Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130613a616363313a3a2f33322d3438203d3e2033323538.roa
File:                     326130613a616363313a3a2f33322d3438203d3e2033323538.roa (raw, json)
Hash identifier:          YoHrKhuh5zwJRUhPwFTvO0QbUmag7U9Md6NBGICTXXw=
Subject key identifier:   73:FF:84:FF:B2:3C:2E:30:EA:F4:C4:83:A8:25:45:12:0A:1A:D3:F4
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       369BA3ABBD7AC305508D8D90C7C9909A77277AE6
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130613a616363313a3a2f33322d3438203d3e2033323538.roa
Signing time:             Thu 12 Oct 2023 16:10:34 +0000
ROA not before:           Thu 12 Oct 2023 16:05:34 +0000
ROA not after:            Thu 10 Oct 2024 16:10:34 +0000
asID:                     3258
IP address blocks:        2a0a:acc1::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:9b:a3:ab:bd:7a:c3:05:50:8d:8d:90:c7:c9:90:9a:77:27:7a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct 12 16:05:34 2023 GMT
            Not After : Oct 10 16:10:34 2024 GMT
        Subject: CN=73FF84FFB23C2E30EAF4C483A82545120A1AD3F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e0:57:3a:93:1a:92:35:e0:71:3d:82:25:af:
                    a5:46:29:d9:3e:f9:01:34:26:9a:2c:e0:f3:bf:cc:
                    8a:32:cf:3d:0e:9b:be:f8:4e:4c:ad:54:1b:7c:be:
                    82:2b:4f:de:c5:62:a1:b2:67:fb:8c:9e:36:35:30:
                    66:99:e8:c1:6b:ca:94:1e:2a:b1:4e:35:98:7b:2f:
                    37:29:a0:c2:37:d8:43:4d:1f:28:7e:42:63:2b:16:
                    73:7f:e0:38:a9:48:9d:b3:6c:4c:60:9b:d2:dc:dc:
                    55:4c:ad:57:e7:31:02:cd:3b:08:51:6b:cb:7a:19:
                    3b:1c:c0:f2:c1:67:f6:4f:51:53:11:88:1d:b8:26:
                    d4:93:f6:2f:30:c6:73:9c:ee:77:6c:17:ec:b7:ca:
                    75:5e:d4:ae:25:d5:6b:e1:30:e2:20:1d:da:6b:b9:
                    7c:cb:1d:af:d9:fe:fb:60:48:0a:a9:0c:3b:55:27:
                    79:a9:7a:58:87:25:e0:a6:63:fe:da:74:17:ab:56:
                    82:cd:f9:a0:ab:0b:80:0b:0a:b6:66:ca:2c:aa:9a:
                    4c:24:49:e6:75:d6:72:cc:e1:c9:7e:03:9c:0c:ce:
                    5e:9b:dc:0b:db:43:9f:02:a2:1b:b7:b2:24:fa:3a:
                    38:44:97:df:a8:22:37:56:03:20:cc:0d:14:23:fd:
                    b2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:FF:84:FF:B2:3C:2E:30:EA:F4:C4:83:A8:25:45:12:0A:1A:D3:F4
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130613a616363313a3a2f33322d3438203d3e2033323538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:acc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:33:d8:ab:a3:dc:75:4f:67:c4:03:be:20:b9:cd:59:c5:6f:
         52:c8:e8:25:bb:f8:66:69:79:c8:07:b4:46:27:9e:a2:0a:0d:
         f3:32:41:81:8a:83:c5:d2:b9:e5:44:8f:c5:70:a2:3b:61:c9:
         45:f1:bc:01:41:9a:e3:43:f2:74:20:74:33:6f:b3:d2:1d:26:
         42:53:ef:66:41:da:f6:03:6f:09:ac:18:b2:fc:f6:e9:18:51:
         ad:e1:30:24:cc:63:72:05:f7:87:e7:a5:7f:a5:92:fc:4d:8f:
         f6:46:79:cb:64:6a:2e:2b:19:4a:eb:be:91:dc:6a:e5:e4:5f:
         40:9c:8f:8d:c1:ef:01:14:7a:e7:cd:c8:ee:6a:a4:33:a6:26:
         08:ac:ec:96:ab:43:aa:17:05:bc:ca:1c:e2:69:08:c3:95:e4:
         94:37:bc:7c:72:25:a4:6c:e0:b5:87:1f:14:92:8f:ea:fb:50:
         c6:2e:4a:c0:78:be:cd:55:a3:e7:a4:5f:cf:18:a6:37:8d:55:
         f3:e3:0d:fe:66:fd:85:1e:cc:a0:36:ab:2b:8b:94:58:01:6a:
         11:08:09:2c:8b:63:53:45:eb:a6:1d:36:87:ff:80:8f:11:f9:
         8e:71:c6:45:56:ee:c5:0e:71:bb:0c:0a:85:ab:44:44:cb:1c:
         d8:f5:74:9f
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUNpujq716wwVQjY2Qx8mQmncneuYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzEwMTIxNjA1MzRaFw0yNDEwMTAxNjEwMzRaMDMxMTAvBgNV
BAMTKDczRkY4NEZGQjIzQzJFMzBFQUY0QzQ4M0E4MjU0NTEyMEExQUQzRjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX4Fc6kxqSNeBxPYIlr6VGKdk+
+QE0Jpos4PO/zIoyzz0Om774TkytVBt8voIrT97FYqGyZ/uMnjY1MGaZ6MFrypQe
KrFONZh7LzcpoMI32ENNHyh+QmMrFnN/4DipSJ2zbExgm9Lc3FVMrVfnMQLNOwhR
a8t6GTscwPLBZ/ZPUVMRiB24JtST9i8wxnOc7ndsF+y3ynVe1K4l1WvhMOIgHdpr
uXzLHa/Z/vtgSAqpDDtVJ3mpeliHJeCmY/7adBerVoLN+aCrC4ALCrZmyiyqmkwk
SeZ11nLM4cl+A5wMzl6b3AvbQ58Cohu3siT6OjhEl9+oIjdWAyDMDRQj/bKrAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUc/+E/7I8LjDq9MSDqCVFEgoa0/QwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzA2MTNhNjE2MzYzMzEzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzUzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoKrMEwDQYJKoZIhvcNAQEL
BQADggEBAGQz2Kuj3HVPZ8QDviC5zVnFb1LI6CW7+GZpecgHtEYnnqIKDfMyQYGK
g8XSueVEj8VwojthyUXxvAFBmuND8nQgdDNvs9IdJkJT72ZB2vYDbwmsGLL89ukY
Ua3hMCTMY3IF94fnpX+lkvxNj/ZGectkai4rGUrrvpHcauXkX0Ccj43B7wEUeufN
yO5qpDOmJgis7JarQ6oXBbzKHOJpCMOV5JQ3vHxyJaRs4LWHHxSSj+r7UMYuSsB4
vs1Vo+ekX88YpjeNVfPjDf5m/YUezKA2qyuLlFgBahEICSyLY1NF66YdNof/gI8R
+Y5xxkVW7sUOcbsMCoWrRETLHNj1dJ8=
-----END CERTIFICATE-----