Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3234203d3e2038383838.roa
File:                     3138352e33372e3235352e302f32342d3234203d3e2038383838.roa (raw, json)
Hash identifier:          iwj2dkWNST/aC4LGrhxuxUl05Rhii7JUdOGNhJPrgSc=
Subject key identifier:   D5:3F:AE:59:13:9D:F3:9F:40:85:5C:9D:D1:59:C3:66:63:3D:FE:96
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       3937D7FCB7BCA67F48A965CDF77B69BA6D220C04
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3234203d3e2038383838.roa
Signing time:             Sat 16 Aug 2025 01:48:24 +0000
ROA not before:           Sat 16 Aug 2025 01:43:24 +0000
ROA not after:            Sat 15 Aug 2026 01:48:24 +0000
asID:                     8888
IP address blocks:        185.37.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:37:d7:fc:b7:bc:a6:7f:48:a9:65:cd:f7:7b:69:ba:6d:22:0c:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:24 2025 GMT
            Not After : Aug 15 01:48:24 2026 GMT
        Subject: CN=D53FAE59139DF39F40855C9DD159C366633DFE96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c6:64:5a:44:bd:2d:a4:59:85:42:99:19:37:
                    8e:71:52:19:92:ec:7e:93:79:0b:76:91:86:db:73:
                    e4:a1:ec:eb:55:b1:c4:24:90:a3:fc:bf:e8:ee:d2:
                    ba:96:c1:65:cf:fa:6e:b4:1a:b7:05:10:35:83:88:
                    e9:89:4f:c8:68:1e:9d:90:a8:0c:7e:62:b8:f9:98:
                    ca:ef:22:8b:d4:f4:fd:bb:07:88:1e:6f:a3:97:97:
                    9a:e3:b9:49:61:3f:57:14:ca:52:ed:31:35:84:82:
                    2b:94:37:da:25:bf:1f:50:d0:33:d1:b5:be:19:14:
                    47:40:2d:ed:6d:48:88:5d:f1:ff:d1:0f:fa:92:eb:
                    a1:cb:9d:2d:2c:54:77:ee:12:fb:d9:e2:e3:29:6a:
                    86:1d:64:3f:24:00:98:44:99:6c:01:6f:de:b7:4e:
                    8c:0e:4e:5b:79:c4:7a:fb:c6:06:28:af:28:d6:b3:
                    73:ef:c0:d9:7a:82:54:b6:14:0f:0b:d9:f3:0c:27:
                    e9:77:25:fa:ec:7a:c4:41:fd:bd:38:d8:01:9d:f4:
                    6d:30:1f:93:36:fd:3e:fa:4b:de:45:c8:fa:5a:a2:
                    da:3c:66:7c:7c:c3:4d:9a:c8:c2:41:4e:82:42:63:
                    90:ac:e1:01:1a:1e:42:2a:00:0c:45:12:f7:e0:0d:
                    14:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:3F:AE:59:13:9D:F3:9F:40:85:5C:9D:D1:59:C3:66:63:3D:FE:96
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/3138352e33372e3235352e302f32342d3234203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:91:99:1b:89:b0:95:e7:8f:62:9e:35:a9:30:2c:dd:ba:bf:
         2f:db:1c:fa:4d:b3:3b:f8:ee:6a:6e:47:f5:72:24:d7:9d:a1:
         32:7f:ee:ea:14:4b:4e:ec:ae:d0:e4:c4:7d:36:9a:5b:a7:ab:
         9f:96:eb:13:6b:d5:f0:cd:3b:12:df:79:af:c8:7d:29:a5:cc:
         a8:c8:73:b4:80:e1:74:30:4c:01:fb:27:3f:82:67:bc:b0:2d:
         85:72:0e:c7:04:b0:e4:7b:2f:d5:bb:98:49:f8:48:4f:ff:17:
         84:d3:01:c6:fd:42:e1:df:ce:bd:97:4b:a8:d7:74:7b:4b:ad:
         9a:4d:a3:52:46:8c:be:fe:08:26:37:1e:d4:e9:fb:49:6f:c6:
         23:76:0a:58:2f:5d:c2:b8:c9:8c:90:7a:67:57:8c:9f:58:f7:
         ca:e9:f4:a8:c9:45:62:c0:1a:28:8c:4d:5c:a8:50:2a:d3:0a:
         56:0e:0d:51:80:9d:05:84:96:75:03:02:bb:7a:cb:d0:ca:5a:
         f3:be:d0:5f:df:57:62:07:a1:e0:8f:53:4a:b1:56:0a:6a:47:
         08:d7:a1:d8:f4:14:73:56:96:32:e6:46:d9:75:6b:27:cf:a2:
         2c:6c:4b:e5:d9:f9:91:9c:67:b5:d1:df:58:d7:01:3f:c9:bc:
         17:5e:c1:71
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUOTfX/Le8pn9IqWXN93tpum0iDAQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjRaFw0yNjA4MTUwMTQ4MjRaMDMxMTAvBgNV
BAMTKEQ1M0ZBRTU5MTM5REYzOUY0MDg1NUM5REQxNTlDMzY2NjMzREZFOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbxmRaRL0tpFmFQpkZN45xUhmS
7H6TeQt2kYbbc+Sh7OtVscQkkKP8v+ju0rqWwWXP+m60GrcFEDWDiOmJT8hoHp2Q
qAx+Yrj5mMrvIovU9P27B4geb6OXl5rjuUlhP1cUylLtMTWEgiuUN9olvx9Q0DPR
tb4ZFEdALe1tSIhd8f/RD/qS66HLnS0sVHfuEvvZ4uMpaoYdZD8kAJhEmWwBb963
TowOTlt5xHr7xgYoryjWs3PvwNl6glS2FA8L2fMMJ+l3JfrsesRB/b042AGd9G0w
H5M2/T76S95FyPpaoto8Znx8w02ayMJBToJCY5Cs4QEaHkIqAAxFEvfgDRTLAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQU1T+uWROd859AhVyd0VnDZmM9/pYwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB2BggrBgEFBQcBCwRqMGgwZgYIKwYBBQUHMAuGWnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMTM4MzUyZTMzMzcyZTMyMzUzNTJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSX/MA0GCSqGSIb3DQEB
CwUAA4IBAQBnkZkbibCV549injWpMCzdur8v2xz6TbM7+O5qbkf1ciTXnaEyf+7q
FEtO7K7Q5MR9Nppbp6uflusTa9XwzTsS33mvyH0ppcyoyHO0gOF0MEwB+yc/gme8
sC2Fcg7HBLDkey/Vu5hJ+EhP/xeE0wHG/ULh3869l0uo13R7S62aTaNSRoy+/ggm
Nx7U6ftJb8YjdgpYL13CuMmMkHpnV4yfWPfK6fSoyUViwBoojE1cqFAq0wpWDg1R
gJ0FhJZ1AwK7esvQylrzvtBf31diB6Hgj1NKsVYKakcI16HY9BRzVpYy5kbZdWsn
z6IsbEvl2fmRnGe10d9Y1wE/ybwXXsFx
-----END CERTIFICATE-----