Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e20393439.roa
File:                     3138352e33372e3235322e302f32322d3234203d3e20393439.roa (raw, json)
Hash identifier:          XynEk1ENcpt1hdf6m4sAL1J3bFc9aBMJEvDognvtVR4=
Subject key identifier:   CF:84:9D:18:BE:6B:9D:E5:1D:80:54:E8:79:75:00:A0:7B:8C:36:C4
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       077B61F4516AF24AA972318986F0EB754CFFAFDF
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e20393439.roa
Signing time:             Sat 16 Aug 2025 01:48:24 +0000
ROA not before:           Sat 16 Aug 2025 01:43:24 +0000
ROA not after:            Sat 15 Aug 2026 01:48:24 +0000
asID:                     949
IP address blocks:        185.37.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:7b:61:f4:51:6a:f2:4a:a9:72:31:89:86:f0:eb:75:4c:ff:af:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:24 2025 GMT
            Not After : Aug 15 01:48:24 2026 GMT
        Subject: CN=CF849D18BE6B9DE51D8054E8797500A07B8C36C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:76:e7:a0:43:29:dd:1c:ec:92:69:60:0d:29:
                    69:94:be:d1:9c:b9:d7:55:3f:6c:4b:5e:2f:f3:ac:
                    d5:9e:4e:c2:ca:6b:1f:1b:d8:55:f2:59:a7:b8:e8:
                    fb:f5:77:e7:8d:64:92:7d:de:e6:30:87:4b:03:1e:
                    27:94:87:84:07:5c:c9:1e:6d:40:fb:86:d5:a4:0c:
                    66:31:eb:d9:4f:15:62:7d:71:30:50:fb:02:be:5b:
                    74:93:19:bf:23:d6:4d:b6:93:38:60:a3:aa:eb:24:
                    9e:0a:f2:71:c4:97:fb:44:6f:9b:9f:c4:ee:0f:a8:
                    30:22:62:d3:b0:77:24:2c:a4:35:06:e3:33:96:97:
                    be:81:39:b4:e8:d7:e6:eb:94:a2:d1:03:56:f2:79:
                    a3:55:4f:a2:d3:ab:9a:6a:55:f3:5e:96:a8:10:38:
                    f7:95:bf:fe:57:26:d6:05:82:fb:a9:97:1b:ef:fa:
                    90:36:1d:a7:6b:c0:b5:cc:35:47:50:74:2a:ab:dc:
                    5f:39:74:e5:a5:3d:be:fd:e1:f7:29:e1:93:83:ff:
                    20:e8:c5:f4:2f:14:b4:4c:25:6d:ff:c7:00:06:ad:
                    ab:f5:8d:f7:eb:3f:50:17:35:2b:48:51:ec:a5:47:
                    bd:af:63:7f:ec:d3:54:fa:92:51:74:a3:28:60:c3:
                    1d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:84:9D:18:BE:6B:9D:E5:1D:80:54:E8:79:75:00:A0:7B:8C:36:C4
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235322e302f32322d3234203d3e20393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:06:ad:91:6b:7d:0c:b4:55:6d:35:44:f5:5f:44:87:e1:4f:
         77:22:c8:ea:84:54:0b:23:44:ef:c8:fc:dd:04:f8:23:f8:6b:
         9c:31:ee:d8:d7:c5:ff:f1:5c:b8:20:3a:64:f9:94:8c:47:34:
         02:04:e0:9b:20:32:77:da:71:24:ba:c4:a6:29:95:a6:bc:19:
         21:6f:c1:b3:3f:11:fc:6e:1c:2e:ec:19:08:a1:14:8e:25:0a:
         2e:76:49:0e:41:86:76:0e:68:51:2c:9b:1c:44:21:35:21:08:
         ec:32:f6:34:65:be:d5:27:cd:1a:2e:89:0b:05:11:27:a6:85:
         b3:18:39:09:a7:10:57:07:58:ac:d1:47:7b:a9:48:43:5a:14:
         ad:95:3f:c7:3d:6c:6e:1a:52:a0:4f:f2:5e:29:df:00:5f:b0:
         03:bb:85:79:cf:e5:d6:18:62:08:7d:ae:70:2a:33:0c:c6:fc:
         6c:06:79:f7:4a:16:5c:d2:30:92:19:ae:72:8c:4c:03:ff:cb:
         8a:11:43:db:58:4f:6b:36:5b:89:38:65:ca:ab:06:07:d0:e2:
         01:53:e9:ce:a5:bc:b9:a1:f6:db:be:82:d2:a3:0c:14:42:38:
         ed:31:70:ed:a6:64:cd:3f:f8:ee:b6:62:3c:eb:0b:be:55:0b:
         e1:ae:bf:c6
-----BEGIN CERTIFICATE-----
MIIEwjCCA6qgAwIBAgIUB3th9FFq8kqpcjGJhvDrdUz/r98wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjRaFw0yNjA4MTUwMTQ4MjRaMDMxMTAvBgNV
BAMTKENGODQ5RDE4QkU2QjlERTUxRDgwNTRFODc5NzUwMEEwN0I4QzM2QzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmduegQyndHOySaWANKWmUvtGc
uddVP2xLXi/zrNWeTsLKax8b2FXyWae46Pv1d+eNZJJ93uYwh0sDHieUh4QHXMke
bUD7htWkDGYx69lPFWJ9cTBQ+wK+W3STGb8j1k22kzhgo6rrJJ4K8nHEl/tEb5uf
xO4PqDAiYtOwdyQspDUG4zOWl76BObTo1+brlKLRA1byeaNVT6LTq5pqVfNelqgQ
OPeVv/5XJtYFgvuplxvv+pA2HadrwLXMNUdQdCqr3F85dOWlPb794fcp4ZOD/yDo
xfQvFLRMJW3/xwAGrav1jffrP1AXNStIUeylR72vY3/s01T6klF0oyhgwx0dAgMB
AAGjggHMMIIByDAdBgNVHQ4EFgQUz4SdGL5rneUdgFToeXUAoHuMNsQwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMTM4MzUyZTMzMzcyZTMyMzUzMjJlMzAyZjMyMzIy
ZDMyMzQyMDNkM2UyMDM5MzQzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArkl/DANBgkqhkiG9w0BAQsF
AAOCAQEABgatkWt9DLRVbTVE9V9Eh+FPdyLI6oRUCyNE78j83QT4I/hrnDHu2NfF
//FcuCA6ZPmUjEc0AgTgmyAyd9pxJLrEpimVprwZIW/Bsz8R/G4cLuwZCKEUjiUK
LnZJDkGGdg5oUSybHEQhNSEI7DL2NGW+1SfNGi6JCwURJ6aFsxg5CacQVwdYrNFH
e6lIQ1oUrZU/xz1sbhpSoE/yXinfAF+wA7uFec/l1hhiCH2ucCozDMb8bAZ590oW
XNIwkhmucoxMA//LihFD21hPazZbiThlyqsGB9DiAVPpzqW8uaH2276C0qMMFEI4
7TFw7aZkzT/47rZiPOsLvlUL4a6/xg==
-----END CERTIFICATE-----