Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630373a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630373a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          +IbToSr8RSz9HQHVbkkQ9W8e0jSZnsHHcmWMXNsHJFw=
Subject key identifier:   95:DD:63:1E:B4:21:01:A7:C8:D9:B5:55:4E:E2:54:C5:A6:3C:5A:65
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       23BE35F40041E7387A64DF4B974E658495D10094
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630373a3a2f33322d3438203d3e2033323134.roa
Signing time:             Sat 14 Sep 2024 01:22:29 +0000
ROA not before:           Sat 14 Sep 2024 01:17:29 +0000
ROA not after:            Sat 13 Sep 2025 01:22:29 +0000
asID:                     3214
IP address blocks:        2a04:6f07::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:be:35:f4:00:41:e7:38:7a:64:df:4b:97:4e:65:84:95:d1:00:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Sep 14 01:17:29 2024 GMT
            Not After : Sep 13 01:22:29 2025 GMT
        Subject: CN=95DD631EB42101A7C8D9B5554EE254C5A63C5A65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6b:34:b7:dc:62:36:fb:04:12:49:ee:f2:eb:
                    35:18:da:c9:15:77:bf:e6:85:fa:81:cb:87:f9:ac:
                    76:ca:28:e4:a1:0e:56:2e:99:4c:14:90:b4:61:ac:
                    35:20:be:98:cf:31:6b:0a:fd:80:96:f3:dd:18:9e:
                    be:b7:ea:6b:5b:db:6f:ca:e7:09:42:9d:66:cc:d4:
                    41:1c:1a:52:f6:45:97:e2:a2:0d:02:50:b3:f0:94:
                    0c:fb:c9:27:83:38:75:60:a4:dd:12:b5:d7:89:34:
                    12:f1:d7:04:8d:4b:c3:e0:02:0d:82:b2:9a:9d:bc:
                    04:27:a9:70:7b:de:1e:c3:35:c3:61:76:ca:90:55:
                    19:65:ca:e7:b2:46:63:08:7d:9b:08:9e:d4:3b:c3:
                    12:b0:5f:5a:f4:dd:51:4a:38:34:00:49:5d:fd:ed:
                    19:41:a8:eb:ad:b3:3d:a6:c1:1d:43:99:d5:46:86:
                    33:b1:9b:3e:4c:4a:8b:0f:00:28:ba:93:6f:59:39:
                    a1:f4:54:71:d4:57:0f:7d:fe:16:eb:b1:60:18:54:
                    a1:ed:f5:74:c4:c3:05:f6:4e:46:36:ee:67:5b:49:
                    0e:4a:69:bb:4f:4b:7b:2a:9c:bc:c6:84:32:b0:7d:
                    93:d7:df:44:0c:c8:09:13:d1:bf:ac:86:84:92:d1:
                    1c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:DD:63:1E:B4:21:01:A7:C8:D9:B5:55:4E:E2:54:C5:A6:3C:5A:65
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630373a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f07::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:cb:d3:3c:ff:2d:b8:c8:22:8a:8f:5b:57:99:b8:a1:d0:ad:
         53:f9:bc:68:3c:82:f9:8d:cf:19:55:19:cd:fe:3e:90:c7:5a:
         78:92:fe:5a:c8:74:e4:c0:42:56:cd:07:12:a5:29:e7:c4:48:
         fa:99:f7:75:f4:0f:0e:51:7a:a4:46:88:d3:02:49:77:ff:70:
         0e:d2:a3:a7:bc:02:f6:ea:06:b3:f3:b0:15:f7:e4:78:bb:fb:
         06:9e:77:85:f9:c4:db:87:ee:1d:8b:2b:3f:c8:5c:3f:a6:9d:
         b7:64:4a:09:06:0c:3d:7c:1b:ec:b3:cf:a8:5f:dc:22:d8:40:
         f9:33:6b:23:b0:67:10:0d:3a:b2:43:a0:f4:b7:19:cd:eb:46:
         c5:7b:a4:3e:e3:65:b5:b3:09:7d:54:c5:a1:d0:bf:43:c7:9f:
         cb:86:a5:83:82:f2:ed:83:5e:7e:48:fd:e3:b1:d9:28:40:b3:
         5b:93:09:d1:c5:c2:bc:48:75:46:25:7d:76:b2:25:d9:ab:76:
         4e:c8:ec:e0:c3:c3:a1:83:83:87:1e:ad:9f:f1:82:23:9e:c0:
         62:a7:1c:ae:0e:4f:dd:96:88:5c:9f:cd:e0:94:57:3c:df:d9:
         17:e1:f9:98:77:95:99:63:a4:66:5d:f6:14:e7:e9:bf:5f:d1:
         77:f8:cd:92
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUI7419ABB5zh6ZN9Ll05lhJXRAJQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNDA5MTQwMTE3MjlaFw0yNTA5MTMwMTIyMjlaMDMxMTAvBgNV
BAMTKDk1REQ2MzFFQjQyMTAxQTdDOEQ5QjU1NTRFRTI1NEM1QTYzQzVBNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1azS33GI2+wQSSe7y6zUY2skV
d7/mhfqBy4f5rHbKKOShDlYumUwUkLRhrDUgvpjPMWsK/YCW890Ynr636mtb22/K
5wlCnWbM1EEcGlL2RZfiog0CULPwlAz7ySeDOHVgpN0StdeJNBLx1wSNS8PgAg2C
spqdvAQnqXB73h7DNcNhdsqQVRllyueyRmMIfZsIntQ7wxKwX1r03VFKODQASV39
7RlBqOutsz2mwR1DmdVGhjOxmz5MSosPACi6k29ZOaH0VHHUVw99/hbrsWAYVKHt
9XTEwwX2TkY27mdbSQ5KabtPS3sqnLzGhDKwfZPX30QMyAkT0b+shoSS0Rz3AgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUld1jHrQhAafI2bVVTuJUxaY8WmUwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzczYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwcwDQYJKoZIhvcNAQEL
BQADggEBAHvL0zz/LbjIIoqPW1eZuKHQrVP5vGg8gvmNzxlVGc3+PpDHWniS/lrI
dOTAQlbNBxKlKefESPqZ93X0Dw5ReqRGiNMCSXf/cA7So6e8AvbqBrPzsBX35Hi7
+waed4X5xNuH7h2LKz/IXD+mnbdkSgkGDD18G+yzz6hf3CLYQPkzayOwZxANOrJD
oPS3Gc3rRsV7pD7jZbWzCX1UxaHQv0PHn8uGpYOC8u2DXn5I/eOx2ShAs1uTCdHF
wrxIdUYlfXayJdmrdk7I7ODDw6GDg4cerZ/xgiOewGKnHK4OT92WiFyfzeCUVzzf
2Rfh+Zh3lZljpGZd9hTn6b9f0Xf4zZI=
-----END CERTIFICATE-----