Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3630303a3a2f34302d3438203d3e20313937373330.roa
File:                     326130623a323534323a3630303a3a2f34302d3438203d3e20313937373330.roa (raw, json)
Hash identifier:          /TS+xVjdatYm4jqPQm3Vb7Qstw3xuSh631g1BBXYLl8=
Subject key identifier:   C7:ED:3A:D4:EE:3F:96:AE:EC:5C:7C:ED:BA:B3:9D:16:06:F4:60:43
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       6DAAA40BBE1C72765FB27C2664C6875E23818EAB
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3630303a3a2f34302d3438203d3e20313937373330.roa
Signing time:             Thu 28 Sep 2023 09:04:43 +0000
ROA not before:           Thu 28 Sep 2023 08:59:43 +0000
ROA not after:            Thu 26 Sep 2024 09:04:43 +0000
asID:                     197730
IP address blocks:        2a0b:2542:600::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:aa:a4:0b:be:1c:72:76:5f:b2:7c:26:64:c6:87:5e:23:81:8e:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Sep 28 08:59:43 2023 GMT
            Not After : Sep 26 09:04:43 2024 GMT
        Subject: CN=C7ED3AD4EE3F96AEEC5C7CEDBAB39D1606F46043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ff:32:a7:16:ba:58:ac:52:06:c0:f1:1f:1f:
                    08:e5:4c:49:1a:68:ce:83:f7:49:e5:0b:11:62:63:
                    d1:0d:81:09:09:93:0d:89:7e:fb:f4:8c:e6:9b:21:
                    b5:85:5a:8d:6b:fa:9e:92:cb:35:bb:3b:18:6c:df:
                    fb:36:4b:83:69:76:da:f1:67:3c:8e:11:b9:a9:62:
                    b4:da:1c:c0:de:15:96:ec:4e:80:34:75:35:05:31:
                    e1:c9:c8:42:ce:62:30:10:02:9a:e1:25:51:19:05:
                    57:8f:5c:0c:bf:0b:bd:a0:df:d6:b4:b1:3f:a3:da:
                    03:cf:ad:12:08:73:c7:c0:f8:5c:7b:76:7b:e8:a7:
                    a7:91:fd:55:6f:a5:2e:64:09:39:56:d4:7d:26:74:
                    b9:ed:f7:0c:ec:db:24:ee:04:05:d3:e1:1a:d2:ea:
                    1f:b6:3f:07:b1:82:0f:80:02:13:cf:77:e3:1d:fe:
                    a1:c8:4e:0d:9e:f1:1f:4e:17:ac:a2:55:ab:b7:e9:
                    6b:b1:8d:97:3f:10:9a:1f:b6:e9:20:fb:75:c2:49:
                    ff:e4:b6:09:89:e9:0b:dd:b2:3d:b7:19:05:6b:a3:
                    8c:82:0d:c6:dc:15:79:e3:10:f6:9f:7d:27:73:2e:
                    ca:ce:4f:22:89:7e:31:3b:4d:87:b0:fd:ef:96:72:
                    8f:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:ED:3A:D4:EE:3F:96:AE:EC:5C:7C:ED:BA:B3:9D:16:06:F4:60:43
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3630303a3a2f34302d3438203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         4f:f1:74:5e:d6:b4:b8:70:ea:a5:b6:36:6a:4a:1b:87:d7:fa:
         62:9a:48:7d:b6:ce:61:db:09:24:59:f8:e1:49:f1:d5:f9:4d:
         63:db:1f:d9:ed:c6:5c:1c:37:53:a1:c1:11:50:cd:80:3d:30:
         59:ac:61:f2:4a:f9:21:df:46:67:50:84:04:53:91:79:24:6e:
         e9:ef:de:42:ed:10:9b:02:65:aa:7d:6b:9b:54:f5:d0:3f:8a:
         75:13:d2:20:09:44:53:c1:57:2e:d6:20:81:33:d1:a1:92:b0:
         64:5e:04:66:35:22:e2:16:63:ff:df:d4:a4:9f:0b:df:93:78:
         98:3d:b7:74:15:34:7a:10:c3:d6:8c:21:c0:3c:e9:7b:9c:cc:
         95:27:f8:78:a2:c6:7f:42:3e:7e:4a:fa:9d:af:81:61:0f:4e:
         13:8b:70:56:c5:f3:f6:c0:97:86:72:84:c5:35:fa:29:22:fa:
         42:b7:86:b0:5c:a1:71:0b:62:c2:a4:3a:71:5b:36:f4:96:08:
         53:9a:d4:5c:2f:98:6d:f4:88:46:dc:5b:50:0e:74:f2:47:47:
         a7:cd:6d:99:8f:47:da:82:20:d0:5f:ac:b0:75:c3:70:2f:5d:
         80:b5:ba:1d:20:bf:f5:f7:fe:63:7c:c4:c7:3d:9a:e2:65:67:
         5b:cd:0a:4c
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUbaqkC74ccnZfsnwmZMaHXiOBjqswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzA5MjgwODU5NDNaFw0yNDA5MjYwOTA0NDNaMDMxMTAvBgNV
BAMTKEM3RUQzQUQ0RUUzRjk2QUVFQzVDN0NFREJBQjM5RDE2MDZGNDYwNDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN/zKnFrpYrFIGwPEfHwjlTEka
aM6D90nlCxFiY9ENgQkJkw2Jfvv0jOabIbWFWo1r+p6SyzW7Oxhs3/s2S4Npdtrx
ZzyOEbmpYrTaHMDeFZbsToA0dTUFMeHJyELOYjAQAprhJVEZBVePXAy/C72g39a0
sT+j2gPPrRIIc8fA+Fx7dnvop6eR/VVvpS5kCTlW1H0mdLnt9wzs2yTuBAXT4RrS
6h+2Pwexgg+AAhPPd+Md/qHITg2e8R9OF6yiVau36WuxjZc/EJoftukg+3XCSf/k
tgmJ6Qvdsj23GQVro4yCDcbcFXnjEPaffSdzLsrOTyKJfjE7TYew/e+Wco/7AgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUx+061O4/lq7sXHzturOdFgb0YEMwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzNjMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMTM5MzczNzMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
BjANBgkqhkiG9w0BAQsFAAOCAQEAT/F0Xta0uHDqpbY2akobh9f6YppIfbbOYdsJ
JFn44Unx1flNY9sf2e3GXBw3U6HBEVDNgD0wWaxh8kr5Id9GZ1CEBFOReSRu6e/e
Qu0QmwJlqn1rm1T10D+KdRPSIAlEU8FXLtYggTPRoZKwZF4EZjUi4hZj/9/UpJ8L
35N4mD23dBU0ehDD1owhwDzpe5zMlSf4eKLGf0I+fkr6na+BYQ9OE4twVsXz9sCX
hnKExTX6KSL6QreGsFyhcQtiwqQ6cVs29JYIU5rUXC+YbfSIRtxbUA508kdHp81t
mY9H2oIg0F+ssHXDcC9dgLW6HSC/9ff+Y3zExz2a4mVnW80KTA==
-----END CERTIFICATE-----