Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3430303a3a2f34302d3438203d3e20323035363033.roa
File:                     326130623a323534323a3430303a3a2f34302d3438203d3e20323035363033.roa (raw, json)
Hash identifier:          jv1quXkP9qggRhmtw9WX20Qnli6GOncntx5bSvAxE38=
Subject key identifier:   DA:E2:FE:FE:81:CB:6C:96:C4:0B:8A:D6:C0:29:7F:8D:1A:FA:00:F5
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       29DB17267D07DF57FF364C79BB4A8A778293A1F0
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3430303a3a2f34302d3438203d3e20323035363033.roa
Signing time:             Wed 02 Oct 2024 04:07:20 +0000
ROA not before:           Wed 02 Oct 2024 04:02:20 +0000
ROA not after:            Wed 01 Oct 2025 04:07:20 +0000
asID:                     205603
IP address blocks:        2a0b:2542:400::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:db:17:26:7d:07:df:57:ff:36:4c:79:bb:4a:8a:77:82:93:a1:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct  2 04:02:20 2024 GMT
            Not After : Oct  1 04:07:20 2025 GMT
        Subject: CN=DAE2FEFE81CB6C96C40B8AD6C0297F8D1AFA00F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:83:a0:fe:19:fd:ee:f7:fc:c5:a8:c4:8f:e0:
                    69:c7:42:9a:63:85:45:9b:54:ee:27:30:51:f5:84:
                    30:c0:7a:95:c9:5f:aa:6b:96:54:1c:ef:c0:83:bf:
                    a7:8c:5f:1a:3a:c2:27:58:99:43:58:31:5d:23:b5:
                    3b:2f:3b:f3:56:8e:37:08:da:e9:bf:82:69:27:fd:
                    e3:8d:f3:05:a0:ae:33:cc:17:47:41:47:03:d3:3e:
                    c2:b3:98:ba:2c:75:f9:12:fd:2f:29:72:9d:d4:2d:
                    0d:f6:64:dc:92:00:77:60:d3:ef:60:31:5b:38:06:
                    19:11:8b:26:d5:0d:ba:e7:1f:41:58:7b:4c:af:b7:
                    b6:b7:be:c0:05:a4:90:af:88:c5:ae:cc:ea:c6:db:
                    1b:cb:1f:65:25:64:58:d3:fc:a1:84:31:07:6d:1c:
                    40:e0:fb:16:5a:b1:a9:09:00:5b:7b:3b:33:48:a7:
                    36:80:c1:e2:a7:08:59:d4:c0:d0:e4:02:1a:31:f9:
                    f4:e7:fc:56:bd:f5:d9:3e:db:ae:a8:3d:14:c1:46:
                    2f:74:fb:7f:3d:ca:b2:20:3a:39:44:df:7d:a8:7c:
                    6c:db:3a:7b:62:ab:a2:3d:b1:ff:e4:56:05:f7:da:
                    19:a6:5f:6d:68:eb:94:81:6d:da:a4:dc:3f:8e:60:
                    5a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:E2:FE:FE:81:CB:6C:96:C4:0B:8A:D6:C0:29:7F:8D:1A:FA:00:F5
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3430303a3a2f34302d3438203d3e20323035363033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         3e:81:df:0b:0b:2a:64:19:d0:f9:62:1b:24:40:74:85:be:92:
         55:08:5d:21:91:7d:7b:89:8b:e3:66:67:3d:ef:75:74:e4:7b:
         28:35:d8:4a:6c:4c:c8:00:5f:aa:d5:a2:d9:25:88:4e:3e:ad:
         d3:98:ae:f2:8c:e5:ad:c1:b1:19:2f:9b:b5:12:6a:a8:d9:7c:
         41:85:1e:f0:99:b3:17:32:fe:7b:f2:8e:2b:99:97:2d:f8:f5:
         31:06:5e:a3:eb:f7:4b:18:c0:0f:4a:55:22:73:95:65:f3:98:
         12:4a:3a:ab:b3:81:a8:ec:2f:06:67:a7:36:44:e9:8a:cb:a8:
         73:77:a3:6c:73:b9:a5:15:0e:02:aa:6c:45:cf:9c:d5:3e:c8:
         a0:1a:e6:4c:64:6f:4c:55:1a:d4:2e:13:e1:82:9c:fe:1c:ae:
         d1:bd:76:f4:10:24:7f:5a:b0:06:24:90:8f:ad:1f:53:f6:06:
         e0:e5:da:c5:e3:f6:fc:11:17:97:59:e5:05:09:92:9e:b4:5f:
         cc:4e:00:89:b2:63:b6:db:1d:8f:18:3f:fb:86:8d:26:1d:1a:
         e4:da:19:e9:41:00:08:e6:6a:87:ee:e0:82:61:40:a6:58:df:
         8f:53:86:f4:89:d9:57:b6:96:4a:e4:0a:19:60:e2:d1:04:e3:
         40:e9:37:f8
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUKdsXJn0H31f/Nkx5u0qKd4KTofAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNDEwMDIwNDAyMjBaFw0yNTEwMDEwNDA3MjBaMDMxMTAvBgNV
BAMTKERBRTJGRUZFODFDQjZDOTZDNDBCOEFENkMwMjk3RjhEMUFGQTAwRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZg6D+Gf3u9/zFqMSP4GnHQppj
hUWbVO4nMFH1hDDAepXJX6prllQc78CDv6eMXxo6widYmUNYMV0jtTsvO/NWjjcI
2um/gmkn/eON8wWgrjPMF0dBRwPTPsKzmLosdfkS/S8pcp3ULQ32ZNySAHdg0+9g
MVs4BhkRiybVDbrnH0FYe0yvt7a3vsAFpJCviMWuzOrG2xvLH2UlZFjT/KGEMQdt
HEDg+xZasakJAFt7OzNIpzaAweKnCFnUwNDkAhox+fTn/Fa99dk+266oPRTBRi90
+389yrIgOjlE332ofGzbOntiq6I9sf/kVgX32hmmX21o65SBbdqk3D+OYFrfAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQU2uL+/oHLbJbEC4rWwCl/jRr6APUwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzNDMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMwMzUzNjMwMzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
BDANBgkqhkiG9w0BAQsFAAOCAQEAPoHfCwsqZBnQ+WIbJEB0hb6SVQhdIZF9e4mL
42ZnPe91dOR7KDXYSmxMyABfqtWi2SWITj6t05iu8ozlrcGxGS+btRJqqNl8QYUe
8JmzFzL+e/KOK5mXLfj1MQZeo+v3SxjAD0pVInOVZfOYEko6q7OBqOwvBmenNkTp
isuoc3ejbHO5pRUOAqpsRc+c1T7IoBrmTGRvTFUa1C4T4YKc/hyu0b129BAkf1qw
BiSQj60fU/YG4OXaxeP2/BEXl1nlBQmSnrRfzE4AibJjttsdjxg/+4aNJh0a5NoZ
6UEACOZqh+7ggmFApljfj1OG9InZV7aWSuQKGWDi0QTjQOk3+A==
-----END CERTIFICATE-----