Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3234203d3e2038383838.roa
File:                     3138352e33372e3235352e302f32342d3234203d3e2038383838.roa (raw, json)
Hash identifier:          1sSYbctZQTsAtFkf68We9NYRTjJ8HTc93JioA0AE/NM=
Subject key identifier:   7E:07:C5:D0:83:39:DD:49:DF:74:46:0B:EF:5E:F0:EF:B6:0D:16:25
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       27612367B8220C4A9216AC179F667DCF77E9D5C4
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3234203d3e2038383838.roa
Signing time:             Sat 14 Sep 2024 01:22:28 +0000
ROA not before:           Sat 14 Sep 2024 01:17:28 +0000
ROA not after:            Sat 13 Sep 2025 01:22:28 +0000
asID:                     8888
IP address blocks:        185.37.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:61:23:67:b8:22:0c:4a:92:16:ac:17:9f:66:7d:cf:77:e9:d5:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Sep 14 01:17:28 2024 GMT
            Not After : Sep 13 01:22:28 2025 GMT
        Subject: CN=7E07C5D08339DD49DF74460BEF5EF0EFB60D1625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:10:09:a5:86:ff:a8:79:01:9b:2f:e0:36:a7:
                    d3:a7:a7:a4:3a:6d:6b:86:9c:81:b3:8c:76:99:8e:
                    91:d0:b4:e3:76:dc:68:87:56:24:8f:e0:38:3f:5e:
                    08:87:5b:f6:ee:77:ee:22:57:bc:8c:c3:1f:1f:28:
                    68:59:7c:55:e3:a6:5b:1b:09:04:c8:a0:1c:48:7c:
                    0d:f5:cc:c4:13:54:82:16:85:7c:3b:f2:45:e0:2d:
                    49:7e:9d:43:d5:09:f7:9a:fc:e5:b0:46:29:35:3d:
                    a6:98:38:b0:6f:35:50:f2:27:c3:9a:56:96:1f:83:
                    e0:74:f1:95:f6:69:25:4b:37:92:a3:e8:ff:29:c4:
                    33:dc:c2:03:09:f9:e0:54:49:34:c7:6f:6e:4a:ac:
                    cd:7f:60:f0:54:b8:2f:cf:3d:66:a7:ad:8c:92:67:
                    0b:ea:77:0d:a3:43:7b:b3:21:38:52:5a:0e:cc:e6:
                    d7:e2:3c:04:30:27:5f:dd:a6:67:d8:99:53:4f:52:
                    7f:1a:a7:ae:50:6e:e1:3c:a5:50:c6:d4:db:ec:01:
                    5e:3c:90:54:51:c9:43:80:ec:0c:b5:d9:4e:86:49:
                    32:2d:83:15:5a:f4:ad:a1:51:fd:c3:32:8c:57:82:
                    8e:4c:86:f0:0f:03:10:c4:5f:b2:77:f8:02:5d:ac:
                    ce:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:07:C5:D0:83:39:DD:49:DF:74:46:0B:EF:5E:F0:EF:B6:0D:16:25
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3234203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:d1:2d:d8:8a:ce:7c:4a:aa:8c:bf:b3:75:66:89:4a:91:c7:
         1c:48:67:af:1d:bd:0b:40:17:b4:b4:75:15:19:59:9e:39:4b:
         c9:4c:d0:72:86:af:0d:c3:14:4a:2f:c8:c6:db:12:67:a9:07:
         70:1b:4b:82:ed:65:31:db:a1:93:b4:3d:3a:34:23:ab:8a:14:
         37:58:3b:01:ce:0b:5a:5c:8f:44:bc:81:cc:75:87:a5:8b:dc:
         da:fa:f1:db:f5:a4:b4:d1:19:29:eb:12:d2:75:eb:fb:64:c4:
         d6:3a:c3:a9:97:50:1f:c5:bb:ba:6f:7b:1d:62:13:29:d1:a0:
         26:49:b1:35:92:35:62:01:8c:f2:0e:00:40:cb:3c:c6:aa:3d:
         b9:23:fd:bc:5e:81:a4:c8:94:01:3b:a1:10:3e:71:70:1f:60:
         55:b4:3e:be:3c:eb:bb:bb:1e:17:15:f8:45:4c:15:99:31:35:
         b0:56:a9:a6:46:5f:09:5e:7d:96:9d:32:71:8c:04:36:bd:ed:
         cf:39:9e:3d:1f:5f:99:30:5f:77:1b:77:5a:c1:92:14:7d:e8:
         76:80:0f:07:8a:54:85:cb:74:e7:20:35:80:e4:bc:f5:1c:4a:
         ed:b9:eb:65:df:a6:c8:39:d5:32:9a:89:80:f8:55:42:f2:d9:
         eb:5d:fb:eb
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUJ2EjZ7giDEqSFqwXn2Z9z3fp1cQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNDA5MTQwMTE3MjhaFw0yNTA5MTMwMTIyMjhaMDMxMTAvBgNV
BAMTKDdFMDdDNUQwODMzOURENDlERjc0NDYwQkVGNUVGMEVGQjYwRDE2MjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5EAmlhv+oeQGbL+A2p9Onp6Q6
bWuGnIGzjHaZjpHQtON23GiHViSP4Dg/XgiHW/bud+4iV7yMwx8fKGhZfFXjplsb
CQTIoBxIfA31zMQTVIIWhXw78kXgLUl+nUPVCfea/OWwRik1PaaYOLBvNVDyJ8Oa
VpYfg+B08ZX2aSVLN5Kj6P8pxDPcwgMJ+eBUSTTHb25KrM1/YPBUuC/PPWanrYyS
Zwvqdw2jQ3uzIThSWg7M5tfiPAQwJ1/dpmfYmVNPUn8ap65QbuE8pVDG1NvsAV48
kFRRyUOA7Ay12U6GSTItgxVa9K2hUf3DMoxXgo5MhvAPAxDEX7J3+AJdrM7LAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUfgfF0IM53UnfdEYL717w77YNFiUwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB2BggrBgEFBQcBCwRqMGgwZgYIKwYBBQUHMAuGWnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMTM4MzUyZTMzMzcyZTMyMzUzNTJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSX/MA0GCSqGSIb3DQEB
CwUAA4IBAQC30S3Yis58SqqMv7N1ZolKkcccSGevHb0LQBe0tHUVGVmeOUvJTNBy
hq8NwxRKL8jG2xJnqQdwG0uC7WUx26GTtD06NCOrihQ3WDsBzgtaXI9EvIHMdYel
i9za+vHb9aS00Rkp6xLSdev7ZMTWOsOpl1Afxbu6b3sdYhMp0aAmSbE1kjViAYzy
DgBAyzzGqj25I/28XoGkyJQBO6EQPnFwH2BVtD6+POu7ux4XFfhFTBWZMTWwVqmm
Rl8JXn2WnTJxjAQ2ve3POZ49H1+ZMF93G3dawZIUfeh2gA8HilSFy3TnIDWA5Lz1
HErtuetl36bIOdUymomA+FVC8tnrXfvr
-----END CERTIFICATE-----