Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3630303a3a2f34302d3438203d3e20313937373330.roa
File:                     326130623a323534323a3630303a3a2f34302d3438203d3e20313937373330.roa (raw, json)
Hash identifier:          PXxIPbPYgYAkV8Fr04NodCt8BXsoPGpIleRa49s51NY=
Subject key identifier:   83:F2:D3:BE:59:C7:FF:6C:D5:E6:18:60:4A:13:AA:A6:30:BD:9A:E1
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       746579525405D1DCE8730D698523642A7B3C6D89
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3630303a3a2f34302d3438203d3e20313937373330.roa
Signing time:             Thu 29 Aug 2024 09:50:10 +0000
ROA not before:           Thu 29 Aug 2024 09:45:10 +0000
ROA not after:            Thu 28 Aug 2025 09:50:10 +0000
asID:                     197730
IP address blocks:        2a0b:2542:600::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:65:79:52:54:05:d1:dc:e8:73:0d:69:85:23:64:2a:7b:3c:6d:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 29 09:45:10 2024 GMT
            Not After : Aug 28 09:50:10 2025 GMT
        Subject: CN=83F2D3BE59C7FF6CD5E618604A13AAA630BD9AE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1b:e5:b3:ee:65:58:06:88:c8:9d:02:91:a4:
                    98:71:9c:77:04:5b:d5:d0:82:c2:4a:35:b9:73:c2:
                    8f:49:0b:a5:e8:ca:62:56:11:da:45:e8:a5:44:8d:
                    2a:29:dc:82:a9:63:76:0c:59:b0:d3:73:e4:4f:a1:
                    22:96:0b:28:ec:fb:c8:66:5a:6c:e5:14:eb:25:4e:
                    fb:2d:d1:da:6d:66:79:2d:32:62:e3:10:79:fd:a4:
                    f6:57:6c:56:7f:6a:ec:1d:0e:2e:7f:cb:36:1d:e1:
                    56:b8:a3:39:83:df:76:c9:5b:48:fb:3b:49:c9:e3:
                    01:19:36:37:ba:76:d5:1b:6e:0a:f1:b6:8a:d2:de:
                    cb:00:8e:07:20:7b:ca:96:1e:b9:e4:f3:07:33:02:
                    f1:a4:6b:a4:3d:dc:7c:ce:c4:4d:c4:e9:a7:f0:10:
                    8e:90:ed:37:26:ca:60:22:f5:10:c8:42:fb:a5:d8:
                    2d:66:27:f5:c2:cc:b3:d4:8c:9e:8d:f0:38:10:af:
                    da:82:1b:72:c9:46:c0:73:bf:12:54:73:51:c0:c6:
                    79:b8:f8:8b:11:db:39:33:a9:26:5a:b0:cc:46:79:
                    51:49:3b:64:5f:70:4a:9d:51:0f:7d:8d:9c:a6:7f:
                    ad:4a:b2:96:74:f1:5c:6f:5d:08:62:e2:0e:15:2d:
                    c1:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F2:D3:BE:59:C7:FF:6C:D5:E6:18:60:4A:13:AA:A6:30:BD:9A:E1
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3630303a3a2f34302d3438203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         c4:32:11:be:ff:e2:ad:f3:cc:9e:65:8a:e3:cf:c1:a8:0e:04:
         7d:83:96:b8:86:dc:80:33:67:95:30:ee:ad:4c:dc:3e:4e:ad:
         b5:53:2b:6c:94:63:fc:84:63:56:7a:1b:39:8f:22:12:56:86:
         62:0e:5f:89:c1:85:a2:0a:32:c9:3f:d0:5f:4f:74:0a:b4:0e:
         5a:60:da:04:a0:eb:27:c5:98:a9:ee:a1:92:70:d3:de:90:bd:
         28:bf:19:9e:a3:84:3d:59:df:44:35:c8:25:12:49:7f:c3:c9:
         62:60:cf:4e:1e:38:8a:fb:d3:a4:5b:72:b6:df:3d:80:bc:61:
         61:08:99:d0:b3:7f:37:65:c1:6b:5f:53:49:28:80:3f:70:4d:
         73:d7:01:ed:b0:bc:d7:5f:84:be:a2:cd:ec:a9:6a:f3:ea:d9:
         ce:35:7b:54:f5:b6:14:8b:3b:77:e5:a0:5f:54:b3:1b:f8:3f:
         db:8b:5a:eb:a7:8a:60:09:f2:7d:7d:af:c6:07:e8:aa:52:2e:
         73:cf:a4:92:42:ce:1d:83:b1:f0:94:b4:76:c4:15:b9:0f:59:
         0d:aa:9b:46:62:3d:21:4f:65:ec:c4:a5:1f:b4:8e:c8:b3:7a:
         cf:c7:19:90:79:17:2c:18:e0:03:7d:05:93:52:e3:d4:38:27:
         02:ff:fc:c2
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUdGV5UlQF0dzocw1phSNkKns8bYkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNDA4MjkwOTQ1MTBaFw0yNTA4MjgwOTUwMTBaMDMxMTAvBgNV
BAMTKDgzRjJEM0JFNTlDN0ZGNkNENUU2MTg2MDRBMTNBQUE2MzBCRDlBRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBG+Wz7mVYBojInQKRpJhxnHcE
W9XQgsJKNblzwo9JC6XoymJWEdpF6KVEjSop3IKpY3YMWbDTc+RPoSKWCyjs+8hm
WmzlFOslTvst0dptZnktMmLjEHn9pPZXbFZ/auwdDi5/yzYd4Va4ozmD33bJW0j7
O0nJ4wEZNje6dtUbbgrxtorS3ssAjgcge8qWHrnk8wczAvGka6Q93HzOxE3E6afw
EI6Q7TcmymAi9RDIQvul2C1mJ/XCzLPUjJ6N8DgQr9qCG3LJRsBzvxJUc1HAxnm4
+IsR2zkzqSZasMxGeVFJO2RfcEqdUQ99jZymf61KspZ08VxvXQhi4g4VLcF7AgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUg/LTvlnH/2zV5hhgShOqpjC9muEwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzNjMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMTM5MzczNzMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
BjANBgkqhkiG9w0BAQsFAAOCAQEAxDIRvv/irfPMnmWK48/BqA4EfYOWuIbcgDNn
lTDurUzcPk6ttVMrbJRj/IRjVnobOY8iElaGYg5ficGFogoyyT/QX090CrQOWmDa
BKDrJ8WYqe6hknDT3pC9KL8ZnqOEPVnfRDXIJRJJf8PJYmDPTh44ivvTpFtytt89
gLxhYQiZ0LN/N2XBa19TSSiAP3BNc9cB7bC811+EvqLN7Klq8+rZzjV7VPW2FIs7
d+WgX1SzG/g/24ta66eKYAnyfX2vxgfoqlIuc8+kkkLOHYOx8JS0dsQVuQ9ZDaqb
RmI9IU9l7MSlH7SOyLN6z8cZkHkXLBjgA30Fk1Lj1DgnAv/8wg==
-----END CERTIFICATE-----