Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa
File:                     326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa (raw, json)
Hash identifier:          SZJLz0j/jbKX96lW4L7mkLyksXLsFVWjP8hE7OePkGw=
Subject key identifier:   4B:2D:DC:F4:D6:65:27:56:55:A2:52:0F:CA:CC:5B:F1:79:2F:E3:A3
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       2AB813BD7805F42894233BC045540E8EEA841EAF
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa
Signing time:             Tue 11 Feb 2025 15:30:54 +0000
ROA not before:           Tue 11 Feb 2025 15:25:54 +0000
ROA not after:            Tue 10 Feb 2026 15:30:54 +0000
asID:                     8229
IP address blocks:        2a0b:2542:900::/40 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 08:48:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:b8:13:bd:78:05:f4:28:94:23:3b:c0:45:54:0e:8e:ea:84:1e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Feb 11 15:25:54 2025 GMT
            Not After : Feb 10 15:30:54 2026 GMT
        Subject: CN=4B2DDCF4D665275655A2520FCACC5BF1792FE3A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fd:5d:6c:c4:d3:73:73:ae:6a:0b:57:99:dc:
                    41:58:46:da:b1:e2:c7:7c:34:03:81:75:19:03:f1:
                    cc:43:19:fd:8e:7c:ed:7b:f1:97:7b:88:ef:d0:e7:
                    ba:91:1a:03:78:b1:0a:6d:02:85:3d:fd:dc:30:20:
                    54:9a:7f:01:16:f6:bc:74:cf:80:ea:53:38:5d:3f:
                    2b:ff:09:cb:49:ad:44:0d:eb:75:4c:80:41:0b:78:
                    77:bc:26:5e:c1:34:75:43:50:93:b0:6a:66:22:d4:
                    30:d2:cc:00:21:b8:1d:a1:b6:07:2b:c0:ae:92:87:
                    4e:9d:42:a9:15:e0:dd:5b:7f:0e:6b:89:0f:4e:c5:
                    45:8c:87:9a:6b:11:b4:6e:89:c2:8f:33:4b:20:94:
                    93:92:7e:29:fe:83:c6:58:13:1e:39:a2:1a:3a:c3:
                    32:55:55:87:20:68:a2:ca:db:41:0a:0f:db:f7:1e:
                    53:a7:97:64:fd:a6:2c:f4:f0:bb:39:7a:e0:c1:f9:
                    c1:02:41:18:ce:d6:ac:ab:f2:a2:08:fc:68:dd:24:
                    68:2e:14:80:5b:10:16:38:1f:15:b0:af:06:a8:c7:
                    6c:d8:17:a0:84:54:97:b3:d7:0d:a2:3b:3e:9f:20:
                    34:9a:a8:56:cb:d2:ec:b5:85:cc:26:5d:da:2f:d9:
                    4d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:2D:DC:F4:D6:65:27:56:55:A2:52:0F:CA:CC:5B:F1:79:2F:E3:A3
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3930303a3a2f34302d313238203d3e2038323239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:900::/40

    Signature Algorithm: sha256WithRSAEncryption
         4d:85:b4:cc:77:c6:70:fe:82:ec:99:3c:cc:75:4e:1d:fa:b6:
         6e:0e:a1:4e:0b:56:9e:33:8f:15:83:ea:7e:6e:95:33:14:62:
         e0:fd:af:5e:9e:6b:0c:b0:38:39:3a:db:ec:ad:a7:bc:4e:14:
         9a:b8:8e:e8:27:54:f4:1c:51:8b:0e:40:88:83:a8:37:37:9c:
         3e:40:9c:76:b6:53:38:2c:a7:8c:89:2d:6b:4c:69:b3:a0:cd:
         7c:60:d8:ee:69:35:76:a7:0b:24:a2:35:8c:55:3b:d5:84:53:
         32:31:66:92:25:4b:8f:0a:21:4b:62:bb:8f:65:26:43:eb:37:
         16:8b:f1:3b:ba:6c:c2:14:3e:92:11:7a:4d:21:3c:21:68:0e:
         a3:74:33:20:f7:bc:82:01:27:7c:a6:5d:41:6d:b0:bc:41:cf:
         21:30:1a:be:48:6e:d9:43:7b:01:8c:4b:a3:b5:60:4d:a6:98:
         ee:86:ba:28:41:db:ae:f5:34:ee:af:a5:4e:00:38:cf:22:cc:
         07:3d:5e:5f:b4:f5:76:1d:75:b1:1f:5d:dd:13:7b:76:9d:4b:
         b0:b1:f7:9a:3d:64:d6:f5:73:c1:59:2b:f6:53:20:42:c5:5a:
         46:d2:42:82:13:1e:46:a3:fa:84:2f:b8:ad:02:23:54:74:27:
         3a:c8:23:a8
-----BEGIN CERTIFICATE-----
MIIEzjCCA7agAwIBAgIUKrgTvXgF9CiUIzvARVQOjuqEHq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTAyMTExNTI1NTRaFw0yNjAyMTAxNTMwNTRaMDMxMTAvBgNV
BAMTKDRCMkREQ0Y0RDY2NTI3NTY1NUEyNTIwRkNBQ0M1QkYxNzkyRkUzQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD/V1sxNNzc65qC1eZ3EFYRtqx
4sd8NAOBdRkD8cxDGf2OfO178Zd7iO/Q57qRGgN4sQptAoU9/dwwIFSafwEW9rx0
z4DqUzhdPyv/CctJrUQN63VMgEELeHe8Jl7BNHVDUJOwamYi1DDSzAAhuB2htgcr
wK6Sh06dQqkV4N1bfw5riQ9OxUWMh5prEbRuicKPM0sglJOSfin+g8ZYEx45oho6
wzJVVYcgaKLK20EKD9v3HlOnl2T9piz08Ls5euDB+cECQRjO1qyr8qII/GjdJGgu
FIBbEBY4HxWwrwaox2zYF6CEVJez1w2iOz6fIDSaqFbL0uy1hcwmXdov2U15AgMB
AAGjggHYMIIB1DAdBgNVHQ4EFgQUSy3c9NZlJ1ZVolIPysxb8Xkv46MwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB+BggrBgEFBQcBCwRyMHAwbgYIKwYBBQUHMAuGYnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzA2MjNhMzIzNTM0MzIzYTM5MzAzMDNhM2Ey
ZjM0MzAyZDMxMzIzODIwM2QzZTIwMzgzMjMyMzkucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVCCTAN
BgkqhkiG9w0BAQsFAAOCAQEATYW0zHfGcP6C7Jk8zHVOHfq2bg6hTgtWnjOPFYPq
fm6VMxRi4P2vXp5rDLA4OTrb7K2nvE4UmriO6CdU9BxRiw5AiIOoNzecPkCcdrZT
OCynjIkta0xps6DNfGDY7mk1dqcLJKI1jFU71YRTMjFmkiVLjwohS2K7j2UmQ+s3
FovxO7pswhQ+khF6TSE8IWgOo3QzIPe8ggEnfKZdQW2wvEHPITAavkhu2UN7AYxL
o7VgTaaY7oa6KEHbrvU07q+lTgA4zyLMBz1eX7T1dh11sR9d3RN7dp1LsLH3mj1k
1vVzwVkr9lMgQsVaRtJCghMeRqP6hC+4rQIjVHQnOsgjqA==
-----END CERTIFICATE-----