6:5b:36:35:91:e1:19:42:83:c2:a7:78:4d:65:30:
         be:86:92:2e:18:d8:f0:a4:45:52:49:1d:98:d1:b2:02:98:06:
         f8:ea:11:5a:dd:30:d0:23:ca:62:d4:b1:9a:37:03:65:c5:ab:
         f7:97:27:7a:7f:2d:9d:8a:e4:33:f7:7a:16:bc:59:10:22:eb:
         4f:c2:21:40:05:8b:30:98:6f:78:a6:40:6b:6a:b5:54:da:3a:
         58:ac:7f:78:ea:1b:0e:45:58:72:4b:66:52:8a:0a:74:84:b1:
         e1:22:68:57
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIULTtyzSD9ZqHm9/GswDuyAxWfMUIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODFGQzQwMDAwMTEwLwYDVQQFEyhFMTNENzc0NEIy
MTU2RTQxNTBBMUFGNUQ3MzJFMkExMDk5NEQ4NzI5MB4XDTI0MTEwNjE4MTcwNVoX
DTI1MTEwNTE4MjIwNVowMzExMC8GA1UEAxMoNzQzMzVFNkQ3RUQzRkY1Q0UxOTk3
MDhCMUI2NDYxMUE0NEIxM0IyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOVBqGhfxXDcHakzbOr3vQxCDL35vXIiNKSRfTxuyh/ZsUfOi5iBjWoHnYWk
836exW2XO1Uedd1p0bPGi2taoInvKyzDD30YrsOeaFaRv28M5HUswYSP+zeOSEjn
dZObx7zwOlmte9cj7fCEX+aA6bEhuJORPUkFjCIggppyoiHugwpK2TfXOqUcFmqc
6F7cMK2E1voQMyYYAiYzzKmGNNlEzRM9I1WQaD1H0500WZf395vS5wwrr03rEUvU
1jmWMxhvcx99wp/vqI7eYyKBYtHmd4P8tlTVIrUu5oTOYcDV1sll8MXtNWI5+zrN
5MhOTqy2P+UqHkq3sR+RwNAG5k0CAwEAAaOCAeowggHmMB0GA1UdDgQWBBR0M15t
ftP/XOGZcIsbZGEaRLE7KzAfBgNVHSMEGDAWgBThPXdEshVuQVChr11zLioQmU2H
KTAOBgNVHQ8BAf8EBAMCB4AwXwYDVR0fBFgwVjBUoFKgUIZOcnN5bmM6Ly9ycGtp
LnJvYS5uZXQvcnJkcC94VG9tLzU2L0UxM0Q3NzQ0QjIxNTZFNDE1MEExQUY1RDcz
MkUyQTEwOTk0RDg3MjkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZi
cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjEx
RTJCQjQ2OEY3QzcyRkQxRkYyLzRUMTNSTElWYmtGUW9hOWRjeTRxRUpsTmh5ay5j
ZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNTYvMzEzMDMzMmUzMTM5MzMyZTMxMzIzODJlMzAyZjMy
MzQyZDMyMzQyMDNkM2UyMDM2MzEzMzM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ8GAMA0GCSqGSIb3
DQEBCwUAA4IBAQCQ7S1tHShVRzJZDHokQYPvC8tc3j4bq297ne9qo3b7xMx9r3hA
TY19/hOXBIEonivUkKWX85evJhaoRDm6kz3R9WcWVyIazpHForUnc2jlXlaKrtdi
GIocrzTq++n5mfP4MDWFFOpz2Qq3Dw0PHsGpwqJUFsMQxPFmqpyZM7pc2jjD6bt4
D8a33s3POPqnlkNnigPmWzY1keEZQoPCp3hNZTC+hpIuGNjwpEVSSR2Y0bICmAb4
6hFa3TDQI8pi1LGaNwNlxav3lyd6fy2diuQz93oWvFkQIutPwiFABYswmG94pkBr
arVU2jpYrH946hsORVhyS2ZSigp0hLHhImhX
-----END CERTIFICATE-----