Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa
File:                     326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa (raw, json)
Hash identifier:          yayr80b2pVGm37gfY6eM4OxfsNk5hocxIMW2ZgHjO0E=
Subject key identifier:   A0:27:46:18:8D:49:30:A7:EE:11:6B:56:BE:EE:B2:12:85:E2:90:6E
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       5C42B2CC270635456A3207B6CB43E2974DFDEC7A
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa
Signing time:             Tue 12 Mar 2024 15:09:23 +0000
ROA not before:           Tue 12 Mar 2024 15:04:23 +0000
ROA not after:            Tue 11 Mar 2025 15:09:23 +0000
asID:                     8229
IP address blocks:        2a0b:2542:900::/40 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:42:b2:cc:27:06:35:45:6a:32:07:b6:cb:43:e2:97:4d:fd:ec:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Mar 12 15:04:23 2024 GMT
            Not After : Mar 11 15:09:23 2025 GMT
        Subject: CN=A02746188D4930A7EE116B56BEEEB21285E2906E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:5f:b4:81:68:dc:22:e0:85:6c:00:34:5f:e6:
                    77:4d:e6:f5:6b:d8:92:5e:4f:5e:20:41:30:2c:0a:
                    ad:18:48:cb:5a:72:dc:e1:58:40:96:80:44:38:3c:
                    c8:cf:f1:cf:85:e2:8e:6d:51:53:a5:8c:45:7d:4b:
                    fa:db:c4:f9:f9:4a:d7:d0:ad:a6:a3:89:ab:0d:45:
                    4b:ff:26:27:7b:70:e0:e4:5d:c6:b2:44:67:45:99:
                    0e:f1:f8:44:c5:37:0c:66:4d:1f:9a:24:03:71:71:
                    86:a9:4f:96:e4:82:02:20:9d:25:e7:7f:70:67:37:
                    e7:d3:b9:a1:23:2c:89:fa:45:b3:8b:3e:97:69:2e:
                    54:b7:d1:29:04:73:42:7c:7a:f6:2e:06:2c:05:a2:
                    1b:ec:3f:78:b3:e0:0d:4c:aa:ce:b2:57:15:03:61:
                    3b:b5:09:07:93:69:f3:07:ef:83:da:96:eb:a5:6d:
                    b1:bd:89:82:63:5a:cf:ec:fe:b1:8b:38:db:e8:38:
                    2e:d5:3b:1f:31:66:ba:6e:a4:6c:87:b5:6e:89:32:
                    85:42:bc:c9:51:63:de:06:4d:44:32:b9:77:f6:a1:
                    99:35:cb:5e:89:05:de:c9:86:b5:1d:ec:4a:87:9b:
                    a6:ff:10:ec:94:4c:dd:d4:c2:4f:3d:52:49:cb:ea:
                    8b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:27:46:18:8D:49:30:A7:EE:11:6B:56:BE:EE:B2:12:85:E2:90:6E
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:900::/40

    Signature Algorithm: sha256WithRSAEncryption
         5e:92:f4:ff:83:7b:c2:c5:b5:bc:35:fc:b1:d8:f7:94:f5:bc:
         61:01:bb:dc:c4:27:91:c5:34:9f:2f:f3:a9:dc:0e:16:d6:c0:
         93:47:af:bd:70:27:cb:d9:ce:9e:5d:fe:95:85:b8:bf:12:de:
         91:b6:6e:15:00:12:57:d3:83:43:fa:80:92:02:3a:c0:78:e7:
         44:ef:5b:06:c8:f8:86:94:6f:62:9e:bf:cf:ea:1f:93:68:3e:
         3d:82:c0:3b:46:7a:d4:e9:2a:89:7c:ff:ec:e5:c6:26:32:a0:
         89:7e:a5:f8:cf:1a:e5:77:36:24:00:8d:3f:77:54:4f:95:73:
         fb:14:05:8d:d4:b9:02:bb:c8:5f:a0:7f:cb:25:4f:50:fc:4b:
         90:a1:08:97:9b:70:2c:12:72:84:b5:07:ad:6e:50:c0:94:d0:
         c3:e1:f2:e0:f5:04:d6:64:9e:f4:a2:79:d2:98:dc:a7:f4:30:
         2e:85:8a:16:cf:90:6b:ec:c4:88:7a:38:dd:f5:20:e4:df:36:
         29:e6:b0:d4:04:90:24:5f:7b:7a:35:d4:26:f9:c6:33:39:bf:
         61:64:8d:c1:b1:02:ea:54:f7:50:c2:fb:57:ee:80:98:55:ee:
         fd:31:05:59:ac:5c:5a:d8:d0:a0:93:37:f1:33:5e:ee:a6:08:
         5e:fc:a8:e7
-----BEGIN CERTIFICATE-----
MIIEzjCCA7agAwIBAgIUXEKyzCcGNUVqMge2y0Pil0397HowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNDAzMTIxNTA0MjNaFw0yNTAzMTExNTA5MjNaMDMxMTAvBgNV
BAMTKEEwMjc0NjE4OEQ0OTMwQTdFRTExNkI1NkJFRUVCMjEyODVFMjkwNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbX7SBaNwi4IVsADRf5ndN5vVr
2JJeT14gQTAsCq0YSMtactzhWECWgEQ4PMjP8c+F4o5tUVOljEV9S/rbxPn5StfQ
raajiasNRUv/Jid7cODkXcayRGdFmQ7x+ETFNwxmTR+aJANxcYapT5bkggIgnSXn
f3BnN+fTuaEjLIn6RbOLPpdpLlS30SkEc0J8evYuBiwFohvsP3iz4A1Mqs6yVxUD
YTu1CQeTafMH74PaluulbbG9iYJjWs/s/rGLONvoOC7VOx8xZrpupGyHtW6JMoVC
vMlRY94GTUQyuXf2oZk1y16JBd7JhrUd7EqHm6b/EOyUTN3Uwk89UknL6ovZAgMB
AAGjggHYMIIB1DAdBgNVHQ4EFgQUoCdGGI1JMKfuEWtWvu6yEoXikG4wHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB+BggrBgEFBQcBCwRyMHAwbgYIKwYBBQUHMAuGYnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzA2MjNhMzIzNTM0MzIzYTM5MzAzMDNhM2Ey
ZjM0MzAyZDMxMzIzODIwM2QzZTIwMzgzMjMyMzkucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVCCTAN
BgkqhkiG9w0BAQsFAAOCAQEAXpL0/4N7wsW1vDX8sdj3lPW8YQG73MQnkcU0ny/z
qdwOFtbAk0evvXAny9nOnl3+lYW4vxLekbZuFQASV9ODQ/qAkgI6wHjnRO9bBsj4
hpRvYp6/z+ofk2g+PYLAO0Z61OkqiXz/7OXGJjKgiX6l+M8a5Xc2JACNP3dUT5Vz
+xQFjdS5ArvIX6B/yyVPUPxLkKEIl5twLBJyhLUHrW5QwJTQw+Hy4PUE1mSe9KJ5
0pjcp/QwLoWKFs+Qa+zEiHo43fUg5N82Keaw1ASQJF97ejXUJvnGMzm/YWSNwbEC
6lT3UML7V+6AmFXu/TEFWaxcWtjQoJM38TNe7qYIXvyo5w==
-----END CERTIFICATE-----