Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630323a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630323a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          EG+gf6pxptR1s0mTsH21dZ3ZIG3E/FbLYwtMTLQTcLQ=
Subject key identifier:   28:30:2D:9D:71:60:E1:16:CE:09:18:62:6D:AA:0F:5B:66:4D:E7:CA
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       77FFB8D4C8F1676450D5833462B499FBB735AB4A
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630323a3a2f33322d3438203d3e2033323134.roa
Signing time:             Sat 14 Sep 2024 01:22:27 +0000
ROA not before:           Sat 14 Sep 2024 01:17:27 +0000
ROA not after:            Sat 13 Sep 2025 01:22:27 +0000
asID:                     3214
IP address blocks:        2a04:6f02::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:ff:b8:d4:c8:f1:67:64:50:d5:83:34:62:b4:99:fb:b7:35:ab:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Sep 14 01:17:27 2024 GMT
            Not After : Sep 13 01:22:27 2025 GMT
        Subject: CN=28302D9D7160E116CE0918626DAA0F5B664DE7CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f3:a3:2f:f8:64:a0:e1:58:0b:e6:77:40:79:
                    eb:df:86:03:31:ba:56:e1:ee:dc:cf:c9:c0:16:be:
                    38:cd:6e:1e:71:95:ea:28:a1:58:74:45:c0:40:9b:
                    f8:3e:19:64:22:7c:bd:86:d7:f0:5c:ee:46:f8:4f:
                    16:91:bd:78:55:a0:af:53:65:f8:3a:79:92:3f:27:
                    d9:88:e9:ac:fc:15:d8:b6:7a:c7:ae:04:0f:c3:9d:
                    62:ab:c7:45:4e:ac:c5:76:4c:a6:49:d7:0c:54:0d:
                    40:ed:0e:ca:b5:a0:80:66:4c:5d:73:45:60:e4:3a:
                    ff:db:fb:ac:f4:9e:56:0b:ff:47:6e:83:4c:72:6e:
                    b7:13:6a:99:05:01:8c:a1:86:bb:11:64:a6:39:80:
                    4b:17:ba:b4:b3:dc:51:a5:6b:2f:df:93:2e:15:95:
                    37:b7:8b:d4:b7:40:17:c0:83:e3:bc:ec:2e:f9:0d:
                    88:43:0c:1c:af:25:ef:b6:3c:86:03:15:4e:5a:eb:
                    a2:a1:62:c7:52:39:fa:54:85:42:bd:96:19:72:80:
                    3d:2c:14:f4:23:d6:f5:0a:17:fd:43:4d:e6:50:83:
                    c2:23:27:63:4f:92:ea:dd:af:e4:b3:07:73:1e:ba:
                    54:d0:f4:2e:b4:75:f3:0e:da:15:bf:18:3e:74:0d:
                    d3:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:30:2D:9D:71:60:E1:16:CE:09:18:62:6D:AA:0F:5B:66:4D:E7:CA
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630323a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f02::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:49:df:64:93:8f:5d:55:5f:c8:ab:75:b3:e0:c9:9e:84:42:
         6f:a7:11:7a:e6:b9:66:a1:a2:8d:28:9b:81:ae:7c:06:5e:5a:
         e3:c8:bd:6c:3a:34:fb:cc:f0:c6:e8:c2:e6:96:60:cf:9c:d2:
         d4:b3:4f:65:24:10:46:7f:c4:e3:e3:46:d7:36:18:97:2c:e1:
         15:cf:cc:ec:ee:7b:0d:0b:ed:65:7d:77:92:f5:34:05:1e:1a:
         6b:cd:a6:63:98:05:44:ac:07:79:b0:b3:a9:c8:8a:d1:8f:83:
         91:67:6e:96:b6:78:aa:60:c8:09:9c:3d:3d:56:5e:84:82:f2:
         61:ce:38:b4:bd:a7:64:7e:b8:07:7b:4f:bf:ec:c6:8c:93:7b:
         d0:9a:0d:d6:33:b7:79:fd:b3:0f:16:69:f4:1e:21:9d:fd:7d:
         5b:98:17:95:07:ed:30:cc:41:2d:e5:46:ca:f5:ed:01:6c:a6:
         98:8c:e4:8b:3a:12:3f:0a:ad:53:1a:80:2f:9e:c5:32:59:e3:
         cc:ed:28:e8:e8:76:09:9d:49:eb:95:49:a3:87:01:b8:67:3a:
         43:0c:4c:0e:2d:86:76:69:fe:f1:f9:db:c0:01:50:5f:d6:2d:
         3e:1e:28:f9:b0:7b:59:3a:d8:f3:41:d5:a0:a5:75:c3:cf:65:
         8a:a4:f4:99
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUd/+41MjxZ2RQ1YM0YrSZ+7c1q0owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNDA5MTQwMTE3MjdaFw0yNTA5MTMwMTIyMjdaMDMxMTAvBgNV
BAMTKDI4MzAyRDlENzE2MEUxMTZDRTA5MTg2MjZEQUEwRjVCNjY0REU3Q0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC886Mv+GSg4VgL5ndAeevfhgMx
ulbh7tzPycAWvjjNbh5xleoooVh0RcBAm/g+GWQifL2G1/Bc7kb4TxaRvXhVoK9T
Zfg6eZI/J9mI6az8Fdi2eseuBA/DnWKrx0VOrMV2TKZJ1wxUDUDtDsq1oIBmTF1z
RWDkOv/b+6z0nlYL/0dug0xybrcTapkFAYyhhrsRZKY5gEsXurSz3FGlay/fky4V
lTe3i9S3QBfAg+O87C75DYhDDByvJe+2PIYDFU5a66KhYsdSOfpUhUK9lhlygD0s
FPQj1vUKF/1DTeZQg8IjJ2NPkurdr+SzB3MeulTQ9C60dfMO2hW/GD50DdOBAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUKDAtnXFg4RbOCRhibaoPW2ZN58owHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzIzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwIwDQYJKoZIhvcNAQEL
BQADggEBAIJJ32STj11VX8irdbPgyZ6EQm+nEXrmuWahoo0om4GufAZeWuPIvWw6
NPvM8MbowuaWYM+c0tSzT2UkEEZ/xOPjRtc2GJcs4RXPzOzuew0L7WV9d5L1NAUe
GmvNpmOYBUSsB3mws6nIitGPg5Fnbpa2eKpgyAmcPT1WXoSC8mHOOLS9p2R+uAd7
T7/sxoyTe9CaDdYzt3n9sw8WafQeIZ39fVuYF5UH7TDMQS3lRsr17QFsppiM5Is6
Ej8KrVMagC+exTJZ48ztKOjodgmdSeuVSaOHAbhnOkMMTA4thnZp/vH528ABUF/W
LT4eKPmwe1k62PNB1aCldcPPZYqk9Jk=
-----END CERTIFICATE-----