Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa
File:                     326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa (raw, json)
Hash identifier:          2L3Jf/FOZ/w+JX84GSASdtqfWnviCCBALnTenYC8mME=
Subject key identifier:   3C:CD:94:0B:0F:BE:5D:70:13:1C:2B:83:0D:79:3C:01:82:B3:97:5A
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       4866DB28F78F3B5835A4B2516D62F677A4914254
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa
Signing time:             Sat 21 Sep 2024 00:56:06 +0000
ROA not before:           Sat 21 Sep 2024 00:51:06 +0000
ROA not after:            Sat 20 Sep 2025 00:56:06 +0000
asID:                     197730
IP address blocks:        2a0b:2542:700::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:66:db:28:f7:8f:3b:58:35:a4:b2:51:6d:62:f6:77:a4:91:42:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Sep 21 00:51:06 2024 GMT
            Not After : Sep 20 00:56:06 2025 GMT
        Subject: CN=3CCD940B0FBE5D70131C2B830D793C0182B3975A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:cb:14:ea:aa:98:07:df:d0:c6:67:76:e9:88:
                    63:ac:35:b6:da:07:d3:b0:38:88:bd:30:db:0d:cb:
                    0e:01:98:6a:df:47:17:6a:12:51:36:07:fb:12:18:
                    10:ce:19:68:af:a5:c7:22:7e:38:c2:90:c5:1c:46:
                    f4:41:37:ac:40:9d:08:b4:4a:fd:fb:b3:5b:ca:50:
                    d1:22:a5:ef:f8:5b:2c:38:a7:ef:be:52:d7:69:6a:
                    7b:ce:8e:0e:68:09:d9:2f:2d:c7:74:6d:bf:81:d6:
                    bb:88:b6:27:9e:37:1c:2f:f3:54:77:07:64:bc:3e:
                    ec:34:b7:68:4c:f5:a5:1c:41:57:64:9f:f2:f2:bb:
                    e7:e4:87:8c:f4:49:c9:86:de:d5:51:20:53:31:37:
                    49:9a:e9:3e:33:3b:d6:8c:49:c4:2f:5d:52:67:3c:
                    3c:00:14:1a:00:4d:8b:6f:41:db:02:9c:c9:e6:3f:
                    83:41:69:30:a9:e5:99:23:91:dc:93:db:82:f7:43:
                    30:9a:95:93:6b:19:ca:c7:c7:9a:ad:8c:d7:c1:b3:
                    59:56:a2:61:c6:82:ed:05:af:48:e7:76:a3:e1:48:
                    49:ad:7e:46:e8:ee:c7:40:4e:b9:f3:0b:45:e8:c1:
                    76:ce:91:3a:cb:76:21:b2:ad:40:54:40:0c:19:6c:
                    a2:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:CD:94:0B:0F:BE:5D:70:13:1C:2B:83:0D:79:3C:01:82:B3:97:5A
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         45:99:a7:09:36:45:a7:ce:a3:6a:9c:76:fd:39:73:6a:ad:d2:
         f9:04:97:30:2a:02:86:71:94:39:d3:29:49:05:92:6b:d2:9a:
         3e:0a:51:b8:52:3c:de:8a:85:31:e4:23:14:37:87:1a:11:b4:
         63:72:0c:10:39:62:ca:0b:5e:a8:cb:8b:d0:bf:99:18:b5:ac:
         96:be:04:4b:17:05:aa:36:67:cc:66:81:07:d2:7c:77:46:ac:
         cd:79:8b:87:a3:a6:1e:a7:04:9e:ec:93:b8:fb:6d:21:8b:f0:
         d1:10:57:d0:22:c3:00:ba:61:a3:e3:43:04:0a:b7:fc:bf:52:
         12:0d:6d:7c:31:fe:26:2f:11:15:f6:f1:0d:db:a9:76:a2:08:
         b5:92:d5:c8:e0:cc:26:a3:df:1c:42:c5:68:60:4a:cb:75:15:
         fd:30:32:2b:e7:b7:21:c3:af:87:83:70:6c:70:4b:af:9c:bd:
         f7:41:54:3e:92:10:08:a6:21:42:bd:ad:5c:b6:d7:68:ca:42:
         5c:97:f3:c6:b0:28:68:49:38:82:bc:de:4d:56:5a:49:92:e3:
         54:cc:d1:6b:24:cb:4b:56:71:2b:a4:a2:87:f9:ff:a1:5d:c0:
         33:e2:fe:74:60:ba:47:8d:50:72:9d:b6:b6:cd:42:6f:e6:4d:
         52:f8:a2:74
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUSGbbKPePO1g1pLJRbWL2d6SRQlQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNDA5MjEwMDUxMDZaFw0yNTA5MjAwMDU2MDZaMDMxMTAvBgNV
BAMTKDNDQ0Q5NDBCMEZCRTVENzAxMzFDMkI4MzBENzkzQzAxODJCMzk3NUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCyxTqqpgH39DGZ3bpiGOsNbba
B9OwOIi9MNsNyw4BmGrfRxdqElE2B/sSGBDOGWivpccifjjCkMUcRvRBN6xAnQi0
Sv37s1vKUNEipe/4Wyw4p+++UtdpanvOjg5oCdkvLcd0bb+B1ruItieeNxwv81R3
B2S8Puw0t2hM9aUcQVdkn/Lyu+fkh4z0ScmG3tVRIFMxN0ma6T4zO9aMScQvXVJn
PDwAFBoATYtvQdsCnMnmP4NBaTCp5ZkjkdyT24L3QzCalZNrGcrHx5qtjNfBs1lW
omHGgu0Fr0jndqPhSEmtfkbo7sdATrnzC0XowXbOkTrLdiGyrUBUQAwZbKJzAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUPM2UCw++XXATHCuDDXk8AYKzl1owHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzNzMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMTM5MzczNzMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
BzANBgkqhkiG9w0BAQsFAAOCAQEARZmnCTZFp86japx2/Tlzaq3S+QSXMCoChnGU
OdMpSQWSa9KaPgpRuFI83oqFMeQjFDeHGhG0Y3IMEDliygteqMuL0L+ZGLWslr4E
SxcFqjZnzGaBB9J8d0aszXmLh6OmHqcEnuyTuPttIYvw0RBX0CLDALpho+NDBAq3
/L9SEg1tfDH+Ji8RFfbxDdupdqIItZLVyODMJqPfHELFaGBKy3UV/TAyK+e3IcOv
h4NwbHBLr5y990FUPpIQCKYhQr2tXLbXaMpCXJfzxrAoaEk4grzeTVZaSZLjVMzR
ayTLS1ZxK6Sih/n/oV3AM+L+dGC6R41Qcp22ts1Cb+ZNUviidA==
-----END CERTIFICATE-----