Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e2033323134.roa
File:                     3138352e33372e3235322e302f32322d3234203d3e2033323134.roa (raw, json)
Hash identifier:          QX4yO7G/n+hKsC7Wp21v0zHius4AHSE69/OGgWHAizI=
Subject key identifier:   A5:32:F1:91:80:E9:F0:53:31:9A:D1:EF:74:17:80:EC:7B:56:79:BD
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       710208F91C16FCDBFD51ED039B4FB750C5BE2075
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e2033323134.roa
Signing time:             Sat 16 Aug 2025 01:48:25 +0000
ROA not before:           Sat 16 Aug 2025 01:43:25 +0000
ROA not after:            Sat 15 Aug 2026 01:48:25 +0000
asID:                     3214
IP address blocks:        185.37.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:02:08:f9:1c:16:fc:db:fd:51:ed:03:9b:4f:b7:50:c5:be:20:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:25 2025 GMT
            Not After : Aug 15 01:48:25 2026 GMT
        Subject: CN=A532F19180E9F053319AD1EF741780EC7B5679BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:3c:fe:8e:55:13:b0:d5:00:9f:e5:57:72:e1:
                    32:a6:e8:ce:52:85:6c:79:cc:0f:8b:08:fb:77:d1:
                    5d:9e:6d:8c:e6:a7:e9:38:44:94:3b:73:09:be:5d:
                    33:41:d4:03:77:bd:15:9f:7e:8d:92:90:f7:43:5c:
                    5f:bf:bf:57:c4:2b:df:21:ce:61:1c:24:99:6d:d2:
                    96:9d:82:09:c3:1f:76:98:b3:48:e7:e3:ac:1c:79:
                    c9:e3:3a:e1:62:32:92:97:cb:75:da:d4:99:37:77:
                    6c:2c:6e:ce:bd:ea:68:d3:1b:6e:94:2d:b9:eb:6b:
                    97:ef:0a:e2:43:88:2d:ce:80:aa:89:b1:03:60:9c:
                    81:be:a8:95:14:35:2f:b3:58:b7:d7:14:7b:94:c3:
                    2b:5e:15:c0:c4:8b:18:17:04:6c:40:db:7d:32:3b:
                    22:8b:65:7b:26:17:ec:dd:59:14:b4:0b:56:2e:3a:
                    4f:0f:04:91:92:77:b2:d6:37:ee:f1:34:0a:cc:5e:
                    64:fa:ed:dd:83:12:3a:57:fc:c2:0c:d9:b8:19:7b:
                    57:bb:84:39:31:6c:12:e6:dc:f6:cd:9f:45:61:51:
                    7b:96:01:3a:b8:d8:b2:27:a0:7c:37:96:52:0e:f3:
                    10:44:e4:82:4d:5a:dd:00:3c:e6:0b:2c:bf:01:9e:
                    b2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:32:F1:91:80:E9:F0:53:31:9A:D1:EF:74:17:80:EC:7B:56:79:BD
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c6:71:22:ae:24:15:ca:c4:64:88:af:3e:15:ea:98:b5:df:5f:
         9c:cb:61:92:49:6b:bd:88:33:f6:d6:00:c8:3a:6f:dd:d6:b2:
         a0:81:42:c3:27:b5:a9:d1:dc:96:69:c5:bb:b5:e5:f5:b3:83:
         02:33:ff:8d:c7:c7:1c:42:73:e6:09:4f:88:45:68:08:c7:79:
         70:bc:fd:d5:47:5c:5d:1b:1b:e8:1a:88:52:41:69:80:b6:00:
         9c:b9:ba:f4:93:9b:15:91:e1:38:c0:f4:1d:2a:ca:89:59:be:
         63:03:29:33:18:58:c1:37:44:5b:49:9d:78:99:f9:f4:21:2e:
         64:38:79:51:6d:c5:81:55:86:7a:d0:4e:40:92:b7:12:a9:0f:
         2d:51:3b:81:08:4e:8a:e0:1f:11:43:ec:32:fc:fb:50:ad:6b:
         82:6f:87:5d:79:29:28:76:b9:fd:6c:1d:2e:55:d5:d5:d5:9c:
         cd:ca:6a:67:0b:11:02:34:a2:a5:84:4f:55:e3:00:9d:e5:07:
         51:52:62:c0:34:89:77:58:ee:77:2f:17:98:b6:06:a3:42:ba:
         73:0d:69:c8:4e:57:8d:93:33:f0:95:89:fc:e3:bd:41:4f:b0:
         14:7f:6c:62:20:e0:bf:b8:fd:2c:5a:3f:9a:55:58:7b:14:9b:
         e5:2a:7c:f2
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUcQII+RwW/Nv9Ue0Dm0+3UMW+IHUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjVaFw0yNjA4MTUwMTQ4MjVaMDMxMTAvBgNV
BAMTKEE1MzJGMTkxODBFOUYwNTMzMTlBRDFFRjc0MTc4MEVDN0I1Njc5QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwPP6OVROw1QCf5Vdy4TKm6M5S
hWx5zA+LCPt30V2ebYzmp+k4RJQ7cwm+XTNB1AN3vRWffo2SkPdDXF+/v1fEK98h
zmEcJJlt0padggnDH3aYs0jn46wcecnjOuFiMpKXy3Xa1Jk3d2wsbs696mjTG26U
Lbnra5fvCuJDiC3OgKqJsQNgnIG+qJUUNS+zWLfXFHuUwyteFcDEixgXBGxA230y
OyKLZXsmF+zdWRS0C1YuOk8PBJGSd7LWN+7xNArMXmT67d2DEjpX/MIM2bgZe1e7
hDkxbBLm3PbNn0VhUXuWATq42LInoHw3llIO8xBE5IJNWt0APOYLLL8BnrJJAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUpTLxkYDp8FMxmtHvdBeA7HtWeb0wHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB2BggrBgEFBQcBCwRqMGgwZgYIKwYBBQUHMAuGWnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMTM4MzUyZTMzMzcyZTMyMzUzMjJlMzAyZjMyMzIy
ZDMyMzQyMDNkM2UyMDMzMzIzMTM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSX8MA0GCSqGSIb3DQEB
CwUAA4IBAQDGcSKuJBXKxGSIrz4V6pi131+cy2GSSWu9iDP21gDIOm/d1rKggULD
J7Wp0dyWacW7teX1s4MCM/+Nx8ccQnPmCU+IRWgIx3lwvP3VR1xdGxvoGohSQWmA
tgCcubr0k5sVkeE4wPQdKsqJWb5jAykzGFjBN0RbSZ14mfn0IS5kOHlRbcWBVYZ6
0E5AkrcSqQ8tUTuBCE6K4B8RQ+wy/PtQrWuCb4ddeSkodrn9bB0uVdXV1ZzNympn
CxECNKKlhE9V4wCd5QdRUmLANIl3WO53LxeYtgajQrpzDWnITleNkzPwlYn8471B
T7AUf2xiIOC/uP0sWj+aVVh7FJvlKnzy
-----END CERTIFICATE-----