Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3332203d3e203233383538.roa
File:                     3138352e33372e3235352e302f32342d3332203d3e203233383538.roa (raw, json)
Hash identifier:          x5isy64xGYdjZMpSzWO0XRvyXtS7KB6OkPd5AAI8uoY=
Subject key identifier:   A2:9C:9A:65:7A:A6:79:07:98:4A:C7:8B:C6:7E:37:D0:04:E1:08:03
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       7F7CE8D551E0BA057FBF3865479D519B02D420FB
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3332203d3e203233383538.roa
Signing time:             Thu 08 Feb 2024 14:29:42 +0000
ROA not before:           Thu 08 Feb 2024 14:24:42 +0000
ROA not after:            Thu 06 Feb 2025 14:29:42 +0000
asID:                     23858
IP address blocks:        185.37.255.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:7c:e8:d5:51:e0:ba:05:7f:bf:38:65:47:9d:51:9b:02:d4:20:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Feb  8 14:24:42 2024 GMT
            Not After : Feb  6 14:29:42 2025 GMT
        Subject: CN=A29C9A657AA67907984AC78BC67E37D004E10803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5c:7d:5f:79:e3:5a:b9:e3:9f:8c:8a:88:bc:
                    a9:d4:6c:e1:1c:56:52:da:60:0c:7e:99:94:d1:76:
                    4f:25:b6:5f:35:66:82:eb:02:c3:1c:31:ad:1a:32:
                    e2:53:f7:22:49:7a:7f:be:13:cb:ee:e6:70:f3:1b:
                    4b:fe:fe:26:bc:34:59:ba:20:54:03:7f:00:56:ab:
                    df:76:ba:9a:4b:3c:fb:ce:cc:37:43:f0:b8:d3:b9:
                    76:da:95:cd:a9:ae:f8:4c:23:c5:44:8a:1c:0d:94:
                    fc:0a:46:e9:c4:4c:c8:ac:20:ef:70:f5:d0:54:9f:
                    22:4b:ef:8c:e7:a8:e8:48:39:e9:d8:d7:1a:04:da:
                    d1:2e:4b:c6:ff:01:f9:88:47:2e:da:59:b6:28:21:
                    f7:12:f7:2d:eb:50:fe:16:37:eb:b5:c6:da:24:8c:
                    16:ab:87:7c:31:3b:c8:fd:1d:14:2b:c2:61:ce:57:
                    cf:0a:3c:7e:2f:89:0b:0d:b3:61:78:cd:41:c0:10:
                    43:3e:66:b7:65:21:49:7b:67:d1:1a:e9:e1:33:96:
                    0b:4c:68:27:95:ab:df:ad:1b:7f:4c:73:09:4b:4f:
                    fd:8b:b1:41:fb:f6:a5:16:4a:9a:7c:e8:86:eb:7b:
                    30:1a:22:69:5d:73:73:56:98:17:a4:e7:fc:e9:b7:
                    b0:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:9C:9A:65:7A:A6:79:07:98:4A:C7:8B:C6:7E:37:D0:04:E1:08:03
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3332203d3e203233383538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:36:9e:83:56:34:f1:1c:8c:e1:ef:fb:e2:6a:67:43:5a:38:
         41:a4:70:1c:dd:68:86:4f:a5:31:bb:04:f3:c1:56:52:5a:cc:
         a2:74:3c:d5:8d:ac:3d:3c:92:cb:92:ce:72:58:61:43:e4:3b:
         81:dc:3e:cf:be:fb:59:a7:ad:49:2e:e3:f9:36:01:32:eb:1d:
         60:b3:0e:03:5b:8b:e7:10:46:dc:53:23:b1:84:a2:d4:74:ae:
         93:41:fb:60:3a:e7:ac:80:34:f8:fe:c2:f8:d6:92:ea:ca:77:
         90:65:61:f3:70:20:c2:c3:2f:bf:11:3c:76:2f:19:87:b1:b8:
         c4:73:20:69:07:a4:bc:b2:88:50:7a:54:04:27:f3:67:bf:b7:
         d2:f9:d1:a7:41:2c:61:62:36:67:26:14:51:09:a3:27:6e:87:
         d4:bc:32:6d:e3:d9:60:29:43:47:b5:6e:76:56:c1:9a:54:68:
         e7:ac:e5:4e:21:b2:5d:48:f7:9b:24:e4:30:62:f7:42:69:65:
         f7:6f:79:65:16:af:11:e7:06:c9:91:97:48:fb:19:37:75:72:
         6b:2c:ed:c2:ee:00:ce:ca:1c:d3:0c:a6:8f:cd:2a:3c:89:25:
         c7:50:85:82:1d:3b:9d:b5:ab:d8:ae:57:28:3b:c2:d8:ff:db:
         32:06:78:e9
-----BEGIN CERTIFICATE-----
MIIExjCCA66gAwIBAgIUf3zo1VHgugV/vzhlR51RmwLUIPswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNDAyMDgxNDI0NDJaFw0yNTAyMDYxNDI5NDJaMDMxMTAvBgNV
BAMTKEEyOUM5QTY1N0FBNjc5MDc5ODRBQzc4QkM2N0UzN0QwMDRFMTA4MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCXH1feeNaueOfjIqIvKnUbOEc
VlLaYAx+mZTRdk8ltl81ZoLrAsMcMa0aMuJT9yJJen++E8vu5nDzG0v+/ia8NFm6
IFQDfwBWq992uppLPPvOzDdD8LjTuXbalc2prvhMI8VEihwNlPwKRunETMisIO9w
9dBUnyJL74znqOhIOenY1xoE2tEuS8b/AfmIRy7aWbYoIfcS9y3rUP4WN+u1xtok
jBarh3wxO8j9HRQrwmHOV88KPH4viQsNs2F4zUHAEEM+ZrdlIUl7Z9Ea6eEzlgtM
aCeVq9+tG39McwlLT/2LsUH79qUWSpp86IbrezAaImldc3NWmBek5/zpt7C9AgMB
AAGjggHQMIIBzDAdBgNVHQ4EFgQUopyaZXqmeQeYSseLxn430AThCAMwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB4BggrBgEFBQcBCwRsMGowaAYIKwYBBQUHMAuGXHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMTM4MzUyZTMzMzcyZTMyMzUzNTJlMzAyZjMyMzQy
ZDMzMzIyMDNkM2UyMDMyMzMzODM1Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5Jf8wDQYJKoZIhvcN
AQELBQADggEBAGA2noNWNPEcjOHv++JqZ0NaOEGkcBzdaIZPpTG7BPPBVlJazKJ0
PNWNrD08ksuSznJYYUPkO4HcPs+++1mnrUku4/k2ATLrHWCzDgNbi+cQRtxTI7GE
otR0rpNB+2A656yANPj+wvjWkurKd5BlYfNwIMLDL78RPHYvGYexuMRzIGkHpLyy
iFB6VAQn82e/t9L50adBLGFiNmcmFFEJoyduh9S8Mm3j2WApQ0e1bnZWwZpUaOes
5U4hsl1I95sk5DBi90JpZfdveWUWrxHnBsmRl0j7GTd1cmss7cLuAM7KHNMMpo/N
KjyJJcdQhYIdO521q9iuVyg7wtj/2zIGeOk=
-----END CERTIFICATE-----