Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa
File:                     326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa (raw, json)
Hash identifier:          6RIJ+FummlllNKAkXQiAjBg3SRtIPtGWXG4E6NUYOLY=
Subject key identifier:   83:B2:85:E3:43:62:7E:83:C8:6C:C9:45:D4:BE:BD:33:EC:DD:CE:BB
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       199A594470256B7EFBA802CF66E96D0029489B87
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa
Signing time:             Mon 04 Dec 2023 07:05:08 +0000
ROA not before:           Mon 04 Dec 2023 07:00:08 +0000
ROA not after:            Mon 02 Dec 2024 07:05:08 +0000
asID:                     197730
IP address blocks:        2a0b:2542:800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:9a:59:44:70:25:6b:7e:fb:a8:02:cf:66:e9:6d:00:29:48:9b:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Dec  4 07:00:08 2023 GMT
            Not After : Dec  2 07:05:08 2024 GMT
        Subject: CN=83B285E343627E83C86CC945D4BEBD33ECDDCEBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:e3:e1:f1:5d:07:22:b9:de:1a:f3:b2:7c:6a:
                    0d:48:e6:32:e3:a7:db:06:82:6b:1b:f6:72:a2:2a:
                    ab:cf:60:21:a4:b4:64:b8:b9:d4:9e:5b:2d:eb:0b:
                    43:c0:bb:66:1b:23:d7:59:08:ed:bb:7d:a6:28:5c:
                    08:04:8d:8e:bf:c8:ea:aa:f3:98:27:d1:7a:e3:dd:
                    3c:1f:af:8e:31:1e:f5:99:48:99:6f:17:a0:6b:aa:
                    0e:ee:e7:8d:c5:19:33:7a:76:29:18:d0:04:37:fe:
                    37:02:61:08:f1:7a:cd:64:d2:6e:08:66:b0:76:33:
                    d5:cb:79:50:53:43:02:d8:c2:b5:47:51:b6:0b:fa:
                    41:a7:ea:3d:30:4d:50:3f:26:8e:81:3a:ad:43:d5:
                    d6:7c:98:89:9b:87:73:f8:ce:3d:01:28:43:f9:6b:
                    cb:eb:53:65:05:7b:7b:83:01:02:56:b7:cb:ca:85:
                    10:ea:d2:e8:99:34:c2:e9:62:53:00:96:64:d8:c1:
                    8f:2d:ee:07:b6:f9:6e:dd:53:2e:88:0f:9a:49:d9:
                    0b:59:7e:5c:b7:4a:80:df:a9:36:e4:39:4e:5b:b8:
                    e5:b9:7e:70:28:92:e6:8f:51:86:2a:d7:9c:4a:49:
                    8f:e7:27:2a:3a:28:dc:8a:15:55:9b:b2:62:43:00:
                    f6:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:B2:85:E3:43:62:7E:83:C8:6C:C9:45:D4:BE:BD:33:EC:DD:CE:BB
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         a8:ad:9a:2a:02:a1:17:90:37:7f:4b:a5:6a:78:67:80:1f:c4:
         05:46:08:b7:52:83:fd:4c:00:9c:1a:bc:d2:56:94:80:43:9b:
         07:81:6c:d2:a6:b1:fb:18:11:ec:77:1b:3c:8b:bb:24:34:7f:
         20:c5:df:b7:e8:b0:07:50:84:fc:bd:cb:fa:c3:42:37:82:1f:
         a5:a6:44:d2:cb:32:ad:e7:d4:72:a3:21:31:c4:d7:20:a4:c6:
         4a:95:20:c1:1e:8b:12:d3:fc:15:d3:46:f9:7a:fb:89:9a:9c:
         81:59:85:cf:88:20:83:2e:8f:ca:23:6d:a4:e2:9e:5a:c7:4c:
         c8:c5:d8:51:2a:f4:36:cc:bd:35:4b:77:89:2a:96:6f:a9:a1:
         1b:4c:b8:a2:34:af:2c:6a:12:fd:15:b2:2a:f3:2d:09:19:28:
         42:d4:e4:54:0f:bf:52:66:35:95:d1:6a:03:a5:8f:5f:71:b3:
         c3:f8:ba:79:32:14:74:8d:e7:0a:10:c6:58:b8:e8:05:ee:88:
         28:36:90:98:53:8a:03:01:9f:0b:97:07:51:7b:ac:2c:85:c9:
         05:d9:49:57:19:80:38:61:c0:45:bd:4b:e4:61:e8:2d:82:e6:
         e0:31:e5:47:c6:72:8d:4d:89:3b:5d:40:eb:d7:94:44:7f:04:
         af:4b:87:70
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUGZpZRHAla377qALPZultAClIm4cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEyMDQwNzAwMDhaFw0yNDEyMDIwNzA1MDhaMDMxMTAvBgNV
BAMTKDgzQjI4NUUzNDM2MjdFODNDODZDQzk0NUQ0QkVCRDMzRUNERENFQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX4+HxXQciud4a87J8ag1I5jLj
p9sGgmsb9nKiKqvPYCGktGS4udSeWy3rC0PAu2YbI9dZCO27faYoXAgEjY6/yOqq
85gn0Xrj3Twfr44xHvWZSJlvF6Brqg7u543FGTN6dikY0AQ3/jcCYQjxes1k0m4I
ZrB2M9XLeVBTQwLYwrVHUbYL+kGn6j0wTVA/Jo6BOq1D1dZ8mImbh3P4zj0BKEP5
a8vrU2UFe3uDAQJWt8vKhRDq0uiZNMLpYlMAlmTYwY8t7ge2+W7dUy6ID5pJ2QtZ
fly3SoDfqTbkOU5buOW5fnAokuaPUYYq15xKSY/nJyo6KNyKFVWbsmJDAPbpAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUg7KF40NifoPIbMlF1L69M+zdzrswHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzODMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMTM5MzczNzMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
CDANBgkqhkiG9w0BAQsFAAOCAQEAqK2aKgKhF5A3f0ulanhngB/EBUYIt1KD/UwA
nBq80laUgEObB4Fs0qax+xgR7HcbPIu7JDR/IMXft+iwB1CE/L3L+sNCN4IfpaZE
0ssyrefUcqMhMcTXIKTGSpUgwR6LEtP8FdNG+Xr7iZqcgVmFz4gggy6PyiNtpOKe
WsdMyMXYUSr0Nsy9NUt3iSqWb6mhG0y4ojSvLGoS/RWyKvMtCRkoQtTkVA+/UmY1
ldFqA6WPX3Gzw/i6eTIUdI3nChDGWLjoBe6IKDaQmFOKAwGfC5cHUXusLIXJBdlJ
VxmAOGHARb1L5GHoLYLm4DHlR8ZyjU2JO11A69eURH8Er0uHcA==
-----END CERTIFICATE-----