Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e2033323134.roa
File:                     3138352e33372e3235322e302f32322d3234203d3e2033323134.roa (raw, json)
Hash identifier:          K2kGf3pURuZB0vF4L5PxX9ZDCnbpUchkT5OeO2GAKlg=
Subject key identifier:   9B:14:41:3E:C6:0C:1A:60:AA:44:AA:9A:04:AF:D3:C8:ED:1C:E6:02
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       3B2F4667356BEB42E7BA73A5143875DE8607CD55
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e2033323134.roa
Signing time:             Thu 12 Oct 2023 16:10:34 +0000
ROA not before:           Thu 12 Oct 2023 16:05:34 +0000
ROA not after:            Thu 10 Oct 2024 16:10:34 +0000
asID:                     3214
IP address blocks:        185.37.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:2f:46:67:35:6b:eb:42:e7:ba:73:a5:14:38:75:de:86:07:cd:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 12 16:05:34 2023 GMT
            Not After : Oct 10 16:10:34 2024 GMT
        Subject: CN=9B14413EC60C1A60AA44AA9A04AFD3C8ED1CE602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:26:10:fe:b1:99:a8:0b:70:5a:8d:72:77:bc:
                    e7:ba:0f:bc:33:e4:bc:8f:ba:64:bc:03:22:b9:7d:
                    0c:6a:bf:1e:46:cd:15:ae:c5:8c:ef:63:14:65:40:
                    01:6f:be:78:9e:56:c5:2a:c2:84:2a:5d:b2:a7:af:
                    eb:74:a1:27:89:f8:6d:da:30:01:2d:8d:f9:9e:f4:
                    1a:eb:bf:52:04:50:af:86:77:98:f9:13:e5:a6:8c:
                    d1:37:b9:3b:cc:0c:51:cd:27:69:3a:aa:59:fb:ce:
                    31:12:c2:fc:fa:45:b5:2e:b3:7d:73:c9:ef:33:4c:
                    d2:79:dd:75:b9:8d:fc:9a:63:1c:f0:99:cc:4d:27:
                    2b:08:d2:c6:3a:4f:59:d8:58:d3:2b:70:8e:c8:05:
                    0f:39:dc:c1:dc:aa:0c:68:d6:54:3b:fe:4d:f7:f1:
                    eb:2f:cc:c2:ae:26:e0:53:4a:bd:3a:d2:3f:c8:4f:
                    6c:5f:cb:36:ac:05:56:b4:50:0f:4a:d5:8c:c2:ec:
                    c0:54:dd:d0:68:3d:3e:2d:a6:a6:87:68:8a:63:6d:
                    68:f2:8e:e8:73:8d:6a:7a:c7:b9:4a:e2:a6:c4:77:
                    c4:35:1b:4a:4c:88:6b:f0:dd:33:e5:75:43:cb:bd:
                    86:96:7f:1d:1e:f0:d5:e8:dc:10:cc:22:3f:68:5b:
                    18:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:14:41:3E:C6:0C:1A:60:AA:44:AA:9A:04:AF:D3:C8:ED:1C:E6:02
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:e3:69:d1:43:b1:df:f8:0d:98:2f:a3:0d:4a:0a:9c:69:85:
         f7:0f:c1:44:d2:34:5c:3d:6e:ac:5d:f6:e5:c5:37:b1:fb:fb:
         e7:65:fa:1d:8e:78:e5:f0:4f:c4:8c:42:9b:d0:21:3f:30:14:
         bc:eb:5c:d9:4d:6c:3d:a1:f3:6a:f6:43:75:90:6e:bd:a4:83:
         2e:60:05:b4:c6:24:ca:d5:e3:46:78:f0:02:6a:0b:f0:8d:68:
         94:a8:89:7f:eb:cd:92:7c:bf:bb:76:60:ad:5a:eb:8f:b3:ea:
         47:16:da:b9:21:41:fe:f9:da:d2:62:a1:08:f6:79:1d:20:1f:
         c5:81:22:88:72:33:a1:95:15:a2:48:17:5b:02:e6:07:49:31:
         8f:a2:e5:67:e6:56:44:bf:fd:45:52:7c:46:c0:48:87:17:99:
         0d:3e:00:db:02:ab:61:40:e4:56:62:e0:de:bf:2b:35:6d:67:
         91:86:c8:12:ae:6d:78:05:16:22:c4:e5:32:0b:e2:5d:9d:cd:
         c1:f1:ae:02:d0:05:ff:e0:24:c0:ae:10:33:2d:ba:c0:15:e2:
         eb:dd:ed:f6:e0:76:ec:d6:70:8c:30:0f:d1:30:13:98:25:e2:
         40:63:af:59:34:9c:45:96:e5:5c:ee:91:48:73:cc:85:80:31:
         a1:ab:0b:2e
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUOy9GZzVr60LnunOlFDh13oYHzVUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMTIxNjA1MzRaFw0yNDEwMTAxNjEwMzRaMDMxMTAvBgNV
BAMTKDlCMTQ0MTNFQzYwQzFBNjBBQTQ0QUE5QTA0QUZEM0M4RUQxQ0U2MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD8JhD+sZmoC3BajXJ3vOe6D7wz
5LyPumS8AyK5fQxqvx5GzRWuxYzvYxRlQAFvvnieVsUqwoQqXbKnr+t0oSeJ+G3a
MAEtjfme9Brrv1IEUK+Gd5j5E+WmjNE3uTvMDFHNJ2k6qln7zjESwvz6RbUus31z
ye8zTNJ53XW5jfyaYxzwmcxNJysI0sY6T1nYWNMrcI7IBQ853MHcqgxo1lQ7/k33
8esvzMKuJuBTSr060j/IT2xfyzasBVa0UA9K1YzC7MBU3dBoPT4tpqaHaIpjbWjy
juhzjWp6x7lK4qbEd8Q1G0pMiGvw3TPldUPLvYaWfx0e8NXo3BDMIj9oWxh/AgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUmxRBPsYMGmCqRKqaBK/TyO0c5gIwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB2BggrBgEFBQcBCwRqMGgwZgYIKwYBBQUHMAuGWnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMTM4MzUyZTMzMzcyZTMyMzUzMjJlMzAyZjMyMzIy
ZDMyMzQyMDNkM2UyMDMzMzIzMTM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSX8MA0GCSqGSIb3DQEB
CwUAA4IBAQBZ42nRQ7Hf+A2YL6MNSgqcaYX3D8FE0jRcPW6sXfblxTex+/vnZfod
jnjl8E/EjEKb0CE/MBS861zZTWw9ofNq9kN1kG69pIMuYAW0xiTK1eNGePACagvw
jWiUqIl/682SfL+7dmCtWuuPs+pHFtq5IUH++drSYqEI9nkdIB/FgSKIcjOhlRWi
SBdbAuYHSTGPouVn5lZEv/1FUnxGwEiHF5kNPgDbAqthQORWYuDevys1bWeRhsgS
rm14BRYixOUyC+Jdnc3B8a4C0AX/4CTArhAzLbrAFeLr3e324Hbs1nCMMA/RMBOY
JeJAY69ZNJxFluVc7pFIc8yFgDGhqwsu
-----END CERTIFICATE-----