Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa
File:                     326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa (raw, json)
Hash identifier:          IufHCjKtyY/IAaaD+YVfr6iCNOwSGI9NImYb0KRs7Ts=
Subject key identifier:   54:20:84:3F:20:2B:DA:51:C6:19:19:16:0C:71:5D:35:70:26:90:AA
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       7D846CBDB0CD3D95840DEC91CA13A81F835CCC7C
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa
Signing time:             Fri 20 Oct 2023 23:57:35 +0000
ROA not before:           Fri 20 Oct 2023 23:52:35 +0000
ROA not after:            Fri 18 Oct 2024 23:57:35 +0000
asID:                     197730
IP address blocks:        2a0b:2542:700::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:84:6c:bd:b0:cd:3d:95:84:0d:ec:91:ca:13:a8:1f:83:5c:cc:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 20 23:52:35 2023 GMT
            Not After : Oct 18 23:57:35 2024 GMT
        Subject: CN=5420843F202BDA51C61919160C715D35702690AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ec:72:ca:ec:07:fe:20:8c:82:ac:e3:e7:5d:
                    bd:66:b1:95:d5:47:28:58:99:d3:ec:11:67:b7:5d:
                    93:b5:74:2c:59:c8:45:e1:17:d1:49:08:de:bc:a5:
                    c6:a3:f7:9a:bb:2f:b0:f6:4e:1e:a9:71:03:ec:5e:
                    38:5c:36:59:38:26:2d:e6:15:33:9f:32:7e:05:07:
                    6d:8c:fa:4b:3c:aa:64:51:72:71:4e:07:37:6e:31:
                    08:c9:52:81:3c:20:f2:ee:e1:fc:69:d2:ca:04:f9:
                    1e:fe:e0:f5:0c:d6:38:70:10:64:eb:33:fc:81:72:
                    25:46:10:3a:d7:88:9c:e5:de:99:d3:1e:ab:1c:54:
                    c2:f0:b4:15:ac:75:5a:bc:f0:ab:3a:96:9c:48:68:
                    c9:a2:f9:70:64:46:3a:b5:38:b6:29:a3:4f:46:f2:
                    8a:a5:f1:e4:f0:b7:57:31:00:53:c4:8c:93:79:69:
                    e7:03:99:5f:4b:c7:42:1b:27:76:f4:70:db:01:64:
                    11:ca:03:56:75:85:df:03:61:1b:95:3a:31:31:98:
                    c9:16:ce:50:f4:62:8e:e2:3d:6f:80:3c:20:4d:3e:
                    08:57:71:31:35:30:36:1d:50:b1:3b:fd:fd:63:59:
                    28:69:82:19:66:f9:b6:be:a1:a7:00:be:3a:13:05:
                    14:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:20:84:3F:20:2B:DA:51:C6:19:19:16:0C:71:5D:35:70:26:90:AA
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         b2:ef:ec:cd:55:ff:fe:b2:05:ca:60:a6:06:96:dd:d2:9b:2b:
         92:f5:0d:94:00:d5:69:89:fd:db:dd:67:9b:e7:05:75:ac:72:
         d0:af:90:85:62:a1:48:42:ec:f4:81:d8:60:e2:e5:d6:72:58:
         2d:31:12:75:18:45:93:ee:99:ad:87:df:c2:e5:31:61:db:39:
         0e:eb:b7:c6:61:2d:81:8b:7c:ec:39:2d:85:95:58:aa:fc:92:
         d9:46:db:f6:09:f6:c5:dc:11:82:6f:22:cc:cc:72:74:d5:d5:
         0d:a6:15:15:f4:3e:0f:75:d8:12:b0:a5:91:15:da:24:fb:cd:
         30:e0:d4:aa:fa:3a:7f:38:b0:24:d8:1b:3b:79:e0:4e:fd:bb:
         dd:82:41:c2:eb:18:37:ec:49:c4:2b:83:f5:46:f2:fa:81:6d:
         36:27:bf:80:d7:42:d3:81:46:9e:6b:b9:4d:f6:79:eb:56:76:
         1d:80:63:40:35:b7:1b:bb:a1:b3:46:da:61:c6:62:9e:13:88:
         60:e6:eb:7f:a9:65:91:a3:94:05:9a:0b:b9:c1:af:05:7c:9b:
         bb:fa:ff:2c:81:ff:16:13:f3:71:de:00:15:81:cc:54:3d:5f:
         3c:47:79:5e:68:9e:c6:02:71:cd:f8:eb:7c:c7:5e:86:6a:fa:
         b9:8f:63:a0
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUfYRsvbDNPZWEDeyRyhOoH4NczHwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMjAyMzUyMzVaFw0yNDEwMTgyMzU3MzVaMDMxMTAvBgNV
BAMTKDU0MjA4NDNGMjAyQkRBNTFDNjE5MTkxNjBDNzE1RDM1NzAyNjkwQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC17HLK7Af+IIyCrOPnXb1msZXV
RyhYmdPsEWe3XZO1dCxZyEXhF9FJCN68pcaj95q7L7D2Th6pcQPsXjhcNlk4Ji3m
FTOfMn4FB22M+ks8qmRRcnFOBzduMQjJUoE8IPLu4fxp0soE+R7+4PUM1jhwEGTr
M/yBciVGEDrXiJzl3pnTHqscVMLwtBWsdVq88Ks6lpxIaMmi+XBkRjq1OLYpo09G
8oql8eTwt1cxAFPEjJN5aecDmV9Lx0IbJ3b0cNsBZBHKA1Z1hd8DYRuVOjExmMkW
zlD0Yo7iPW+APCBNPghXcTE1MDYdULE7/f1jWShpghlm+ba+oacAvjoTBRTdAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUVCCEPyAr2lHGGRkWDHFdNXAmkKowHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzNzMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMTM5MzczNzMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
BzANBgkqhkiG9w0BAQsFAAOCAQEAsu/szVX//rIFymCmBpbd0psrkvUNlADVaYn9
291nm+cFdaxy0K+QhWKhSELs9IHYYOLl1nJYLTESdRhFk+6ZrYffwuUxYds5Duu3
xmEtgYt87DkthZVYqvyS2Ubb9gn2xdwRgm8izMxydNXVDaYVFfQ+D3XYErClkRXa
JPvNMODUqvo6fziwJNgbO3ngTv273YJBwusYN+xJxCuD9Uby+oFtNie/gNdC04FG
nmu5TfZ561Z2HYBjQDW3G7uhs0baYcZinhOIYObrf6llkaOUBZoLucGvBXybu/r/
LIH/FhPzcd4AFYHMVD1fPEd5XmiexgJxzfjrfMdehmr6uY9joA==
-----END CERTIFICATE-----