Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630323a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630323a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          AHVRH7Ey3ApQ7qA5XZbgmn7MVYFIUdKE7chP0NhxE2w=
Subject key identifier:   E2:62:7B:6D:43:5D:97:9E:43:D7:82:1B:DD:9E:E4:3F:8E:1A:74:B8
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       320BADD64BBAB68452A1E1C51CFAC4F34F9A7A7E
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630323a3a2f33322d3438203d3e2033323134.roa
Signing time:             Thu 12 Oct 2023 16:10:33 +0000
ROA not before:           Thu 12 Oct 2023 16:05:33 +0000
ROA not after:            Thu 10 Oct 2024 16:10:33 +0000
asID:                     3214
IP address blocks:        2a04:6f02::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:0b:ad:d6:4b:ba:b6:84:52:a1:e1:c5:1c:fa:c4:f3:4f:9a:7a:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 12 16:05:33 2023 GMT
            Not After : Oct 10 16:10:33 2024 GMT
        Subject: CN=E2627B6D435D979E43D7821BDD9EE43F8E1A74B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ba:e8:80:6c:7c:ab:5e:b6:cc:cf:85:6a:eb:
                    7a:4b:00:c3:73:64:b5:32:b1:16:2f:97:ee:97:cf:
                    cc:b4:ef:cb:b9:78:67:90:a0:84:c3:85:02:75:9e:
                    28:3f:88:78:35:a6:2e:3f:36:a3:98:b5:a7:8e:bb:
                    3c:36:34:bc:bd:59:0a:49:91:3b:75:5c:9c:90:af:
                    47:bd:93:7d:4d:99:f9:27:3b:6d:4a:b4:f8:ac:72:
                    87:cf:d0:94:dd:19:b4:92:6a:6e:0e:9d:c5:da:c7:
                    a8:e9:e3:a8:a3:77:fe:8b:f5:14:ed:8c:2d:28:02:
                    db:f1:5a:10:0b:c4:b1:e2:fe:c8:d3:5c:8e:c9:1d:
                    76:26:b5:a2:5e:f2:fb:30:78:de:3a:c3:01:06:b9:
                    cb:dd:c9:af:2c:e4:c5:4e:70:23:03:a7:33:fe:2f:
                    41:95:cd:93:8c:9a:b1:f1:27:5a:07:ba:95:34:b1:
                    92:c2:c4:d4:18:b1:64:11:39:81:ec:7a:39:d8:d7:
                    49:3b:8e:b3:37:2d:ec:71:08:62:1f:18:3c:d0:5b:
                    bd:c7:83:0c:80:ab:fe:1d:94:d2:6b:0d:e9:1c:11:
                    6a:29:93:29:f0:12:eb:4f:a5:81:fc:a5:d1:bd:5b:
                    4e:10:1a:ae:3c:1e:ce:32:22:1d:3a:62:8f:e6:70:
                    9e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:62:7B:6D:43:5D:97:9E:43:D7:82:1B:DD:9E:E4:3F:8E:1A:74:B8
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630323a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f02::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:bf:3d:68:1e:8a:2d:77:14:68:75:c3:c7:da:02:88:e7:f0:
         e0:c6:27:da:de:e0:e8:92:78:e2:59:06:bb:02:5b:2f:ef:c9:
         f3:60:8e:45:57:c6:ec:ef:22:9c:ed:c3:ee:52:22:c8:ff:c3:
         16:7b:1b:ed:39:9d:49:7a:54:49:8f:c9:87:74:f0:3f:52:d6:
         3e:90:e5:70:56:e7:19:c7:69:e6:b9:39:b8:50:60:a5:b2:d2:
         4b:7f:22:c2:a4:cb:ae:21:93:1e:20:c1:95:25:46:9a:e8:f4:
         e1:d1:b2:3c:78:9c:cf:cd:05:98:f8:c9:50:16:ee:3a:fb:a5:
         ed:f9:cc:22:44:57:d4:4e:02:71:81:bf:36:bb:0d:44:0d:4e:
         82:e7:5e:b4:4d:c8:67:86:33:2d:bf:ff:ce:a3:e1:e7:e0:2b:
         3c:40:34:9e:7e:c5:58:0a:fa:9e:3a:47:66:62:d2:e3:d0:47:
         a1:83:11:3f:29:b3:ac:3e:ae:68:36:db:df:16:84:2a:69:37:
         ce:85:a4:a3:f8:e3:39:ef:94:ec:eb:ad:4c:a5:06:b8:2c:85:
         22:37:30:5c:b9:05:bc:ea:4f:4b:8d:2c:86:ed:99:05:0f:cf:
         71:ff:8a:15:fc:d9:32:37:42:b7:0d:b8:12:ea:24:ec:6c:3f:
         d3:e6:95:49
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUMgut1ku6toRSoeHFHPrE80+aen4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMTIxNjA1MzNaFw0yNDEwMTAxNjEwMzNaMDMxMTAvBgNV
BAMTKEUyNjI3QjZENDM1RDk3OUU0M0Q3ODIxQkREOUVFNDNGOEUxQTc0QjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpuuiAbHyrXrbMz4Vq63pLAMNz
ZLUysRYvl+6Xz8y078u5eGeQoITDhQJ1nig/iHg1pi4/NqOYtaeOuzw2NLy9WQpJ
kTt1XJyQr0e9k31NmfknO21KtPiscofP0JTdGbSSam4OncXax6jp46ijd/6L9RTt
jC0oAtvxWhALxLHi/sjTXI7JHXYmtaJe8vsweN46wwEGucvdya8s5MVOcCMDpzP+
L0GVzZOMmrHxJ1oHupU0sZLCxNQYsWQROYHsejnY10k7jrM3LexxCGIfGDzQW73H
gwyAq/4dlNJrDekcEWopkynwEutPpYH8pdG9W04QGq48Hs4yIh06Yo/mcJ7/AgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQU4mJ7bUNdl55D14Ib3Z7kP44adLgwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzIzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwIwDQYJKoZIhvcNAQEL
BQADggEBAKa/PWgeii13FGh1w8faAojn8ODGJ9re4OiSeOJZBrsCWy/vyfNgjkVX
xuzvIpztw+5SIsj/wxZ7G+05nUl6VEmPyYd08D9S1j6Q5XBW5xnHaea5ObhQYKWy
0kt/IsKky64hkx4gwZUlRpro9OHRsjx4nM/NBZj4yVAW7jr7pe35zCJEV9ROAnGB
vza7DUQNToLnXrRNyGeGMy2//86j4efgKzxANJ5+xVgK+p46R2Zi0uPQR6GDET8p
s6w+rmg2298WhCppN86FpKP44znvlOzrrUylBrgshSI3MFy5BbzqT0uNLIbtmQUP
z3H/ihX82TI3QrcNuBLqJOxsP9PmlUk=
-----END CERTIFICATE-----