Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3430303a3a2f34302d3438203d3e20323035363033.roa
File:                     326130623a323534323a3430303a3a2f34302d3438203d3e20323035363033.roa (raw, json)
Hash identifier:          5MzdV7SsTw+uVjfvtDbdSpi0OvBcACNPgDA0vdXnZqw=
Subject key identifier:   57:CB:AD:21:9C:28:F5:42:24:4E:80:1E:62:21:06:12:2B:16:E8:31
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       22FC0B0BD5659FA4759040D869CDC3C4231881B4
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3430303a3a2f34302d3438203d3e20323035363033.roa
Signing time:             Wed 03 Sep 2025 04:48:38 +0000
ROA not before:           Wed 03 Sep 2025 04:43:38 +0000
ROA not after:            Wed 02 Sep 2026 04:48:38 +0000
asID:                     205603
IP address blocks:        2a0b:2542:400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 21:10:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:fc:0b:0b:d5:65:9f:a4:75:90:40:d8:69:cd:c3:c4:23:18:81:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Sep  3 04:43:38 2025 GMT
            Not After : Sep  2 04:48:38 2026 GMT
        Subject: CN=57CBAD219C28F542244E801E622106122B16E831
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:60:39:7b:3a:63:33:1e:0d:d0:ce:2e:f7:e5:
                    90:72:97:2e:93:4b:c7:04:37:5f:1f:ee:f9:2f:4c:
                    4a:1e:4f:1d:e8:e1:d0:fa:9c:99:8c:d5:a1:e6:1c:
                    27:34:c3:2d:3b:f2:92:20:13:81:0d:23:84:7a:88:
                    b5:fe:9e:f1:0d:04:41:b7:8b:51:44:38:08:f0:24:
                    b0:0d:b4:94:7c:c6:90:bc:22:4d:c9:70:bc:b3:9a:
                    c2:0e:78:fb:ab:0f:f5:01:80:4a:3f:08:ce:1e:1a:
                    ff:49:fb:8e:ba:d0:43:ce:64:8f:b1:f0:2b:aa:96:
                    5b:da:f2:53:fc:63:11:8f:7c:00:3e:c2:b5:31:bc:
                    c2:6f:f2:31:f0:93:d8:56:e2:1f:79:5f:1a:7b:4f:
                    a6:56:57:1d:b3:43:68:57:5d:cd:e6:3b:1c:8b:cc:
                    a5:b8:e5:fc:22:25:21:a3:7a:4e:e8:0f:11:80:08:
                    18:73:b7:ad:28:92:8c:95:90:28:cc:83:4e:ce:ba:
                    93:b9:8c:a8:87:50:49:77:bc:42:af:38:c3:94:d2:
                    53:9a:84:cb:1b:d7:a0:d0:fb:f0:90:06:82:f9:f7:
                    66:5f:10:b5:f0:c7:03:46:58:5d:f6:9a:b9:e7:24:
                    1e:b6:0d:60:94:b5:60:d6:8a:b0:0f:a5:26:7a:38:
                    c9:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:CB:AD:21:9C:28:F5:42:24:4E:80:1E:62:21:06:12:2B:16:E8:31
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3430303a3a2f34302d3438203d3e20323035363033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         59:58:6b:65:4a:a4:1d:7e:cf:7f:fd:f5:e5:66:28:49:87:66:
         4e:77:74:13:64:ad:d0:ea:ad:3c:71:11:cd:ce:53:70:8e:e3:
         22:f2:42:05:d3:ab:e0:ab:3b:24:95:6a:22:b3:15:ce:d0:fd:
         0a:00:6e:fc:4a:0f:a4:f8:52:5e:48:eb:c7:57:2d:c3:3a:5e:
         d0:b8:ee:40:76:91:23:bd:3c:12:43:ae:82:96:86:e9:32:7c:
         d4:62:75:bd:85:d5:84:f7:e7:46:43:23:f5:ae:8d:33:6c:89:
         7b:79:d2:60:07:38:5c:63:aa:99:32:dc:89:46:26:bf:0d:48:
         e7:b7:ae:8c:54:1c:07:75:8a:14:c4:72:52:40:58:56:82:fe:
         0d:28:c6:88:bc:6c:57:3c:53:67:8b:83:0c:89:79:4e:8e:90:
         18:33:a8:80:ae:4b:61:d6:e0:2a:de:1a:3b:f4:64:9f:af:eb:
         3b:a0:69:33:49:65:97:5b:db:b4:4b:2f:8d:c1:db:a5:e7:68:
         dd:bf:d3:df:c9:e0:e9:d5:76:87:4a:3f:b2:0b:a6:25:bc:f8:
         63:df:f0:42:0d:24:96:64:75:d0:12:b3:c5:e3:f0:00:c1:6a:
         70:b8:76:df:9f:cc:8b:4e:4e:02:ac:ad:41:96:94:c1:76:a0:
         76:d0:29:64
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUIvwLC9Vln6R1kEDYac3DxCMYgbQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA5MDMwNDQzMzhaFw0yNjA5MDIwNDQ4MzhaMDMxMTAvBgNV
BAMTKDU3Q0JBRDIxOUMyOEY1NDIyNDRFODAxRTYyMjEwNjEyMkIxNkU4MzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvYDl7OmMzHg3Qzi735ZByly6T
S8cEN18f7vkvTEoeTx3o4dD6nJmM1aHmHCc0wy078pIgE4ENI4R6iLX+nvENBEG3
i1FEOAjwJLANtJR8xpC8Ik3JcLyzmsIOePurD/UBgEo/CM4eGv9J+4660EPOZI+x
8Cuqllva8lP8YxGPfAA+wrUxvMJv8jHwk9hW4h95Xxp7T6ZWVx2zQ2hXXc3mOxyL
zKW45fwiJSGjek7oDxGACBhzt60okoyVkCjMg07OupO5jKiHUEl3vEKvOMOU0lOa
hMsb16DQ+/CQBoL592ZfELXwxwNGWF32mrnnJB62DWCUtWDWirAPpSZ6OMlVAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUV8utIZwo9UIkToAeYiEGEisW6DEwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzNDMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMwMzUzNjMwMzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
BDANBgkqhkiG9w0BAQsFAAOCAQEAWVhrZUqkHX7Pf/315WYoSYdmTnd0E2St0Oqt
PHERzc5TcI7jIvJCBdOr4Ks7JJVqIrMVztD9CgBu/EoPpPhSXkjrx1ctwzpe0Lju
QHaRI708EkOugpaG6TJ81GJ1vYXVhPfnRkMj9a6NM2yJe3nSYAc4XGOqmTLciUYm
vw1I57eujFQcB3WKFMRyUkBYVoL+DSjGiLxsVzxTZ4uDDIl5To6QGDOogK5LYdbg
Kt4aO/Rkn6/rO6BpM0lll1vbtEsvjcHbpedo3b/T38ng6dV2h0o/sgumJbz4Y9/w
Qg0klmR10BKzxePwAMFqcLh235/Mi05OAqytQZaUwXagdtApZA==
-----END CERTIFICATE-----