Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3530303a3a2f34302d3438203d3e20313937373330.roa
File:                     326130623a323534323a3530303a3a2f34302d3438203d3e20313937373330.roa (raw, json)
Hash identifier:          GpRavTvGYs7uKFvkWN3pBB5tsJ8nHQ9NvPvPNgMyH1Q=
Subject key identifier:   E3:2E:1C:03:DF:1D:F9:DD:7C:5C:B8:17:20:28:E7:20:4E:80:6D:7E
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       F88C340E932A769075A513CC17D839F9C1CDAC
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3530303a3a2f34302d3438203d3e20313937373330.roa
Signing time:             Tue 03 Jun 2025 15:12:45 +0000
ROA not before:           Tue 03 Jun 2025 15:07:45 +0000
ROA not after:            Tue 02 Jun 2026 15:12:45 +0000
asID:                     197730
IP address blocks:        2a0b:2542:500::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 12:23:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            f8:8c:34:0e:93:2a:76:90:75:a5:13:cc:17:d8:39:f9:c1:cd:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Jun  3 15:07:45 2025 GMT
            Not After : Jun  2 15:12:45 2026 GMT
        Subject: CN=E32E1C03DF1DF9DD7C5CB8172028E7204E806D7E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:23:8a:fe:3f:ec:81:2e:7d:8a:8a:7d:45:29:
                    cf:17:bd:5c:59:d7:0f:f4:48:a7:9d:52:95:09:fd:
                    fe:18:e7:52:82:6d:c8:57:d9:05:ba:a0:4d:98:15:
                    be:e3:b6:bd:49:2d:55:39:b9:59:60:96:bb:85:4b:
                    be:14:7e:70:6d:9d:39:9d:c2:df:bb:ec:98:5b:10:
                    fd:b6:c0:7e:14:d7:e2:5b:9e:01:59:f9:6c:0f:38:
                    a1:87:c4:e7:db:62:73:ec:ca:39:15:1c:bc:5e:8e:
                    86:57:d9:66:fe:f5:66:b5:bd:d0:0e:9c:77:f2:51:
                    e2:9a:21:36:e7:03:0f:4c:c9:80:1c:18:03:e7:ce:
                    55:99:fb:5a:57:a7:a1:35:a8:25:81:29:99:e2:ed:
                    e4:00:4d:e4:45:2b:eb:dd:eb:1f:7f:47:f2:40:71:
                    41:95:2c:1d:3d:3c:35:68:ff:2f:51:fb:08:19:01:
                    d8:fe:28:41:d3:d9:c6:3a:4f:ee:b5:3b:15:a8:9b:
                    97:a7:95:2c:a0:b5:86:a8:c6:63:31:fb:5d:49:c5:
                    bc:6b:d9:1f:92:7b:a8:eb:e9:c9:4e:6d:81:5e:66:
                    e9:74:93:8c:d4:93:9a:2d:6a:d3:fc:7d:7a:a3:e3:
                    3f:14:cf:a4:5c:87:01:ef:b5:b3:70:47:ea:ec:84:
                    04:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:2E:1C:03:DF:1D:F9:DD:7C:5C:B8:17:20:28:E7:20:4E:80:6D:7E
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3530303a3a2f34302d3438203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         13:12:bc:75:71:f3:bb:ff:bb:e6:24:fa:c6:00:8e:c0:5a:25:
         db:41:e8:f2:2e:b6:e8:df:e8:b3:6d:06:2a:30:fe:7b:b4:59:
         6b:d0:ef:28:92:0c:eb:2d:e6:1c:5a:5b:17:76:05:37:1b:22:
         99:8e:2d:c4:d7:8a:5e:ea:f7:a8:45:1e:f7:a7:fc:80:7e:07:
         c3:f6:f0:38:e5:b4:08:f3:46:a9:1e:bf:f4:3f:16:45:16:73:
         36:48:37:e9:3a:83:86:26:9f:07:0f:e9:ed:39:64:6a:be:36:
         9e:18:00:17:85:97:e2:af:d7:cf:95:ee:fc:e2:e3:1c:06:ed:
         bc:46:5c:3d:a6:92:0b:b3:88:1f:fe:21:87:bf:50:9d:30:20:
         5a:c7:ff:86:e2:a2:6b:e7:ee:ee:b5:21:c5:27:f7:5a:56:05:
         ef:1e:a7:3e:db:6f:d3:54:ab:22:48:15:4e:01:de:ab:64:33:
         26:a6:5f:63:42:72:4a:71:cf:cd:19:ba:89:9f:f9:f6:21:4b:
         06:5f:f0:cb:2f:aa:47:01:dd:2b:60:68:ac:63:df:f0:74:72:
         63:f8:8d:f0:10:66:29:29:cf:7f:b0:38:c0:7a:e0:9c:64:f4:
         b9:5e:ad:06:52:94:b9:84:01:dc:d2:65:6d:74:c6:87:31:73:
         f3:b3:a1:29
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUAPiMNA6TKnaQdaUTzBfYOfnBzawwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA2MDMxNTA3NDVaFw0yNjA2MDIxNTEyNDVaMDMxMTAvBgNV
BAMTKEUzMkUxQzAzREYxREY5REQ3QzVDQjgxNzIwMjhFNzIwNEU4MDZEN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3I4r+P+yBLn2Kin1FKc8XvVxZ
1w/0SKedUpUJ/f4Y51KCbchX2QW6oE2YFb7jtr1JLVU5uVlglruFS74UfnBtnTmd
wt+77JhbEP22wH4U1+JbngFZ+WwPOKGHxOfbYnPsyjkVHLxejoZX2Wb+9Wa1vdAO
nHfyUeKaITbnAw9MyYAcGAPnzlWZ+1pXp6E1qCWBKZni7eQATeRFK+vd6x9/R/JA
cUGVLB09PDVo/y9R+wgZAdj+KEHT2cY6T+61OxWom5enlSygtYaoxmMx+11Jxbxr
2R+Se6jr6clObYFeZul0k4zUk5otatP8fXqj4z8Uz6RchwHvtbNwR+rshATxAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQU4y4cA98d+d18XLgXICjnIE6AbX4wHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzNTMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMTM5MzczNzMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
BTANBgkqhkiG9w0BAQsFAAOCAQEAExK8dXHzu/+75iT6xgCOwFol20Ho8i626N/o
s20GKjD+e7RZa9DvKJIM6y3mHFpbF3YFNxsimY4txNeKXur3qEUe96f8gH4Hw/bw
OOW0CPNGqR6/9D8WRRZzNkg36TqDhiafBw/p7Tlkar42nhgAF4WX4q/Xz5Xu/OLj
HAbtvEZcPaaSC7OIH/4hh79QnTAgWsf/huKia+fu7rUhxSf3WlYF7x6nPttv01Sr
IkgVTgHeq2QzJqZfY0JySnHPzRm6iZ/59iFLBl/wyy+qRwHdK2BorGPf8HRyY/iN
8BBmKSnPf7A4wHrgnGT0uV6tBlKUuYQB3NJlbXTGhzFz87OhKQ==
-----END CERTIFICATE-----