Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630353a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630353a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          GeEV8XvioxewSg3O4usbfHwerYhTtKp37XOX+gKE8z8=
Subject key identifier:   A4:D7:A1:91:E9:F2:98:9A:86:75:0D:19:A7:95:42:F3:10:C8:83:10
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       4B1A4741F688E6419C375494AFA0E7E5F7F8B196
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630353a3a2f33322d3438203d3e2033323134.roa
Signing time:             Thu 12 Oct 2023 16:10:35 +0000
ROA not before:           Thu 12 Oct 2023 16:05:35 +0000
ROA not after:            Thu 10 Oct 2024 16:10:35 +0000
asID:                     3214
IP address blocks:        2a04:6f05::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:1a:47:41:f6:88:e6:41:9c:37:54:94:af:a0:e7:e5:f7:f8:b1:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 12 16:05:35 2023 GMT
            Not After : Oct 10 16:10:35 2024 GMT
        Subject: CN=A4D7A191E9F2989A86750D19A79542F310C88310
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:93:1e:6b:71:40:45:f5:91:cc:07:ba:77:e1:
                    b9:85:87:63:87:26:1d:f1:cb:1c:4b:b0:80:8e:26:
                    f9:5c:8e:a4:5e:8a:19:d1:15:d3:11:21:9f:5d:15:
                    19:49:80:ac:74:41:f5:bb:86:15:65:88:06:f2:d7:
                    0a:8c:c0:73:cb:27:55:f2:ef:a4:02:e5:a2:2f:66:
                    f9:4b:fb:49:2f:c4:ff:b3:ea:6b:f5:14:e1:c0:ca:
                    9b:6b:8c:b1:03:b1:a1:25:25:67:19:e0:82:74:46:
                    6a:dc:c6:49:36:e6:31:bc:a9:ed:78:e6:82:c5:16:
                    54:fa:43:f2:b9:67:5f:6a:1c:21:45:75:de:b0:5c:
                    5c:9c:60:83:d2:c7:64:aa:d3:4f:48:c9:97:32:28:
                    f5:26:c9:ff:d0:2c:70:1a:dc:28:ed:56:cc:a7:bd:
                    2c:67:e5:84:9e:aa:45:e5:0e:24:f6:54:47:48:36:
                    b5:b4:72:29:95:4a:5c:96:d6:e0:52:ec:0c:54:3b:
                    d3:ee:41:23:e7:f9:08:64:ed:4f:b9:b5:4e:1a:c9:
                    dc:3a:cc:78:99:49:39:56:e3:56:4d:bc:36:96:d1:
                    3f:f3:4e:9e:bd:d9:81:99:99:4b:18:68:8e:e9:0b:
                    d9:b8:c8:1f:1a:1b:1d:dd:a8:b8:08:26:03:cd:cc:
                    e4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:D7:A1:91:E9:F2:98:9A:86:75:0D:19:A7:95:42:F3:10:C8:83:10
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630353a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f05::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:ca:9f:d0:a2:24:3e:ed:b8:ae:0b:39:93:95:ce:55:6e:0a:
         19:df:26:76:e9:c4:8e:bb:b0:fa:ba:f9:36:64:eb:f6:0a:7f:
         b6:9b:8f:3e:d3:d4:f1:de:93:23:75:a9:d1:09:ca:ed:ad:18:
         3e:da:7f:13:e2:4a:a8:07:91:95:4c:bf:77:1e:4d:67:3e:bf:
         4f:8a:b0:74:cf:d8:39:e4:70:96:3c:86:31:de:ae:16:fa:b6:
         2e:ff:32:5c:a7:84:13:4c:c1:d1:87:be:ae:36:d0:09:c1:c6:
         8d:39:17:aa:9e:2c:47:5b:62:fd:3d:7a:8c:38:9c:ac:81:72:
         fe:29:b8:b7:c1:b0:88:d4:2b:f2:82:3d:20:0d:35:07:ea:47:
         a1:1d:4c:22:e1:78:f9:6a:0c:4b:9f:bc:b0:a5:53:06:15:7f:
         fb:34:10:2b:36:ae:bd:5c:f1:c6:56:9b:22:8a:11:4f:73:28:
         e0:5c:61:c3:4b:41:9f:a2:a2:e3:6c:14:a6:fa:f2:6c:4f:75:
         f3:c6:ea:79:3f:0a:56:aa:62:84:7f:63:8f:71:3b:be:1b:d9:
         38:01:37:1c:57:81:35:0b:67:fa:60:f5:65:a9:c4:dc:dd:26:
         7b:8c:61:27:11:6c:22:e9:e7:cb:75:00:37:d2:b7:6f:aa:9d:
         79:d2:01:97
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUSxpHQfaI5kGcN1SUr6Dn5ff4sZYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMTIxNjA1MzVaFw0yNDEwMTAxNjEwMzVaMDMxMTAvBgNV
BAMTKEE0RDdBMTkxRTlGMjk4OUE4Njc1MEQxOUE3OTU0MkYzMTBDODgzMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfkx5rcUBF9ZHMB7p34bmFh2OH
Jh3xyxxLsICOJvlcjqReihnRFdMRIZ9dFRlJgKx0QfW7hhVliAby1wqMwHPLJ1Xy
76QC5aIvZvlL+0kvxP+z6mv1FOHAyptrjLEDsaElJWcZ4IJ0Rmrcxkk25jG8qe14
5oLFFlT6Q/K5Z19qHCFFdd6wXFycYIPSx2Sq009IyZcyKPUmyf/QLHAa3CjtVsyn
vSxn5YSeqkXlDiT2VEdINrW0cimVSlyW1uBS7AxUO9PuQSPn+Qhk7U+5tU4aydw6
zHiZSTlW41ZNvDaW0T/zTp692YGZmUsYaI7pC9m4yB8aGx3dqLgIJgPNzOQpAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUpNehkenymJqGdQ0Zp5VC8xDIgxAwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzUzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwUwDQYJKoZIhvcNAQEL
BQADggEBACHKn9CiJD7tuK4LOZOVzlVuChnfJnbpxI67sPq6+TZk6/YKf7abjz7T
1PHekyN1qdEJyu2tGD7afxPiSqgHkZVMv3ceTWc+v0+KsHTP2DnkcJY8hjHerhb6
ti7/MlynhBNMwdGHvq420AnBxo05F6qeLEdbYv09eow4nKyBcv4puLfBsIjUK/KC
PSANNQfqR6EdTCLhePlqDEufvLClUwYVf/s0ECs2rr1c8cZWmyKKEU9zKOBcYcNL
QZ+iouNsFKb68mxPdfPG6nk/ClaqYoR/Y49xO74b2TgBNxxXgTULZ/pg9WWpxNzd
JnuMYScRbCLp58t1ADfSt2+qnXnSAZc=
-----END CERTIFICATE-----