Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/57/34352e3131372e3130302e302f32342d3234203d3e203233383538.roa
File:                     34352e3131372e3130302e302f32342d3234203d3e203233383538.roa (raw, json)
Hash identifier:          4yKK7RQLbJBx+gt7T7QZgKRPOxG5R1dHZfrXztWXnbY=
Subject key identifier:   1D:D1:A4:43:59:CC:E8:5C:42:59:56:82:21:F1:EB:3E:4F:85:21:22
Certificate issuer:       /CN=A91FA37D0000/serialNumber=5A19D2FDC8392727696F70449B8B32AF772091A8
Certificate serial:       3E5148ACD3A6D4F704D83B53CCAA4833D740902E
Authority key identifier: 5A:19:D2:FD:C8:39:27:27:69:6F:70:44:9B:8B:32:AF:77:20:91:A8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WhnS_cg5Jydpb3BEm4syr3cgkag.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/57/34352e3131372e3130302e302f32342d3234203d3e203233383538.roa
Signing time:             Sat 14 Sep 2024 01:22:23 +0000
ROA not before:           Sat 14 Sep 2024 01:17:23 +0000
ROA not after:            Sat 13 Sep 2025 01:22:23 +0000
asID:                     23858
IP address blocks:        45.117.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/57/5A19D2FDC8392727696F70449B8B32AF772091A8.crl
                          rsync://rpki.roa.net/rrdp/xTom/57/5A19D2FDC8392727696F70449B8B32AF772091A8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WhnS_cg5Jydpb3BEm4syr3cgkag.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Nov 2024 09:59:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:51:48:ac:d3:a6:d4:f7:04:d8:3b:53:cc:aa:48:33:d7:40:90:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FA37D0000/serialNumber=5A19D2FDC8392727696F70449B8B32AF772091A8
        Validity
            Not Before: Sep 14 01:17:23 2024 GMT
            Not After : Sep 13 01:22:23 2025 GMT
        Subject: CN=1DD1A44359CCE85C4259568221F1EB3E4F852122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3e:59:c7:2b:9b:d0:ba:44:f4:23:c8:2a:7c:
                    e8:c2:28:1e:48:ad:a2:44:d8:f4:34:f6:d9:1b:65:
                    f2:63:6b:f5:ea:45:1d:9f:b8:89:24:b2:62:eb:6c:
                    7b:4d:3f:09:64:d1:85:70:c5:bc:47:79:de:69:30:
                    fe:51:74:ec:69:9f:de:7f:a1:05:76:c3:14:db:81:
                    25:86:18:87:37:8d:a1:b8:0a:af:4e:d2:30:5c:19:
                    25:43:d6:a1:75:d8:a8:85:7c:ba:d2:09:b7:e9:da:
                    1b:ad:df:43:e8:35:c6:b5:e6:ee:ea:fd:4c:35:74:
                    9b:3e:60:c9:a2:47:8e:62:90:1e:c1:b2:c2:e6:8e:
                    73:83:c1:36:cd:b8:d5:d1:8c:e9:c8:e0:88:51:b3:
                    12:19:e4:65:7c:05:c7:f2:30:67:41:87:9d:02:cb:
                    0f:59:fc:bf:0d:cf:b5:9d:fe:27:84:ec:2a:8f:f9:
                    f8:77:fb:c7:bc:cd:0c:62:42:96:1d:1b:43:e6:1f:
                    47:fa:67:11:ad:47:42:47:e1:6e:72:cb:ec:41:fa:
                    52:75:5e:dd:2b:94:cf:a7:1a:53:cd:46:b8:7b:71:
                    f7:fc:36:ba:2f:25:41:39:70:e9:69:2d:c3:f0:5f:
                    51:1e:5b:9d:7d:aa:83:64:1c:24:be:5c:ad:a6:16:
                    10:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D1:A4:43:59:CC:E8:5C:42:59:56:82:21:F1:EB:3E:4F:85:21:22
            X509v3 Authority Key Identifier:
                keyid:5A:19:D2:FD:C8:39:27:27:69:6F:70:44:9B:8B:32:AF:77:20:91:A8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/57/5A19D2FDC8392727696F70449B8B32AF772091A8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WhnS_cg5Jydpb3BEm4syr3cgkag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/57/34352e3131372e3130302e302f32342d3234203d3e203233383538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:34:9f:73:da:c6:e0:86:67:f0:36:36:70:b9:45:f9:6b:71:
         dd:c4:47:69:a2:99:be:23:3d:ee:dc:a6:0c:51:4b:75:0e:56:
         7b:d9:a9:7f:65:e8:22:da:f8:5d:cf:72:37:1f:cf:13:6d:70:
         41:1f:5e:d8:c0:54:9d:27:aa:61:d7:92:9b:23:31:fd:89:a3:
         de:8f:9b:08:67:44:66:d6:b1:61:69:bf:dd:7f:ab:d6:ed:17:
         48:02:25:49:28:46:5d:b4:21:fe:4f:39:f4:4d:aa:18:87:d3:
         b2:78:77:08:81:1a:4c:28:68:12:8e:19:7f:cb:13:f0:6c:af:
         c9:60:a6:0e:b0:0f:1c:ba:48:ae:5c:aa:30:9a:28:f2:3d:89:
         49:c8:da:97:cf:22:5e:3f:dd:22:2e:3a:99:38:ed:db:85:ab:
         1d:d1:01:31:fd:9e:2a:84:da:15:51:de:08:de:b2:64:ac:ab:
         27:75:20:b4:3f:46:87:e1:10:64:4e:44:1a:1b:6a:12:e1:72:
         86:70:19:34:89:e3:63:43:5f:0d:1f:32:7f:af:93:b3:9d:11:
         b0:fa:6b:58:ba:9b:a7:43:3a:f1:e0:37:15:dc:39:86:02:30:
         36:f8:f0:31:9a:da:74:31:1e:85:bf:0e:10:ef:c1:1e:d6:e9:
         a8:85:99:91
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIUPlFIrNOm1PcE2DtTzKpIM9dAkC4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRkEzN0QwMDAwMTEwLwYDVQQFEyg1QTE5RDJGREM4
MzkyNzI3Njk2RjcwNDQ5QjhCMzJBRjc3MjA5MUE4MB4XDTI0MDkxNDAxMTcyM1oX
DTI1MDkxMzAxMjIyM1owMzExMC8GA1UEAxMoMUREMUE0NDM1OUNDRTg1QzQyNTk1
NjgyMjFGMUVCM0U0Rjg1MjEyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALE+Wccrm9C6RPQjyCp86MIoHkitokTY9DT22Rtl8mNr9epFHZ+4iSSyYuts
e00/CWTRhXDFvEd53mkw/lF07Gmf3n+hBXbDFNuBJYYYhzeNobgKr07SMFwZJUPW
oXXYqIV8utIJt+naG63fQ+g1xrXm7ur9TDV0mz5gyaJHjmKQHsGywuaOc4PBNs24
1dGM6cjgiFGzEhnkZXwFx/IwZ0GHnQLLD1n8vw3PtZ3+J4TsKo/5+Hf7x7zNDGJC
lh0bQ+YfR/pnEa1HQkfhbnLL7EH6UnVe3SuUz6caU81GuHtx9/w2ui8lQTlw6Wkt
w/BfUR5bnX2qg2QcJL5craYWEDUCAwEAAaOCAeowggHmMB0GA1UdDgQWBBQd0aRD
WczoXEJZVoIh8es+T4UhIjAfBgNVHSMEGDAWgBRaGdL9yDknJ2lvcESbizKvdyCR
qDAOBgNVHQ8BAf8EBAMCB4AwXwYDVR0fBFgwVjBUoFKgUIZOcnN5bmM6Ly9ycGtp
LnJvYS5uZXQvcnJkcC94VG9tLzU3LzVBMTlEMkZEQzgzOTI3Mjc2OTZGNzA0NDlC
OEIzMkFGNzcyMDkxQTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZi
cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjEx
RTJCQjQ2OEY3QzcyRkQxRkYyL1doblNfY2c1SnlkcGIzQkVtNHN5cjNjZ2thZy5j
ZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNTcvMzQzNTJlMzEzMTM3MmUzMTMwMzAyZTMwMmYzMjM0
MmQzMjM0MjAzZDNlMjAzMjMzMzgzNTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALXVkMA0GCSqGSIb3
DQEBCwUAA4IBAQBkNJ9z2sbghmfwNjZwuUX5a3HdxEdpopm+Iz3u3KYMUUt1DlZ7
2al/Zegi2vhdz3I3H88TbXBBH17YwFSdJ6ph15KbIzH9iaPej5sIZ0Rm1rFhab/d
f6vW7RdIAiVJKEZdtCH+Tzn0TaoYh9OyeHcIgRpMKGgSjhl/yxPwbK/JYKYOsA8c
ukiuXKowmijyPYlJyNqXzyJeP90iLjqZOO3bhasd0QEx/Z4qhNoVUd4I3rJkrKsn
dSC0P0aH4RBkTkQaG2oS4XKGcBk0ieNjQ18NHzJ/r5OznRGw+mtYupunQzrx4DcV
3DmGAjA2+PAxmtp0MR6Fvw4Q78Ee1umohZmR
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:06:48 2024 by rpki-client on console-fra.rpki-client.org