Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630343a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630343a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          TsJ/D6PA9op859Jun9GcoHimLqaRBzVV8BdsRU0RrfE=
Subject key identifier:   29:83:3B:AD:BC:B9:EE:A7:B0:7C:C8:1E:B2:66:F2:33:B7:33:AC:AD
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       2D2E85AEF84C77F2E7295193AB10C5AC54C77333
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630343a3a2f33322d3438203d3e2033323134.roa
Signing time:             Thu 12 Oct 2023 16:10:35 +0000
ROA not before:           Thu 12 Oct 2023 16:05:35 +0000
ROA not after:            Thu 10 Oct 2024 16:10:35 +0000
asID:                     3214
IP address blocks:        2a04:6f04::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:2e:85:ae:f8:4c:77:f2:e7:29:51:93:ab:10:c5:ac:54:c7:73:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 12 16:05:35 2023 GMT
            Not After : Oct 10 16:10:35 2024 GMT
        Subject: CN=29833BADBCB9EEA7B07CC81EB266F233B733ACAD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:92:f9:42:e1:41:97:b1:c9:08:26:39:51:0e:
                    51:ad:83:23:64:7d:f1:0f:a2:96:68:d2:f3:7b:e0:
                    77:aa:1b:f1:01:b8:e4:1d:82:ed:5f:4f:94:77:b2:
                    c1:07:04:12:00:5c:52:1d:97:8d:e6:91:fa:61:aa:
                    99:94:31:95:24:d5:e6:f5:dd:db:60:df:b5:14:86:
                    cb:7c:f9:11:fc:64:0e:34:b0:26:a0:ea:71:7d:c4:
                    e2:35:73:b4:49:47:a4:4d:1b:76:70:fc:e6:28:ae:
                    b7:07:2a:5c:62:30:a2:5b:6d:a9:4a:a8:ef:b5:3b:
                    fc:e6:d9:7a:44:11:03:40:47:66:44:48:32:e7:22:
                    72:6f:90:71:16:7a:86:d3:77:8c:e6:31:33:54:67:
                    a8:71:e6:7f:40:4f:cb:5c:d3:1d:f9:20:8d:af:9e:
                    0d:fd:90:30:71:30:9f:b4:90:8c:31:5d:67:dc:c6:
                    b7:ca:d4:01:01:6f:98:e5:ac:6c:21:93:11:8d:13:
                    83:bc:00:fb:fe:73:4c:a1:87:d7:f2:45:6d:5f:ed:
                    0b:35:95:98:69:b9:6f:9e:8c:6e:94:c3:fc:03:85:
                    92:77:37:ba:87:e8:1d:9a:e6:32:b1:ca:d8:e2:0b:
                    49:d7:d5:ca:5c:46:78:f0:fb:75:9b:c4:8f:fb:d6:
                    86:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:83:3B:AD:BC:B9:EE:A7:B0:7C:C8:1E:B2:66:F2:33:B7:33:AC:AD
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630343a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f04::/32

    Signature Algorithm: sha256WithRSAEncryption
         ae:4a:1c:13:2b:87:48:6b:92:f6:ad:e5:58:66:92:e0:ba:89:
         df:71:16:48:8e:34:ee:34:f9:ec:e1:15:20:ca:60:c3:b9:da:
         95:4f:65:07:9c:7f:3f:0a:6a:c9:b3:fd:90:ce:8b:a7:dd:39:
         4e:da:4a:e7:c1:75:37:fe:52:df:0b:9d:0e:49:77:b7:95:af:
         f5:06:1f:d0:bd:5d:1b:c4:39:2e:b5:4e:31:67:46:38:34:e0:
         3f:20:50:da:1b:cd:dc:80:45:aa:14:f4:cf:ba:4f:bb:c3:e0:
         ef:f6:d5:f7:06:44:f7:36:5b:fe:d1:cf:7c:87:ab:c0:47:c3:
         09:44:d6:76:a8:51:d1:99:7c:7a:9c:53:64:ca:0c:85:f2:89:
         58:55:69:c1:83:b5:73:8a:3f:09:5f:bb:03:24:9f:75:39:45:
         20:06:ff:f6:49:01:6d:a6:80:f6:09:5b:20:a9:7c:07:6c:2d:
         c1:44:5c:17:e4:33:bd:d1:49:f6:5f:be:91:54:a0:c5:27:a9:
         69:4d:53:4e:b8:04:cc:67:4f:f8:58:50:e0:29:4a:da:21:2f:
         aa:f8:6c:18:f3:57:36:b5:1e:c5:70:9d:3c:af:21:2c:95:58:
         86:d1:9b:a9:e7:0a:01:e5:71:63:85:98:49:d0:de:15:be:cf:
         45:a6:16:66
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIULS6FrvhMd/LnKVGTqxDFrFTHczMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMTIxNjA1MzVaFw0yNDEwMTAxNjEwMzVaMDMxMTAvBgNV
BAMTKDI5ODMzQkFEQkNCOUVFQTdCMDdDQzgxRUIyNjZGMjMzQjczM0FDQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCukvlC4UGXsckIJjlRDlGtgyNk
ffEPopZo0vN74HeqG/EBuOQdgu1fT5R3ssEHBBIAXFIdl43mkfphqpmUMZUk1eb1
3dtg37UUhst8+RH8ZA40sCag6nF9xOI1c7RJR6RNG3Zw/OYorrcHKlxiMKJbbalK
qO+1O/zm2XpEEQNAR2ZESDLnInJvkHEWeobTd4zmMTNUZ6hx5n9AT8tc0x35II2v
ng39kDBxMJ+0kIwxXWfcxrfK1AEBb5jlrGwhkxGNE4O8APv+c0yhh9fyRW1f7Qs1
lZhpuW+ejG6Uw/wDhZJ3N7qH6B2a5jKxytjiC0nX1cpcRnjw+3WbxI/71oaXAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUKYM7rby57qewfMgesmbyM7czrK0wHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzQzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwQwDQYJKoZIhvcNAQEL
BQADggEBAK5KHBMrh0hrkvat5VhmkuC6id9xFkiONO40+ezhFSDKYMO52pVPZQec
fz8Kasmz/ZDOi6fdOU7aSufBdTf+Ut8LnQ5Jd7eVr/UGH9C9XRvEOS61TjFnRjg0
4D8gUNobzdyARaoU9M+6T7vD4O/21fcGRPc2W/7Rz3yHq8BHwwlE1naoUdGZfHqc
U2TKDIXyiVhVacGDtXOKPwlfuwMkn3U5RSAG//ZJAW2mgPYJWyCpfAdsLcFEXBfk
M73RSfZfvpFUoMUnqWlNU064BMxnT/hYUOApStohL6r4bBjzVza1HsVwnTyvISyV
WIbRm6nnCgHlcWOFmEnQ3hW+z0WmFmY=
-----END CERTIFICATE-----