Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130613a616363323a3a2f33322d3438203d3e2036323333.roa
File:                     326130613a616363323a3a2f33322d3438203d3e2036323333.roa (raw, json)
Hash identifier:          wk3fJQs2Y5gztGyN2bdXZAUOs6lIPomlEshkGoIEf0w=
Subject key identifier:   68:78:5F:62:10:30:BE:89:6C:D1:BB:8A:3E:48:65:98:24:CB:A9:BC
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       46F3906B01B2B27AA289F75A7B242EF92D66494C
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130613a616363323a3a2f33322d3438203d3e2036323333.roa
Signing time:             Sat 14 Sep 2024 01:22:27 +0000
ROA not before:           Sat 14 Sep 2024 01:17:27 +0000
ROA not after:            Sat 13 Sep 2025 01:22:27 +0000
asID:                     6233
IP address blocks:        2a0a:acc2::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:f3:90:6b:01:b2:b2:7a:a2:89:f7:5a:7b:24:2e:f9:2d:66:49:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Sep 14 01:17:27 2024 GMT
            Not After : Sep 13 01:22:27 2025 GMT
        Subject: CN=68785F621030BE896CD1BB8A3E48659824CBA9BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:9e:43:5f:7b:d3:fe:4d:ca:cc:2e:cd:08:14:
                    64:3b:ab:78:e5:c2:52:7c:7e:9f:57:12:7c:8c:26:
                    76:54:f2:ee:11:fd:b7:c0:08:22:bc:23:23:8c:47:
                    a2:ab:b1:3b:13:01:fa:d2:d8:b9:73:b2:db:11:45:
                    ea:a1:b9:a2:92:24:6f:79:64:ba:24:5a:1a:f6:65:
                    55:bb:34:c5:87:a3:97:58:8a:96:58:11:2b:ce:1d:
                    41:06:d9:37:9c:f9:1f:a3:0e:c6:80:4b:1e:13:28:
                    39:83:7e:5f:82:a5:f0:7e:86:6b:dc:4c:5f:e5:d7:
                    83:e9:36:2b:4e:15:88:f0:16:76:e5:c5:06:ad:33:
                    9d:e0:8c:84:d7:f2:50:07:6a:89:3d:c2:fc:70:f0:
                    40:29:44:b7:fb:c6:50:9f:99:c2:dd:e5:46:90:44:
                    78:84:86:c2:f5:9e:db:24:b2:f6:02:9b:bf:58:77:
                    b0:e5:4f:e9:ce:1e:47:2d:7e:61:90:58:5b:03:60:
                    b7:56:9d:66:52:c5:b7:59:bd:e5:57:8e:2a:c2:82:
                    cc:7b:f7:80:f0:a6:69:80:69:ea:1c:40:76:d3:63:
                    d9:ec:59:ee:6b:16:63:3b:e9:a2:70:42:84:49:8d:
                    e7:62:04:e3:2d:ae:e9:c7:4a:16:12:d6:a1:08:63:
                    dd:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:78:5F:62:10:30:BE:89:6C:D1:BB:8A:3E:48:65:98:24:CB:A9:BC
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130613a616363323a3a2f33322d3438203d3e2036323333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:acc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:54:25:f2:00:ad:57:00:23:31:6f:8c:59:dd:8c:25:d0:e4:
         49:39:1f:d9:c3:e4:dd:2a:5d:81:2d:ba:3a:1a:ad:6b:05:48:
         47:7a:ee:94:69:3e:58:82:bf:e3:21:1e:88:19:30:ed:39:95:
         f4:af:37:6a:3d:1a:50:cb:c5:9c:55:6b:10:ae:1c:2a:35:19:
         91:13:fc:05:d0:b1:a7:ef:1e:27:a7:e5:23:66:36:da:2a:36:
         8c:dc:f5:8b:d9:0a:29:e2:b6:9a:bd:75:6e:4e:3c:4e:53:54:
         7e:7f:c2:3e:87:8a:57:7b:b7:c5:b9:14:fb:59:cf:60:97:4c:
         b8:ec:75:de:b7:d0:b0:91:df:3b:a0:db:ba:dc:71:54:6a:45:
         13:e1:c4:9c:8f:08:2d:2f:5c:41:6c:03:77:55:78:98:f4:3e:
         2f:00:79:82:40:f4:8e:2e:49:73:9b:ba:bb:a5:0c:76:25:49:
         a0:7d:d9:92:f9:0b:fe:81:51:3e:c7:6c:5c:c6:66:ea:f9:b1:
         67:01:c2:06:7f:55:cd:ef:e5:d4:26:a8:9c:b7:f5:10:13:84:
         9e:2f:74:03:63:c9:9f:ea:11:e9:89:08:63:7b:13:7d:0a:de:
         14:e4:44:45:8f:06:f2:be:2d:b7:d8:bb:0b:92:e6:3a:ec:d1:
         4f:4b:2f:89
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIURvOQawGysnqiifdaeyQu+S1mSUwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNDA5MTQwMTE3MjdaFw0yNTA5MTMwMTIyMjdaMDMxMTAvBgNV
BAMTKDY4Nzg1RjYyMTAzMEJFODk2Q0QxQkI4QTNFNDg2NTk4MjRDQkE5QkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3nkNfe9P+TcrMLs0IFGQ7q3jl
wlJ8fp9XEnyMJnZU8u4R/bfACCK8IyOMR6KrsTsTAfrS2LlzstsRReqhuaKSJG95
ZLokWhr2ZVW7NMWHo5dYipZYESvOHUEG2Tec+R+jDsaASx4TKDmDfl+CpfB+hmvc
TF/l14PpNitOFYjwFnblxQatM53gjITX8lAHaok9wvxw8EApRLf7xlCfmcLd5UaQ
RHiEhsL1ntsksvYCm79Yd7DlT+nOHkctfmGQWFsDYLdWnWZSxbdZveVXjirCgsx7
94DwpmmAaeocQHbTY9nsWe5rFmM76aJwQoRJjediBOMtrunHShYS1qEIY93PAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUaHhfYhAwvols0buKPkhlmCTLqbwwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzA2MTNhNjE2MzYzMzIzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzNjMyMzMzMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoKrMIwDQYJKoZIhvcNAQEL
BQADggEBAFRUJfIArVcAIzFvjFndjCXQ5Ek5H9nD5N0qXYEtujoarWsFSEd67pRp
PliCv+MhHogZMO05lfSvN2o9GlDLxZxVaxCuHCo1GZET/AXQsafvHien5SNmNtoq
Nozc9YvZCinitpq9dW5OPE5TVH5/wj6Hild7t8W5FPtZz2CXTLjsdd630LCR3zug
27rccVRqRRPhxJyPCC0vXEFsA3dVeJj0Pi8AeYJA9I4uSXOburulDHYlSaB92ZL5
C/6BUT7HbFzGZur5sWcBwgZ/Vc3v5dQmqJy39RAThJ4vdANjyZ/qEemJCGN7E30K
3hTkREWPBvK+LbfYuwuS5jrs0U9LL4k=
-----END CERTIFICATE-----