Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630373a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630373a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          HWJGrPoxdEpa21vwnZ23r/yaznatESCUTNEfxAyd7wE=
Subject key identifier:   39:3D:32:28:11:E6:2B:D2:47:2A:6E:59:6F:4F:F5:43:BA:C1:63:3D
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       1128009526A18E3F608C683617FCCD7BC4345732
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630373a3a2f33322d3438203d3e2033323134.roa
Signing time:             Thu 12 Oct 2023 16:10:35 +0000
ROA not before:           Thu 12 Oct 2023 16:05:35 +0000
ROA not after:            Thu 10 Oct 2024 16:10:35 +0000
asID:                     3214
IP address blocks:        2a04:6f07::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:28:00:95:26:a1:8e:3f:60:8c:68:36:17:fc:cd:7b:c4:34:57:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 12 16:05:35 2023 GMT
            Not After : Oct 10 16:10:35 2024 GMT
        Subject: CN=393D322811E62BD2472A6E596F4FF543BAC1633D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:58:a4:36:58:ac:bb:26:87:69:58:ea:9a:56:
                    53:e4:be:1b:a7:7b:42:07:ab:43:6c:53:38:0d:fb:
                    d8:af:72:4f:3f:f7:86:14:78:3d:db:9a:da:75:3f:
                    05:93:e9:15:4d:e9:49:fe:45:ce:e2:6e:3e:34:46:
                    02:d2:89:64:8f:9a:82:40:1d:69:9a:4c:ba:44:c2:
                    bb:4a:19:8f:17:44:e1:7d:45:09:ce:39:3c:83:ad:
                    55:70:a2:0e:f4:4e:2e:89:65:94:42:29:33:de:30:
                    28:db:c8:d6:c5:99:db:4c:d0:32:1b:56:7b:5d:c8:
                    b8:ab:25:20:29:4b:a7:bc:e7:d5:7e:83:2f:5d:d6:
                    25:9c:b9:bc:e5:d9:e3:2f:df:90:eb:8c:d5:b4:2b:
                    3b:c4:70:9f:17:69:1d:c7:23:4c:62:32:99:83:4f:
                    c6:48:0f:c9:c0:26:f8:58:82:05:3c:ed:72:65:d2:
                    40:98:5f:66:06:af:0b:40:1d:d6:7e:d0:69:1f:94:
                    fa:8c:3e:bf:35:6d:35:dd:94:22:92:63:27:7b:ab:
                    5a:bc:94:2a:f8:e2:ec:f6:4d:2e:8e:c9:bf:4e:3a:
                    f4:c0:e0:5b:fc:2d:3d:52:21:be:0f:2c:05:9f:58:
                    ad:be:35:2b:b1:d5:90:83:67:c5:e1:e0:46:c2:f0:
                    46:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:3D:32:28:11:E6:2B:D2:47:2A:6E:59:6F:4F:F5:43:BA:C1:63:3D
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630373a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f07::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:a4:6c:ae:b3:dd:c4:0b:5c:8f:a9:f8:13:22:9c:76:19:10:
         bd:a1:fd:88:77:fc:8d:e3:aa:73:a9:f5:d2:02:a5:85:7a:68:
         83:9e:56:23:97:fc:38:df:e7:cd:cc:42:ca:ce:cb:85:59:89:
         95:04:0f:7e:91:9f:c3:59:8c:dd:c3:19:28:4a:5c:ff:29:d1:
         15:bd:68:88:4f:47:82:ff:c4:f8:cb:02:c6:de:24:60:86:b7:
         83:b6:b0:82:57:35:31:8f:2f:18:f9:a7:7a:20:0a:c4:4e:e6:
         28:4f:88:1b:b1:57:f4:bc:1c:99:21:d4:47:4f:cc:f3:14:3c:
         b2:29:a0:e3:fb:5a:ca:65:5d:93:cb:17:69:9b:73:36:6b:e8:
         12:df:42:d7:38:00:0b:8a:b0:01:93:52:16:ad:44:00:65:54:
         a5:ca:0f:d6:7e:3d:0f:89:cd:13:b0:16:86:d8:a6:8e:43:36:
         8e:a1:a2:58:cd:ae:2c:8f:84:d0:42:11:ea:83:ff:93:11:c5:
         08:24:d3:51:5f:c6:47:91:31:13:31:5c:e5:a4:16:6f:22:3d:
         d9:13:27:16:34:25:b0:40:7c:1f:8a:01:d6:2b:02:54:c3:b2:
         f3:02:f7:33:a3:63:02:f0:8e:6c:10:f2:40:4c:67:fb:94:1f:
         52:63:74:75
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUESgAlSahjj9gjGg2F/zNe8Q0VzIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMTIxNjA1MzVaFw0yNDEwMTAxNjEwMzVaMDMxMTAvBgNV
BAMTKDM5M0QzMjI4MTFFNjJCRDI0NzJBNkU1OTZGNEZGNTQzQkFDMTYzM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnWKQ2WKy7JodpWOqaVlPkvhun
e0IHq0NsUzgN+9ivck8/94YUeD3bmtp1PwWT6RVN6Un+Rc7ibj40RgLSiWSPmoJA
HWmaTLpEwrtKGY8XROF9RQnOOTyDrVVwog70Ti6JZZRCKTPeMCjbyNbFmdtM0DIb
VntdyLirJSApS6e859V+gy9d1iWcubzl2eMv35DrjNW0KzvEcJ8XaR3HI0xiMpmD
T8ZID8nAJvhYggU87XJl0kCYX2YGrwtAHdZ+0GkflPqMPr81bTXdlCKSYyd7q1q8
lCr44uz2TS6Oyb9OOvTA4Fv8LT1SIb4PLAWfWK2+NSux1ZCDZ8Xh4EbC8Eb1AgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUOT0yKBHmK9JHKm5Zb0/1Q7rBYz0wHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzczYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwcwDQYJKoZIhvcNAQEL
BQADggEBAKakbK6z3cQLXI+p+BMinHYZEL2h/Yh3/I3jqnOp9dICpYV6aIOeViOX
/Djf583MQsrOy4VZiZUED36Rn8NZjN3DGShKXP8p0RW9aIhPR4L/xPjLAsbeJGCG
t4O2sIJXNTGPLxj5p3ogCsRO5ihPiBuxV/S8HJkh1EdPzPMUPLIpoOP7WsplXZPL
F2mbczZr6BLfQtc4AAuKsAGTUhatRABlVKXKD9Z+PQ+JzROwFobYpo5DNo6holjN
riyPhNBCEeqD/5MRxQgk01FfxkeRMRMxXOWkFm8iPdkTJxY0JbBAfB+KAdYrAlTD
svMC9zOjYwLwjmwQ8kBMZ/uUH1JjdHU=
-----END CERTIFICATE-----