Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa
File:                     326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa (raw, json)
Hash identifier:          zDXoLHlJzrr6hgqj5P5M/kCRYrCGwzCMH11FUUWWDvU=
Subject key identifier:   C0:EC:12:0F:A1:A8:52:61:F9:B3:F5:7B:14:F1:7D:CB:FE:F7:C7:49
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       7EBF0DF650AFC1726C98C8DB3BC69C64BF74F44A
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa
Signing time:             Mon 04 Nov 2024 07:21:05 +0000
ROA not before:           Mon 04 Nov 2024 07:16:05 +0000
ROA not after:            Mon 03 Nov 2025 07:21:05 +0000
asID:                     197730
IP address blocks:        2a0b:2542:800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:bf:0d:f6:50:af:c1:72:6c:98:c8:db:3b:c6:9c:64:bf:74:f4:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Nov  4 07:16:05 2024 GMT
            Not After : Nov  3 07:21:05 2025 GMT
        Subject: CN=C0EC120FA1A85261F9B3F57B14F17DCBFEF7C749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:00:8d:37:52:a3:5d:d5:6b:fc:ca:56:9c:62:
                    7b:2d:d5:b1:7d:a6:45:f4:44:53:e3:63:67:e6:65:
                    f7:17:62:01:16:4e:61:1a:b8:28:be:0a:0c:c2:25:
                    3f:38:12:52:90:92:f4:ba:a4:77:1f:9e:12:33:70:
                    db:d5:8f:b7:b9:ea:c2:8f:67:fe:2b:ee:3b:51:78:
                    cc:10:a2:bc:f1:2c:82:39:84:d2:83:a4:5e:56:ed:
                    18:5c:79:26:ea:9b:d0:b2:24:a4:e3:c9:74:a5:15:
                    49:f3:bb:76:d0:6a:9b:5f:b2:72:ce:28:75:b7:a1:
                    96:e5:84:86:5c:9f:9f:11:89:5d:4d:f9:ea:1e:01:
                    86:fc:54:b8:0a:30:28:06:6d:85:e1:12:42:01:97:
                    9a:0d:c9:ab:31:22:fc:65:f8:ec:b0:79:99:16:87:
                    19:65:ca:4e:ab:b6:fe:14:f0:13:fa:2e:e9:41:4a:
                    9f:c4:46:d0:85:4a:32:cd:bd:24:60:29:54:c0:2f:
                    ed:d4:5c:43:95:d0:73:e2:bf:11:d3:85:31:9a:05:
                    fe:36:d1:e2:0f:09:10:4b:f9:f3:25:24:e4:19:e6:
                    66:36:b5:22:06:95:32:5d:b7:05:e7:28:5e:2a:87:
                    a2:ee:e8:a6:c2:0c:b5:32:ea:35:b7:5a:98:56:f4:
                    c7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:EC:12:0F:A1:A8:52:61:F9:B3:F5:7B:14:F1:7D:CB:FE:F7:C7:49
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         09:c7:20:7a:0f:8b:13:3e:c1:ed:42:c6:67:65:a3:46:f6:73:
         d7:5d:8d:73:1b:f4:e7:1b:48:4b:b2:d5:27:58:b9:6f:1c:27:
         66:ea:e2:97:5a:ce:38:5e:fb:33:a6:f9:42:41:a4:9f:eb:4f:
         23:88:a3:fd:c9:9a:a9:a5:48:fa:8b:b1:57:b8:18:6a:b3:5c:
         0f:59:86:21:d1:8a:61:fc:50:7b:27:f8:bd:08:33:a6:a7:94:
         23:c5:59:ae:ba:c0:63:f2:b0:27:2b:bc:c3:16:55:ea:3c:56:
         65:ec:cd:2e:ab:15:1a:92:60:78:27:09:9c:29:d9:de:ab:30:
         33:dc:6f:98:0f:d6:96:c3:38:29:28:a7:c0:c4:47:ff:37:b5:
         7b:d9:76:07:c0:50:f9:15:91:1f:3b:6c:e1:19:1a:26:67:a3:
         f6:34:f4:09:dd:ca:ea:33:d7:27:e5:21:f5:d4:79:78:1a:9c:
         7a:db:92:6e:c1:27:7c:27:6d:db:d4:a9:10:7c:39:80:65:33:
         3e:a0:b9:1d:3e:ad:db:e2:c4:ca:d1:d9:60:61:43:6d:92:d0:
         a3:74:13:2e:55:2b:a8:ea:5c:1f:e4:7e:12:91:8f:48:50:52:
         5a:cd:46:a2:3a:20:45:96:9e:e0:b2:ec:d0:b0:09:62:3b:fa:
         80:34:55:cd
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUfr8N9lCvwXJsmMjbO8acZL909EowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNDExMDQwNzE2MDVaFw0yNTExMDMwNzIxMDVaMDMxMTAvBgNV
BAMTKEMwRUMxMjBGQTFBODUyNjFGOUIzRjU3QjE0RjE3RENCRkVGN0M3NDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqAI03UqNd1Wv8ylacYnst1bF9
pkX0RFPjY2fmZfcXYgEWTmEauCi+CgzCJT84ElKQkvS6pHcfnhIzcNvVj7e56sKP
Z/4r7jtReMwQorzxLII5hNKDpF5W7RhceSbqm9CyJKTjyXSlFUnzu3bQaptfsnLO
KHW3oZblhIZcn58RiV1N+eoeAYb8VLgKMCgGbYXhEkIBl5oNyasxIvxl+OyweZkW
hxllyk6rtv4U8BP6LulBSp/ERtCFSjLNvSRgKVTAL+3UXEOV0HPivxHThTGaBf42
0eIPCRBL+fMlJOQZ5mY2tSIGlTJdtwXnKF4qh6Lu6KbCDLUy6jW3WphW9McLAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUwOwSD6GoUmH5s/V7FPF9y/73x0kwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzODMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMTM5MzczNzMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
CDANBgkqhkiG9w0BAQsFAAOCAQEACccgeg+LEz7B7ULGZ2WjRvZz112Ncxv05xtI
S7LVJ1i5bxwnZuril1rOOF77M6b5QkGkn+tPI4ij/cmaqaVI+ouxV7gYarNcD1mG
IdGKYfxQeyf4vQgzpqeUI8VZrrrAY/KwJyu8wxZV6jxWZezNLqsVGpJgeCcJnCnZ
3qswM9xvmA/WlsM4KSinwMRH/ze1e9l2B8BQ+RWRHzts4RkaJmej9jT0Cd3K6jPX
J+Uh9dR5eBqcetuSbsEnfCdt29SpEHw5gGUzPqC5HT6t2+LEytHZYGFDbZLQo3QT
LlUrqOpcH+R+EpGPSFBSWs1GojogRZae4LLs0LAJYjv6gDRVzQ==
-----END CERTIFICATE-----