Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630333a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630333a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          Nw7dC8Chnn+cXKgdr1DMICPmyQRHPxe+Al0fzoaMSIw=
Subject key identifier:   33:0D:08:C6:46:2E:65:F0:4E:31:0F:98:20:60:8D:BC:B9:9E:91:62
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       785C0C120ACA81F05A4492909D25821499F18736
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630333a3a2f33322d3438203d3e2033323134.roa
Signing time:             Thu 12 Oct 2023 16:10:34 +0000
ROA not before:           Thu 12 Oct 2023 16:05:34 +0000
ROA not after:            Thu 10 Oct 2024 16:10:34 +0000
asID:                     3214
IP address blocks:        2a04:6f03::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:5c:0c:12:0a:ca:81:f0:5a:44:92:90:9d:25:82:14:99:f1:87:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 12 16:05:34 2023 GMT
            Not After : Oct 10 16:10:34 2024 GMT
        Subject: CN=330D08C6462E65F04E310F9820608DBCB99E9162
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:39:65:3c:e9:57:d0:60:0d:e0:ee:c4:e1:4f:
                    e2:c0:76:4f:39:43:a8:c7:5d:b4:1b:c9:be:f0:48:
                    39:f0:8e:b6:5a:1f:40:7a:4d:ef:e0:1f:0a:24:2f:
                    c9:24:43:97:0a:d9:aa:33:6a:2f:30:90:00:f6:44:
                    df:97:04:10:f4:73:91:1f:3c:c7:78:a0:a5:49:79:
                    23:d1:04:17:4d:df:2e:b3:67:b7:83:bc:01:b9:2c:
                    e4:0d:17:c4:ba:fa:97:f2:4f:4f:2c:1c:8a:0c:f5:
                    5d:90:2d:a3:47:cf:0c:00:88:27:06:5c:61:39:77:
                    b4:27:18:b5:e0:78:2d:73:c7:17:6e:da:f6:2e:a7:
                    77:58:f2:18:df:ba:14:e0:2f:9e:57:4c:3f:8c:f9:
                    ba:ab:f6:fb:ad:81:39:1b:fd:79:3d:d4:a4:be:f8:
                    0f:cf:d9:4b:4f:53:63:7b:3b:b5:b3:7f:0b:4a:7d:
                    7b:19:f3:82:64:7b:06:02:26:5c:da:df:d6:40:fb:
                    4c:08:5a:3d:85:14:9d:ba:d3:69:fd:6f:92:7e:2d:
                    ad:8b:ef:fa:9d:0d:14:a1:ae:f0:f5:92:6b:b8:ff:
                    1e:5a:7c:4e:d1:1a:6f:e2:32:6d:43:91:81:aa:e1:
                    1d:a3:45:e1:56:b0:f8:f8:d2:36:ba:39:cc:8e:56:
                    9c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:0D:08:C6:46:2E:65:F0:4E:31:0F:98:20:60:8D:BC:B9:9E:91:62
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630333a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f03::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:da:49:05:6d:30:ec:e1:a4:b0:08:6b:db:47:87:d3:47:fe:
         18:a5:c3:d7:bd:39:e2:c1:f0:5d:56:21:de:1e:e0:4b:6f:47:
         f1:3b:ab:83:5a:c7:72:bc:52:a6:ca:12:35:fe:2c:37:44:35:
         33:62:ac:40:76:c5:41:c3:e6:71:a1:d1:2f:93:de:db:49:b8:
         a1:bc:da:41:27:fa:f4:34:46:23:9a:08:18:1e:6d:99:6c:31:
         64:a6:fb:5e:53:a0:78:c0:79:c6:10:62:a3:c1:ac:ee:3e:2b:
         5e:d4:5d:e6:fe:3a:dc:de:95:fe:fc:47:07:61:75:d8:28:f1:
         5e:51:66:8e:50:cd:7b:bd:0f:93:8b:46:cc:cf:0e:e3:d1:c8:
         cf:a3:15:d5:67:0b:36:17:04:0b:91:9f:6c:81:2c:fe:3f:3b:
         a1:6c:47:42:c6:f2:49:8c:44:74:84:b5:e8:bf:62:ed:09:51:
         f3:2d:5f:50:19:58:56:2f:a1:76:fa:78:b9:1b:a6:b7:f2:63:
         3e:4e:7f:30:17:f2:33:2b:97:48:d2:8e:c8:1f:4f:17:8f:2a:
         38:b8:fe:44:f3:d2:0b:4e:fd:d6:76:4c:c7:9f:eb:08:6f:57:
         04:72:42:3e:bb:6b:d0:ee:d6:0f:fe:1b:1a:9f:b3:e1:41:03:
         f8:a7:df:39
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUeFwMEgrKgfBaRJKQnSWCFJnxhzYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMTIxNjA1MzRaFw0yNDEwMTAxNjEwMzRaMDMxMTAvBgNV
BAMTKDMzMEQwOEM2NDYyRTY1RjA0RTMxMEY5ODIwNjA4REJDQjk5RTkxNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjOWU86VfQYA3g7sThT+LAdk85
Q6jHXbQbyb7wSDnwjrZaH0B6Te/gHwokL8kkQ5cK2aozai8wkAD2RN+XBBD0c5Ef
PMd4oKVJeSPRBBdN3y6zZ7eDvAG5LOQNF8S6+pfyT08sHIoM9V2QLaNHzwwAiCcG
XGE5d7QnGLXgeC1zxxdu2vYup3dY8hjfuhTgL55XTD+M+bqr9vutgTkb/Xk91KS+
+A/P2UtPU2N7O7WzfwtKfXsZ84JkewYCJlza39ZA+0wIWj2FFJ2602n9b5J+La2L
7/qdDRShrvD1kmu4/x5afE7RGm/iMm1DkYGq4R2jReFWsPj40ja6OcyOVpybAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUMw0IxkYuZfBOMQ+YIGCNvLmekWIwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzMzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwMwDQYJKoZIhvcNAQEL
BQADggEBAFraSQVtMOzhpLAIa9tHh9NH/hilw9e9OeLB8F1WId4e4EtvR/E7q4Na
x3K8UqbKEjX+LDdENTNirEB2xUHD5nGh0S+T3ttJuKG82kEn+vQ0RiOaCBgebZls
MWSm+15ToHjAecYQYqPBrO4+K17UXeb+Otzelf78Rwdhddgo8V5RZo5QzXu9D5OL
RszPDuPRyM+jFdVnCzYXBAuRn2yBLP4/O6FsR0LG8kmMRHSEtei/Yu0JUfMtX1AZ
WFYvoXb6eLkbprfyYz5OfzAX8jMrl0jSjsgfTxePKji4/kTz0gtO/dZ2TMef6whv
VwRyQj67a9Du1g/+Gxqfs+FBA/in3zk=
-----END CERTIFICATE-----