Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3234203d3e2038383838.roa
File:                     3138352e33372e3235352e302f32342d3234203d3e2038383838.roa (raw, json)
Hash identifier:          vqvUQ2u63e8akivPMUERgU1A4YcSYZ17xUXZzfdPbps=
Subject key identifier:   4E:4C:64:B4:C8:A8:A6:0C:DB:B5:C0:A0:DD:4E:C5:8B:E2:2D:CD:15
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       1F603E2D10F82CEF12D852CB70968DF32A893EA4
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3234203d3e2038383838.roa
Signing time:             Thu 12 Oct 2023 16:10:34 +0000
ROA not before:           Thu 12 Oct 2023 16:05:34 +0000
ROA not after:            Thu 10 Oct 2024 16:10:34 +0000
asID:                     8888
IP address blocks:        185.37.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:60:3e:2d:10:f8:2c:ef:12:d8:52:cb:70:96:8d:f3:2a:89:3e:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 12 16:05:34 2023 GMT
            Not After : Oct 10 16:10:34 2024 GMT
        Subject: CN=4E4C64B4C8A8A60CDBB5C0A0DD4EC58BE22DCD15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:2a:21:6e:b5:07:6e:d5:d7:e1:0c:5a:6b:1b:
                    92:84:c3:12:90:bc:c8:c4:f1:06:cb:1a:27:8e:4b:
                    c1:fd:86:8b:d7:9d:03:05:54:ec:2d:d2:a4:00:c8:
                    3c:38:c4:e6:54:fb:cc:c9:b1:91:14:16:8c:df:e3:
                    35:5c:2c:8d:43:bf:7d:11:53:31:9c:d4:82:d2:47:
                    7a:bc:85:eb:30:47:ff:a4:50:2f:1f:8b:fd:f9:f1:
                    c9:0e:52:88:c6:35:b3:e0:08:93:1b:6c:8b:f7:eb:
                    1b:22:89:c0:70:4e:ef:22:9d:95:d3:96:10:48:df:
                    6d:a2:b6:2d:ca:34:4e:49:59:83:50:35:78:d9:7c:
                    37:5e:e3:4f:5b:92:bb:e2:ff:0b:36:c8:65:0d:04:
                    a8:fa:92:5c:3d:93:82:b0:2a:b7:ad:7c:69:1a:16:
                    70:7d:61:cf:3c:ce:ec:be:bb:4a:2d:76:4d:20:d6:
                    cc:be:8f:e1:6e:47:3d:fb:41:5c:d1:b8:c9:c8:fa:
                    8e:1a:8c:b9:6d:08:62:06:53:5c:1c:d7:ce:bb:a6:
                    8c:78:24:3c:37:c5:a0:46:85:73:51:d3:22:9a:49:
                    ee:e7:80:3b:d1:2d:b9:6d:fc:1e:b2:a0:1e:ae:54:
                    ea:ac:e9:3c:2f:f7:64:78:2b:5e:7d:5a:2b:6c:49:
                    38:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:4C:64:B4:C8:A8:A6:0C:DB:B5:C0:A0:DD:4E:C5:8B:E2:2D:CD:15
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3234203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:11:14:50:80:2e:dd:b6:73:ac:6d:26:d1:16:5f:0d:19:72:
         2e:50:b1:6b:69:a7:a0:31:78:e3:7d:a4:d7:05:62:e7:61:50:
         f8:d6:d1:ae:39:e4:96:c5:64:0e:0c:70:90:b9:25:af:8e:b1:
         c7:02:8d:3d:75:8e:0f:75:6e:d8:af:2f:35:36:59:fa:fd:ed:
         bc:2c:1a:03:8b:63:82:b0:85:ce:c3:6c:91:e2:0b:5a:85:0e:
         fa:b3:56:b5:88:74:13:79:83:27:a6:68:1d:2c:f8:e3:08:cd:
         5d:c2:0e:45:2b:a4:0b:20:27:90:07:3e:13:e2:59:9f:83:be:
         6d:7a:6d:76:cd:64:69:fe:8f:1d:44:37:78:80:54:bb:dd:2f:
         fc:13:eb:50:9c:06:fe:61:5f:ab:96:87:95:67:bd:2d:5b:d8:
         be:64:2d:46:79:54:b4:42:be:e7:b8:fa:84:21:3f:49:ea:58:
         0a:32:74:a0:63:8d:ef:df:04:3e:e7:41:5a:a6:1b:c7:83:6e:
         71:7f:44:1b:56:c6:21:63:5b:6f:05:6f:2b:a7:a0:53:7d:46:
         0a:c8:b7:af:aa:5f:50:9d:2c:92:71:7e:7c:27:0c:87:ba:3a:
         59:b1:82:48:ae:d0:07:a5:c7:13:19:2b:ac:01:ee:01:e5:1a:
         8c:bd:d5:ef
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUH2A+LRD4LO8S2FLLcJaN8yqJPqQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMTIxNjA1MzRaFw0yNDEwMTAxNjEwMzRaMDMxMTAvBgNV
BAMTKDRFNEM2NEI0QzhBOEE2MENEQkI1QzBBMERENEVDNThCRTIyRENEMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYKiFutQdu1dfhDFprG5KEwxKQ
vMjE8QbLGieOS8H9hovXnQMFVOwt0qQAyDw4xOZU+8zJsZEUFozf4zVcLI1Dv30R
UzGc1ILSR3q8heswR/+kUC8fi/358ckOUojGNbPgCJMbbIv36xsiicBwTu8inZXT
lhBI322iti3KNE5JWYNQNXjZfDde409bkrvi/ws2yGUNBKj6klw9k4KwKretfGka
FnB9Yc88zuy+u0otdk0g1sy+j+FuRz37QVzRuMnI+o4ajLltCGIGU1wc1867pox4
JDw3xaBGhXNR0yKaSe7ngDvRLblt/B6yoB6uVOqs6Twv92R4K159WitsSThFAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUTkxktMiopgzbtcCg3U7Fi+ItzRUwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB2BggrBgEFBQcBCwRqMGgwZgYIKwYBBQUHMAuGWnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMTM4MzUyZTMzMzcyZTMyMzUzNTJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSX/MA0GCSqGSIb3DQEB
CwUAA4IBAQCbERRQgC7dtnOsbSbRFl8NGXIuULFraaegMXjjfaTXBWLnYVD41tGu
OeSWxWQODHCQuSWvjrHHAo09dY4PdW7Yry81Nln6/e28LBoDi2OCsIXOw2yR4gta
hQ76s1a1iHQTeYMnpmgdLPjjCM1dwg5FK6QLICeQBz4T4lmfg75tem12zWRp/o8d
RDd4gFS73S/8E+tQnAb+YV+rloeVZ70tW9i+ZC1GeVS0Qr7nuPqEIT9J6lgKMnSg
Y43v3wQ+50FaphvHg25xf0QbVsYhY1tvBW8rp6BTfUYKyLevql9QnSyScX58JwyH
ujpZsYJIrtAHpccTGSusAe4B5RqMvdXv
-----END CERTIFICATE-----