Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e2038383838.roa
File:                     3138352e33372e3235322e302f32322d3234203d3e2038383838.roa (raw, json)
Hash identifier:          XkglN5Mh6nmlJzRWren/Gzie7x9eKfQKoFu7Q+AziC4=
Subject key identifier:   CD:2C:2E:13:84:F9:14:54:EA:5E:B7:AE:23:2B:7D:8B:A8:5C:4E:CC
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       57731903E52612794DDFCE147666FFE083975F6F
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e2038383838.roa
Signing time:             Sat 16 Aug 2025 01:48:23 +0000
ROA not before:           Sat 16 Aug 2025 01:43:23 +0000
ROA not after:            Sat 15 Aug 2026 01:48:23 +0000
asID:                     8888
IP address blocks:        185.37.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:73:19:03:e5:26:12:79:4d:df:ce:14:76:66:ff:e0:83:97:5f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:23 2025 GMT
            Not After : Aug 15 01:48:23 2026 GMT
        Subject: CN=CD2C2E1384F91454EA5EB7AE232B7D8BA85C4ECC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:9e:5e:f7:c9:c9:ab:8a:e4:1e:40:36:04:c4:
                    12:28:ae:b6:85:7e:b8:36:ab:fd:ac:f5:26:b2:3f:
                    e4:85:c6:aa:f5:ec:40:85:64:90:2b:c6:34:34:9e:
                    bf:25:45:c5:35:e0:64:1e:3c:01:83:12:75:32:1c:
                    21:f2:65:c5:85:51:f6:04:b0:37:3c:49:eb:da:2b:
                    15:a7:ad:8c:e3:f6:49:b7:bf:d5:25:7b:26:6a:37:
                    4e:13:6f:a3:80:71:fa:6c:8a:24:06:ae:40:82:d4:
                    ca:df:ac:94:b4:db:18:68:58:cf:a1:7c:34:17:2d:
                    f3:99:5a:5d:41:ba:7c:ca:50:df:8d:11:1a:c4:a4:
                    7b:a5:6a:e9:8d:93:04:e7:65:3f:bc:96:99:92:d3:
                    12:a1:0c:19:49:74:37:7e:5b:42:ac:00:38:12:03:
                    95:11:2c:e3:1d:7f:71:50:ed:61:26:fa:71:51:de:
                    02:3b:8f:1f:cf:bd:a0:66:d8:a6:c0:d9:63:a2:ed:
                    f0:f7:a3:ba:81:6d:ac:64:92:d2:65:cc:13:22:d7:
                    ce:de:e2:6b:f2:bb:42:b5:3a:eb:f9:34:14:82:8a:
                    2f:94:95:15:79:bb:99:30:38:b3:de:ed:b2:9a:6c:
                    71:99:24:75:74:37:0f:b3:76:6f:ad:7b:50:ed:a8:
                    3b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:2C:2E:13:84:F9:14:54:EA:5E:B7:AE:23:2B:7D:8B:A8:5C:4E:CC
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cd:12:41:93:32:88:f2:51:32:06:aa:c0:e9:2b:9a:ae:5e:3d:
         a6:f0:3a:2c:95:9f:a5:57:0d:da:bf:3f:9e:6e:2c:64:90:f9:
         0c:c2:7b:d3:2c:ea:ae:01:24:72:97:c3:83:07:50:92:f7:fd:
         f7:da:58:80:73:e1:b9:9a:37:ab:31:ed:93:84:64:49:54:a5:
         b1:b5:93:82:86:3b:98:3e:14:2d:fb:10:67:b3:ae:4c:3b:1b:
         a9:64:96:76:b0:3e:b4:6b:a5:ed:f9:c8:56:9a:b7:f8:13:36:
         ce:91:86:fc:5b:41:e3:a0:43:bd:22:a1:26:8f:e4:b3:30:9c:
         d2:62:48:4b:d0:53:78:6e:de:86:be:60:36:b2:70:c8:39:c9:
         20:7e:46:3b:ab:16:67:90:df:a0:25:45:00:34:2f:83:c6:c7:
         80:66:a3:25:f8:11:21:3e:7c:78:3c:03:2e:67:26:dd:42:9d:
         5d:05:4b:95:e1:44:35:7e:fd:e4:ec:0b:fa:9f:1b:c6:1c:64:
         08:a2:06:ab:b0:79:b0:07:0b:e7:06:5b:02:df:f0:0f:d6:07:
         26:9b:f6:e2:9f:79:e6:08:bf:3f:d9:36:8d:0f:3f:b5:60:4d:
         17:c1:05:9d:5d:f6:69:fa:12:35:fc:6d:b6:a7:f8:0c:ed:ae:
         0c:db:78:86
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUV3MZA+UmEnlN384Udmb/4IOXX28wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjNaFw0yNjA4MTUwMTQ4MjNaMDMxMTAvBgNV
BAMTKENEMkMyRTEzODRGOTE0NTRFQTVFQjdBRTIzMkI3RDhCQTg1QzRFQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgnl73ycmriuQeQDYExBIorraF
frg2q/2s9SayP+SFxqr17ECFZJArxjQ0nr8lRcU14GQePAGDEnUyHCHyZcWFUfYE
sDc8SevaKxWnrYzj9km3v9UleyZqN04Tb6OAcfpsiiQGrkCC1MrfrJS02xhoWM+h
fDQXLfOZWl1BunzKUN+NERrEpHulaumNkwTnZT+8lpmS0xKhDBlJdDd+W0KsADgS
A5URLOMdf3FQ7WEm+nFR3gI7jx/PvaBm2KbA2WOi7fD3o7qBbaxkktJlzBMi187e
4mvyu0K1Ouv5NBSCii+UlRV5u5kwOLPe7bKabHGZJHV0Nw+zdm+te1DtqDulAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUzSwuE4T5FFTqXreuIyt9i6hcTswwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB2BggrBgEFBQcBCwRqMGgwZgYIKwYBBQUHMAuGWnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMTM4MzUyZTMzMzcyZTMyMzUzMjJlMzAyZjMyMzIy
ZDMyMzQyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSX8MA0GCSqGSIb3DQEB
CwUAA4IBAQDNEkGTMojyUTIGqsDpK5quXj2m8DoslZ+lVw3avz+ebixkkPkMwnvT
LOquASRyl8ODB1CS9/332liAc+G5mjerMe2ThGRJVKWxtZOChjuYPhQt+xBns65M
OxupZJZ2sD60a6Xt+chWmrf4EzbOkYb8W0HjoEO9IqEmj+SzMJzSYkhL0FN4bt6G
vmA2snDIOckgfkY7qxZnkN+gJUUANC+DxseAZqMl+BEhPnx4PAMuZybdQp1dBUuV
4UQ1fv3k7Av6nxvGHGQIogarsHmwBwvnBlsC3/AP1gcmm/bin3nmCL8/2TaNDz+1
YE0XwQWdXfZp+hI1/G22p/gM7a4M23iG
-----END CERTIFICATE-----