Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534303a3a2f33322d3438203d3e203537383438.roa
File:                     326130623a323534303a3a2f33322d3438203d3e203537383438.roa (raw, json)
Hash identifier:          pzlqzRMA6yz9ogDxeAA40cJEy1hvuhGyW1X1aVO9faM=
Subject key identifier:   C7:0F:57:0E:7E:9C:1B:49:9D:A5:C6:01:4A:21:A0:9B:DB:38:9A:C2
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       31D514952F4DD1B95DF7EE2B429C4992003DCAAD
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534303a3a2f33322d3438203d3e203537383438.roa
Signing time:             Thu 12 Oct 2023 16:10:34 +0000
ROA not before:           Thu 12 Oct 2023 16:05:34 +0000
ROA not after:            Thu 10 Oct 2024 16:10:34 +0000
asID:                     57848
IP address blocks:        2a0b:2540::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:d5:14:95:2f:4d:d1:b9:5d:f7:ee:2b:42:9c:49:92:00:3d:ca:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 12 16:05:34 2023 GMT
            Not After : Oct 10 16:10:34 2024 GMT
        Subject: CN=C70F570E7E9C1B499DA5C6014A21A09BDB389AC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d6:2a:2b:9a:c7:57:36:97:34:4a:86:c7:bf:
                    7a:4a:1b:3c:1f:83:c5:31:70:84:81:d9:4c:d5:e1:
                    ce:dc:37:0f:c6:78:d0:e0:f5:f7:35:c7:f4:fe:5e:
                    ad:31:62:4b:de:b9:46:87:08:b3:91:a5:46:48:d5:
                    03:c2:92:ec:9e:14:34:a6:5a:4d:9e:8b:e1:c1:90:
                    74:6a:03:23:be:93:d4:8d:f3:02:e7:81:0b:ad:d9:
                    2a:99:74:c0:dd:b5:4f:a5:23:fd:b6:16:46:22:b1:
                    25:c5:3f:05:ba:06:d2:85:ef:cb:22:74:78:f4:e8:
                    bc:5a:1e:0d:d9:4c:32:49:2c:d5:4c:b7:b4:04:01:
                    a3:f8:b2:af:93:da:63:5e:62:06:8a:b6:77:91:c1:
                    4a:d6:3f:e1:af:52:45:71:29:2f:a4:47:40:14:32:
                    d9:69:a6:c1:fe:79:04:ee:bb:cb:4e:04:6b:fb:17:
                    c9:60:59:4e:d0:1c:3e:0c:4d:31:48:48:86:af:30:
                    fb:74:b1:42:99:a2:f5:55:95:39:90:cd:b1:b1:d3:
                    1d:be:24:77:2a:35:a4:1c:3a:26:60:61:6e:97:b6:
                    55:9f:92:17:1e:2a:bf:86:9e:e0:b2:72:98:08:c1:
                    df:74:2b:d2:3c:6c:a8:08:78:68:e2:14:29:51:b0:
                    11:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:0F:57:0E:7E:9C:1B:49:9D:A5:C6:01:4A:21:A0:9B:DB:38:9A:C2
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534303a3a2f33322d3438203d3e203537383438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2540::/32

    Signature Algorithm: sha256WithRSAEncryption
         bb:1e:61:9c:a7:1a:ea:62:a4:28:f6:a7:91:e6:4c:ef:91:26:
         2b:2f:7a:cd:d3:6f:6d:78:65:b2:41:24:e9:7b:d2:68:b6:4a:
         f3:dc:e4:32:a0:8f:73:d6:a9:5f:97:fb:1a:6b:d1:f5:ca:e4:
         62:e2:71:bf:60:e7:57:a2:f8:bd:05:83:41:17:9d:ab:2c:d5:
         04:de:cc:d4:e8:31:64:06:d5:47:d3:09:7c:8d:53:de:fa:4b:
         3a:60:aa:af:7b:e9:bb:37:08:54:51:6a:97:40:e8:23:da:fc:
         03:81:80:75:43:22:66:3d:8e:80:83:e8:e6:94:5e:cb:fd:cb:
         2d:14:8a:94:18:7a:28:95:77:98:36:47:6e:c5:8f:24:59:7d:
         dd:dd:29:d5:36:6a:31:b6:59:ce:cd:c5:7f:bb:d0:d0:07:ca:
         f7:52:f1:66:2b:31:47:5c:ac:a5:ec:51:b4:5e:7e:fc:22:d4:
         ca:d8:fe:d4:41:5c:0d:51:89:d7:f1:85:0d:f9:a5:e1:6f:76:
         7b:57:1b:a0:47:a9:1a:9f:ab:6b:63:15:6f:07:07:fe:8a:6e:
         9b:36:9a:81:b6:ac:e8:77:73:d6:cd:7d:98:d8:dc:1f:30:e8:
         86:2b:61:6d:c3:52:38:e8:30:fa:44:1f:14:29:2e:1f:3e:bc:
         82:77:0d:18
-----BEGIN CERTIFICATE-----
MIIExTCCA62gAwIBAgIUMdUUlS9N0bld9+4rQpxJkgA9yq0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMTIxNjA1MzRaFw0yNDEwMTAxNjEwMzRaMDMxMTAvBgNV
BAMTKEM3MEY1NzBFN0U5QzFCNDk5REE1QzYwMTRBMjFBMDlCREIzODlBQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm1iormsdXNpc0SobHv3pKGzwf
g8UxcISB2UzV4c7cNw/GeNDg9fc1x/T+Xq0xYkveuUaHCLORpUZI1QPCkuyeFDSm
Wk2ei+HBkHRqAyO+k9SN8wLngQut2SqZdMDdtU+lI/22FkYisSXFPwW6BtKF78si
dHj06LxaHg3ZTDJJLNVMt7QEAaP4sq+T2mNeYgaKtneRwUrWP+GvUkVxKS+kR0AU
MtlppsH+eQTuu8tOBGv7F8lgWU7QHD4MTTFISIavMPt0sUKZovVVlTmQzbGx0x2+
JHcqNaQcOiZgYW6XtlWfkhceKr+GnuCycpgIwd90K9I8bKgIeGjiFClRsBG9AgMB
AAGjggHPMIIByzAdBgNVHQ4EFgQUxw9XDn6cG0mdpcYBSiGgm9s4msIwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB2BggrBgEFBQcBCwRqMGgwZgYIKwYBBQUHMAuGWnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzA2MjNhMzIzNTM0MzAzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzNTM3MzgzNDM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgslQDANBgkqhkiG9w0B
AQsFAAOCAQEAux5hnKca6mKkKPankeZM75EmKy96zdNvbXhlskEk6XvSaLZK89zk
MqCPc9apX5f7GmvR9crkYuJxv2DnV6L4vQWDQRedqyzVBN7M1OgxZAbVR9MJfI1T
3vpLOmCqr3vpuzcIVFFql0DoI9r8A4GAdUMiZj2OgIPo5pRey/3LLRSKlBh6KJV3
mDZHbsWPJFl93d0p1TZqMbZZzs3Ff7vQ0AfK91LxZisxR1yspexRtF5+/CLUytj+
1EFcDVGJ1/GFDfml4W92e1cboEepGp+ra2MVbwcH/opumzaagbas6Hdz1s19mNjc
HzDohithbcNSOOgw+kQfFCkuHz68gncNGA==
-----END CERTIFICATE-----
Generated at Mon Jun 17 13:45:02 2024 by rpki-client on console-ams.rpki-client.org