Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630313a313a3a2f34382d3438203d3e203335353337.roa
File:                     326130343a366630313a313a3a2f34382d3438203d3e203335353337.roa (raw, json)
Hash identifier:          +EZRijBMEtUoaTn1gcXE6ou+e7DE+cNd9LeaEDnT/lE=
Subject key identifier:   CA:CE:39:A9:79:A6:CC:46:FB:6A:9A:16:0B:9A:26:EF:8E:46:80:54
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       6BAEFCDAC685007E88D12E640EA4FE1AC7079515
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630313a313a3a2f34382d3438203d3e203335353337.roa
Signing time:             Thu 12 Oct 2023 16:10:35 +0000
ROA not before:           Thu 12 Oct 2023 16:05:35 +0000
ROA not after:            Thu 10 Oct 2024 16:10:35 +0000
asID:                     35537
IP address blocks:        2a04:6f01:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:ae:fc:da:c6:85:00:7e:88:d1:2e:64:0e:a4:fe:1a:c7:07:95:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 12 16:05:35 2023 GMT
            Not After : Oct 10 16:10:35 2024 GMT
        Subject: CN=CACE39A979A6CC46FB6A9A160B9A26EF8E468054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d6:41:7a:6e:ad:33:fc:6e:1c:2b:a6:21:02:
                    4f:05:58:58:6e:6d:89:93:f6:00:17:b2:d9:a8:e5:
                    34:ae:ab:f5:c0:1d:60:aa:cb:ef:e6:41:83:95:17:
                    05:af:10:e6:51:12:59:cd:c4:58:f0:9b:4b:50:52:
                    5e:c1:08:4a:1c:b8:76:7b:dc:a1:cb:71:08:c3:ba:
                    9e:7d:ca:09:29:1f:7b:ba:37:83:b5:ee:20:36:55:
                    02:47:fd:46:d5:38:e6:61:16:22:9c:1a:fa:92:8e:
                    ae:13:f8:a9:5a:38:7b:31:33:d4:80:6b:1f:f6:37:
                    ec:9e:77:82:30:72:8d:67:20:66:cb:1b:5b:a3:bc:
                    35:01:0d:d9:4c:8b:79:54:2f:a6:da:70:35:cc:b7:
                    b6:ae:84:25:af:41:bd:98:83:f5:35:e9:98:0c:45:
                    94:9b:24:fb:8f:2f:cd:86:9d:27:18:7e:16:93:74:
                    b6:0d:ef:fd:9e:7d:3d:e5:ce:fb:cd:30:2f:21:11:
                    67:d5:73:fd:74:b3:19:40:ae:28:cb:dc:1a:bc:c8:
                    ba:d8:31:53:4f:dc:e8:78:d2:62:24:03:8d:2d:3f:
                    10:7b:85:1d:2f:b4:ab:01:0b:8c:aa:62:f0:cc:a6:
                    63:d4:0f:cf:87:38:7b:17:a5:a9:00:2a:17:65:71:
                    07:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:CE:39:A9:79:A6:CC:46:FB:6A:9A:16:0B:9A:26:EF:8E:46:80:54
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630313a313a3a2f34382d3438203d3e203335353337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f01:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:2a:cd:7f:f4:ed:c9:1a:da:d0:9b:62:01:4d:90:de:45:5d:
         9d:50:ae:61:6f:14:d5:a1:4e:b3:83:cb:63:4b:a9:05:cd:ba:
         95:8e:a1:77:de:ed:6e:21:fe:5e:45:22:2c:24:0c:43:31:43:
         ab:23:cf:7f:29:ba:45:e7:d7:32:74:b0:be:a5:83:fa:3f:75:
         72:2d:c1:b5:1a:e9:0b:9e:3c:19:dc:81:39:46:ae:20:b7:45:
         15:5f:de:3d:67:f5:aa:e8:22:49:fe:4a:5f:3f:4f:94:71:62:
         84:71:d9:60:ab:b2:11:a9:92:d2:57:b4:0f:89:71:a5:ad:25:
         ba:b2:a6:49:df:95:23:78:15:0c:19:56:1a:f4:ce:24:32:51:
         91:7b:a2:ba:d0:ba:2a:24:48:e4:04:df:a8:75:cb:ab:8c:e0:
         5e:cd:e6:f3:ca:53:71:b4:82:85:8c:80:b9:78:0b:a8:e9:92:
         88:33:79:33:61:6c:d5:2d:f1:4a:55:de:2d:5e:cc:c8:c9:5f:
         5a:d6:ca:d9:3f:dd:3a:51:37:61:82:da:89:ed:75:59:79:a9:
         5a:e7:ac:d5:72:03:c8:39:d9:38:b6:4b:8b:1a:a0:6e:91:30:
         0d:e5:70:95:67:b2:2c:7c:3a:2c:84:46:9e:3f:2a:85:7a:c4:
         a2:84:1e:c2
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIUa6782saFAH6I0S5kDqT+GscHlRUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMTIxNjA1MzVaFw0yNDEwMTAxNjEwMzVaMDMxMTAvBgNV
BAMTKENBQ0UzOUE5NzlBNkNDNDZGQjZBOUExNjBCOUEyNkVGOEU0NjgwNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm1kF6bq0z/G4cK6YhAk8FWFhu
bYmT9gAXstmo5TSuq/XAHWCqy+/mQYOVFwWvEOZRElnNxFjwm0tQUl7BCEocuHZ7
3KHLcQjDup59ygkpH3u6N4O17iA2VQJH/UbVOOZhFiKcGvqSjq4T+KlaOHsxM9SA
ax/2N+yed4Iwco1nIGbLG1ujvDUBDdlMi3lUL6bacDXMt7auhCWvQb2Yg/U16ZgM
RZSbJPuPL82GnScYfhaTdLYN7/2efT3lzvvNMC8hEWfVc/10sxlArijL3Bq8yLrY
MVNP3Oh40mIkA40tPxB7hR0vtKsBC4yqYvDMpmPUD8+HOHsXpakAKhdlcQdnAgMB
AAGjggHVMIIB0TAdBgNVHQ4EFgQUys45qXmmzEb7apoWC5om745GgFQwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB6BggrBgEFBQcBCwRuMGwwagYIKwYBBQUHMAuGXnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzEzYTMxM2EzYTJmMzQz
ODJkMzQzODIwM2QzZTIwMzMzNTM1MzMzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoEbwEAATANBgkq
hkiG9w0BAQsFAAOCAQEAnCrNf/TtyRra0JtiAU2Q3kVdnVCuYW8U1aFOs4PLY0up
Bc26lY6hd97tbiH+XkUiLCQMQzFDqyPPfym6RefXMnSwvqWD+j91ci3BtRrpC548
GdyBOUauILdFFV/ePWf1qugiSf5KXz9PlHFihHHZYKuyEamS0le0D4lxpa0lurKm
Sd+VI3gVDBlWGvTOJDJRkXuiutC6KiRI5ATfqHXLq4zgXs3m88pTcbSChYyAuXgL
qOmSiDN5M2Fs1S3xSlXeLV7MyMlfWtbK2T/dOlE3YYLaie11WXmpWues1XIDyDnZ
OLZLixqgbpEwDeVwlWeyLHw6LIRGnj8qhXrEooQewg==
-----END CERTIFICATE-----