Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3130303a3a2f34302d3438203d3e20313334363636.roa
File:                     326130623a323534323a3130303a3a2f34302d3438203d3e20313334363636.roa (raw, json)
Hash identifier:          3ae24uPKULWDSlJHUrRVkRNVHdbHenU3RXxrGDU+eUU=
Subject key identifier:   A1:8C:46:B5:47:5B:C6:2D:FE:E8:1E:7E:BB:F5:BA:A7:7C:82:E8:A3
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       2A78EB733A571FE13129C29EFBF82319ABEFD620
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3130303a3a2f34302d3438203d3e20313334363636.roa
Signing time:             Thu 28 Sep 2023 09:12:50 +0000
ROA not before:           Thu 28 Sep 2023 09:07:50 +0000
ROA not after:            Thu 26 Sep 2024 09:12:50 +0000
asID:                     134666
IP address blocks:        2a0b:2542:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:78:eb:73:3a:57:1f:e1:31:29:c2:9e:fb:f8:23:19:ab:ef:d6:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Sep 28 09:07:50 2023 GMT
            Not After : Sep 26 09:12:50 2024 GMT
        Subject: CN=A18C46B5475BC62DFEE81E7EBBF5BAA77C82E8A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:33:50:fd:74:5b:45:80:69:50:64:c6:1f:57:
                    eb:ab:a7:2a:c3:2b:46:1a:40:10:76:7c:a5:0a:ea:
                    4c:42:9b:ed:f6:d6:46:1f:34:12:0e:45:58:e9:5d:
                    91:17:ba:71:01:b1:bb:53:b4:0c:e9:43:2d:58:24:
                    f8:08:85:ea:00:c8:9d:43:a8:4d:93:4f:a1:4d:f4:
                    ff:63:40:d3:a3:e3:6c:cb:4d:c3:33:f1:c1:e1:27:
                    13:18:05:a2:22:31:9b:60:24:7e:14:9a:6e:d9:c5:
                    66:9b:bb:dc:10:51:85:fc:4c:19:b0:f9:72:a7:83:
                    d5:01:84:8f:84:d2:ad:cd:d1:93:e2:b4:f5:92:4a:
                    9c:2b:69:95:10:30:72:16:b4:09:1e:1e:64:d3:17:
                    7f:25:b0:f5:77:15:e1:db:d4:8d:79:3b:72:f3:11:
                    bd:87:65:8b:17:93:8b:2c:30:90:d5:dd:c8:f1:c8:
                    09:26:91:9a:02:62:b8:a0:d7:37:31:eb:7c:74:3f:
                    10:0d:0c:e0:a5:09:0a:b2:e8:cf:20:11:ca:25:02:
                    24:fe:dd:3d:f9:b7:0f:51:dc:54:d6:64:c4:12:81:
                    3d:ca:10:6a:ae:4a:4d:8b:25:9d:1f:97:39:bd:84:
                    1a:35:8e:73:6b:32:8b:96:17:63:6f:26:a5:33:e7:
                    35:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:8C:46:B5:47:5B:C6:2D:FE:E8:1E:7E:BB:F5:BA:A7:7C:82:E8:A3
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3130303a3a2f34302d3438203d3e20313334363636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         17:7e:9c:fb:f5:96:26:70:d3:c0:cb:54:22:92:2c:6a:09:67:
         c2:da:ee:fb:bc:a7:6f:51:23:81:10:94:47:50:26:f3:f5:e9:
         ac:cb:16:b2:fe:af:68:74:fd:93:7c:72:85:d8:be:4e:26:63:
         cb:13:a7:c4:5f:f9:66:bf:8a:5c:c8:26:f3:91:39:47:5e:b4:
         49:c2:aa:6f:33:65:4c:3d:88:67:b2:2e:7e:cf:b4:2a:2a:43:
         6c:65:2d:24:b4:02:83:9d:30:73:58:a8:9c:88:c8:ec:98:10:
         45:04:80:bc:8f:f0:45:4e:e7:6a:40:7a:c0:9f:d9:59:6c:b1:
         77:0c:2a:3e:3a:be:26:ca:d4:f4:a6:63:4a:3f:b5:5c:23:97:
         54:0a:85:6c:8e:1c:4b:e7:d6:9a:5e:71:69:4a:33:53:0b:1e:
         27:9b:5b:ce:f8:39:c4:a6:fa:31:95:8f:b7:2c:70:08:51:df:
         2b:ca:72:d2:e6:b2:26:e5:a5:8c:3c:b9:4c:cd:7a:03:80:d7:
         3e:bb:73:ea:e9:43:5a:34:1a:8f:a3:d9:40:dc:76:e6:63:1c:
         90:1c:e4:ab:4c:4b:08:29:e4:33:32:79:07:8b:f2:d6:47:42:
         fc:85:ae:4c:fb:71:90:fd:85:96:46:af:d1:14:4e:1b:34:e2:
         ad:bd:83:3a
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUKnjrczpXH+ExKcKe+/gjGavv1iAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yMzA5MjgwOTA3NTBaFw0yNDA5MjYwOTEyNTBaMDMxMTAvBgNV
BAMTKEExOEM0NkI1NDc1QkM2MkRGRUU4MUU3RUJCRjVCQUE3N0M4MkU4QTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiM1D9dFtFgGlQZMYfV+urpyrD
K0YaQBB2fKUK6kxCm+321kYfNBIORVjpXZEXunEBsbtTtAzpQy1YJPgIheoAyJ1D
qE2TT6FN9P9jQNOj42zLTcMz8cHhJxMYBaIiMZtgJH4Umm7ZxWabu9wQUYX8TBmw
+XKng9UBhI+E0q3N0ZPitPWSSpwraZUQMHIWtAkeHmTTF38lsPV3FeHb1I15O3Lz
Eb2HZYsXk4ssMJDV3cjxyAkmkZoCYrig1zcx63x0PxANDOClCQqy6M8gEcolAiT+
3T35tw9R3FTWZMQSgT3KEGquSk2LJZ0flzm9hBo1jnNrMouWF2NvJqUz5zUXAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUoYxGtUdbxi3+6B5+u/W6p3yC6KMwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzMTMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMTMzMzQzNjM2MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
ATANBgkqhkiG9w0BAQsFAAOCAQEAF36c+/WWJnDTwMtUIpIsaglnwtru+7ynb1Ej
gRCUR1Am8/XprMsWsv6vaHT9k3xyhdi+TiZjyxOnxF/5Zr+KXMgm85E5R160ScKq
bzNlTD2IZ7Iufs+0KipDbGUtJLQCg50wc1ionIjI7JgQRQSAvI/wRU7nakB6wJ/Z
WWyxdwwqPjq+JsrU9KZjSj+1XCOXVAqFbI4cS+fWml5xaUozUwseJ5tbzvg5xKb6
MZWPtyxwCFHfK8py0uayJuWljDy5TM16A4DXPrtz6ulDWjQaj6PZQNx25mMckBzk
q0xLCCnkMzJ5B4vy1kdC/IWuTPtxkP2Flkav0RROGzTirb2DOg==
-----END CERTIFICATE-----