Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630363a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630363a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          M3/GWHRpSxiYng8L1MnXXBoOz1Yod7dvr35ljXhRnFA=
Subject key identifier:   32:48:AD:95:86:B8:21:73:51:60:F3:85:22:82:E7:62:BC:CD:04:41
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       4A0DB73C50E72265417E249F401D1094B87E2295
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630363a3a2f33322d3438203d3e2033323134.roa
Signing time:             Thu 12 Oct 2023 16:10:34 +0000
ROA not before:           Thu 12 Oct 2023 16:05:34 +0000
ROA not after:            Thu 10 Oct 2024 16:10:34 +0000
asID:                     3214
IP address blocks:        2a04:6f06::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:0d:b7:3c:50:e7:22:65:41:7e:24:9f:40:1d:10:94:b8:7e:22:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 12 16:05:34 2023 GMT
            Not After : Oct 10 16:10:34 2024 GMT
        Subject: CN=3248AD9586B821735160F3852282E762BCCD0441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:21:fb:d2:97:b6:03:96:78:22:f9:53:91:f6:
                    54:21:27:25:bd:4d:1d:11:58:19:b2:60:7f:8e:fb:
                    9f:ed:6f:e3:2c:f9:34:4f:18:3f:b3:4d:f9:23:7f:
                    90:3f:20:93:dd:57:62:91:b2:ce:b5:17:8b:94:c8:
                    f1:4e:5f:83:75:16:f8:a0:9a:11:bf:d0:ee:03:80:
                    95:92:e1:cc:56:4e:29:1c:b9:a2:0d:29:4b:1b:8a:
                    46:3b:dd:12:55:b5:c6:02:e1:c4:bb:0b:cd:df:46:
                    72:4a:88:44:a1:f6:23:0b:53:9a:94:6c:e5:20:bc:
                    29:04:ed:c8:7e:8b:7d:39:cb:d6:10:23:94:22:e6:
                    5c:6d:f2:63:2e:73:8d:dc:2a:78:62:bb:f6:a3:08:
                    8b:65:48:a7:26:60:c5:2d:31:c4:12:6c:2d:d7:eb:
                    ce:04:76:fd:bf:bc:69:f7:fb:d1:b0:c7:3e:e7:61:
                    7f:97:bc:70:a6:3a:d9:cf:ea:08:66:88:0b:8a:d2:
                    ad:f7:c0:b4:e9:8e:6f:7f:fb:a4:f9:06:4f:0b:01:
                    3b:cd:21:07:d2:f1:f3:ab:49:b8:f3:b7:2f:22:1c:
                    41:39:20:d4:57:88:34:b0:31:d8:74:c6:b9:0b:21:
                    50:1e:ef:be:ae:24:fc:bd:2a:cf:88:e2:03:a9:9b:
                    26:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:48:AD:95:86:B8:21:73:51:60:F3:85:22:82:E7:62:BC:CD:04:41
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630363a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f06::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:66:0a:5c:83:28:90:1d:d3:60:25:cb:5e:46:eb:bc:bc:5c:
         ab:18:ae:46:82:f1:40:36:cd:13:f0:a8:2c:73:bc:78:ad:e2:
         92:35:50:ed:ff:6f:de:5a:ee:b9:e8:6e:c0:4b:8d:4e:69:ad:
         d7:ff:61:d2:d5:5f:57:11:c1:95:a9:d4:43:88:d0:28:f3:7a:
         7c:f2:8f:fd:67:42:2e:00:f8:c9:b8:ea:f5:66:ca:c4:a8:d3:
         39:96:0b:74:db:ba:14:ef:67:cd:a6:d4:80:e0:52:0d:60:a7:
         e6:94:f4:c5:52:3c:3c:cf:64:23:66:c0:ce:13:5b:da:1f:78:
         3f:c8:c7:e2:e0:5a:b1:d0:2b:88:51:10:93:26:21:6f:94:63:
         7f:9e:21:d6:6c:7f:9c:72:11:e9:8b:11:94:71:46:62:2a:67:
         b5:9a:1c:83:15:da:63:44:9d:06:b7:1c:1e:8f:ff:04:e5:3c:
         c8:cd:ff:68:ec:f5:d9:fc:6b:83:14:29:c0:8c:58:ce:a1:04:
         d9:fe:be:b9:0e:c5:a9:97:37:f9:da:f8:d6:04:00:1f:6e:ca:
         bf:64:2b:c6:a1:52:d6:b6:40:48:9a:c4:f4:34:45:2a:91:36:
         81:cb:a6:75:65:1d:f0:68:44:f5:2d:5f:dc:80:f9:d4:f6:03:
         cb:e7:18:b9
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUSg23PFDnImVBfiSfQB0QlLh+IpUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMTIxNjA1MzRaFw0yNDEwMTAxNjEwMzRaMDMxMTAvBgNV
BAMTKDMyNDhBRDk1ODZCODIxNzM1MTYwRjM4NTIyODJFNzYyQkNDRDA0NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5IfvSl7YDlngi+VOR9lQhJyW9
TR0RWBmyYH+O+5/tb+Ms+TRPGD+zTfkjf5A/IJPdV2KRss61F4uUyPFOX4N1Fvig
mhG/0O4DgJWS4cxWTikcuaINKUsbikY73RJVtcYC4cS7C83fRnJKiESh9iMLU5qU
bOUgvCkE7ch+i305y9YQI5Qi5lxt8mMuc43cKnhiu/ajCItlSKcmYMUtMcQSbC3X
684Edv2/vGn3+9Gwxz7nYX+XvHCmOtnP6ghmiAuK0q33wLTpjm9/+6T5Bk8LATvN
IQfS8fOrSbjzty8iHEE5INRXiDSwMdh0xrkLIVAe776uJPy9Ks+I4gOpmybhAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUMkitlYa4IXNRYPOFIoLnYrzNBEEwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzYzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwYwDQYJKoZIhvcNAQEL
BQADggEBADpmClyDKJAd02Aly15G67y8XKsYrkaC8UA2zRPwqCxzvHit4pI1UO3/
b95a7rnobsBLjU5prdf/YdLVX1cRwZWp1EOI0Cjzenzyj/1nQi4A+Mm46vVmysSo
0zmWC3TbuhTvZ82m1IDgUg1gp+aU9MVSPDzPZCNmwM4TW9ofeD/Ix+LgWrHQK4hR
EJMmIW+UY3+eIdZsf5xyEemLEZRxRmIqZ7WaHIMV2mNEnQa3HB6P/wTlPMjN/2js
9dn8a4MUKcCMWM6hBNn+vrkOxamXN/na+NYEAB9uyr9kK8ahUta2QEiaxPQ0RSqR
NoHLpnVlHfBoRPUtX9yA+dT2A8vnGLk=
-----END CERTIFICATE-----