Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630313a313a3a2f34382d3438203d3e203335353337.roa
File:                     326130343a366630313a313a3a2f34382d3438203d3e203335353337.roa (raw, json)
Hash identifier:          7T9Fe0EbjjAgOtRZHx1Mmhg/MzCghRYjize5g5pxPKc=
Subject key identifier:   D0:4C:7E:38:30:C5:3F:15:36:32:66:94:4C:0C:C5:1D:D9:18:D7:48
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       46CCA8A54652614B886C68FEAFD6F7A399510E6B
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630313a313a3a2f34382d3438203d3e203335353337.roa
Signing time:             Sat 16 Aug 2025 01:48:24 +0000
ROA not before:           Sat 16 Aug 2025 01:43:24 +0000
ROA not after:            Sat 15 Aug 2026 01:48:24 +0000
asID:                     35537
IP address blocks:        2a04:6f01:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:cc:a8:a5:46:52:61:4b:88:6c:68:fe:af:d6:f7:a3:99:51:0e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:24 2025 GMT
            Not After : Aug 15 01:48:24 2026 GMT
        Subject: CN=D04C7E3830C53F15363266944C0CC51DD918D748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d3:4a:39:e1:41:b7:15:15:13:70:95:c9:c5:
                    9c:5a:92:7a:b4:2d:3a:91:f1:6f:a8:2e:73:fe:f4:
                    1e:d6:75:70:1d:cf:8c:3a:52:db:c9:5b:0d:37:8a:
                    23:f3:a5:80:45:d1:d1:20:33:6d:45:56:84:1c:6e:
                    b9:7d:8e:1a:dd:ef:62:b3:1c:24:20:25:d8:b1:96:
                    10:53:78:5e:f5:5e:af:58:f8:88:94:f3:fb:71:42:
                    86:c7:49:d0:30:c8:cb:e5:e8:49:90:66:d2:a7:5e:
                    45:5a:72:ca:60:dc:9d:b3:fb:95:7b:9f:ed:02:7a:
                    41:ee:10:d9:46:5f:43:24:04:26:73:bb:c0:6b:36:
                    b5:6a:0c:fe:8c:60:d8:4d:87:eb:51:a3:a4:69:9f:
                    17:3d:b3:6c:12:a7:be:20:f2:a7:3d:48:ee:b8:23:
                    d5:7f:45:a9:7d:0e:b3:72:b0:48:58:68:71:72:10:
                    8c:59:8f:39:8f:4a:08:f8:03:d3:35:80:7a:67:da:
                    a9:ed:ad:99:95:df:f9:7b:f8:25:cd:52:4b:01:d9:
                    35:ad:5f:c7:9b:35:22:ac:b7:2e:7f:94:37:04:f8:
                    34:c7:7e:2a:85:6d:2d:77:b1:ae:55:62:f1:ca:d9:
                    7c:ba:4b:67:b1:2b:90:c9:a5:42:d4:7c:aa:e9:4c:
                    70:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:4C:7E:38:30:C5:3F:15:36:32:66:94:4C:0C:C5:1D:D9:18:D7:48
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630313a313a3a2f34382d3438203d3e203335353337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f01:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:09:b0:85:90:94:1a:aa:64:d2:c9:a7:89:be:3d:3e:50:c8:
         7a:fb:ef:56:27:a1:30:41:80:53:80:45:02:f7:2a:2f:f6:0e:
         8c:b6:f3:a8:5c:b1:c3:21:8f:8d:8e:f7:4c:7d:30:bc:81:d6:
         59:b5:98:d8:c1:db:be:54:2f:42:86:4f:31:8d:33:14:25:69:
         23:11:f6:6d:46:48:30:d5:38:06:63:5d:a5:7b:9f:3f:3e:ea:
         6e:3b:40:f8:50:dc:cb:78:d9:c8:85:e0:8e:ae:a5:34:31:4d:
         f4:ce:bc:a1:9d:ea:f3:b5:1c:04:db:7c:09:e8:87:ab:4b:c1:
         87:48:be:76:27:a8:fa:d0:14:ad:cf:3b:a9:13:e4:6a:21:93:
         61:cd:10:db:54:35:a8:b8:57:bb:00:99:3a:b4:20:86:60:d4:
         b8:31:a9:d7:cc:6e:cd:f4:5c:c9:a2:85:cb:b8:20:16:bc:61:
         76:09:da:ff:4e:87:6a:32:ad:22:ea:d9:56:c8:03:6a:7d:57:
         28:6f:da:d0:b7:44:f1:16:81:90:f9:35:19:e3:f9:97:4b:c3:
         c2:72:8b:7e:c8:ad:36:ba:bb:3d:ba:06:79:c7:cd:f7:40:46:
         a9:b6:43:5c:0d:c2:f7:cc:8e:aa:34:dd:2b:99:f3:b4:7f:13:
         4a:14:8f:70
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIURsyopUZSYUuIbGj+r9b3o5lRDmswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjRaFw0yNjA4MTUwMTQ4MjRaMDMxMTAvBgNV
BAMTKEQwNEM3RTM4MzBDNTNGMTUzNjMyNjY5NDRDMENDNTFERDkxOEQ3NDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu00o54UG3FRUTcJXJxZxaknq0
LTqR8W+oLnP+9B7WdXAdz4w6UtvJWw03iiPzpYBF0dEgM21FVoQcbrl9jhrd72Kz
HCQgJdixlhBTeF71Xq9Y+IiU8/txQobHSdAwyMvl6EmQZtKnXkVacspg3J2z+5V7
n+0CekHuENlGX0MkBCZzu8BrNrVqDP6MYNhNh+tRo6Rpnxc9s2wSp74g8qc9SO64
I9V/Ral9DrNysEhYaHFyEIxZjzmPSgj4A9M1gHpn2qntrZmV3/l7+CXNUksB2TWt
X8ebNSKsty5/lDcE+DTHfiqFbS13sa5VYvHK2Xy6S2exK5DJpULUfKrpTHDXAgMB
AAGjggHVMIIB0TAdBgNVHQ4EFgQU0Ex+ODDFPxU2MmaUTAzFHdkY10gwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB6BggrBgEFBQcBCwRuMGwwagYIKwYBBQUHMAuGXnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzEzYTMxM2EzYTJmMzQz
ODJkMzQzODIwM2QzZTIwMzMzNTM1MzMzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoEbwEAATANBgkq
hkiG9w0BAQsFAAOCAQEAWwmwhZCUGqpk0smnib49PlDIevvvViehMEGAU4BFAvcq
L/YOjLbzqFyxwyGPjY73TH0wvIHWWbWY2MHbvlQvQoZPMY0zFCVpIxH2bUZIMNU4
BmNdpXufPz7qbjtA+FDcy3jZyIXgjq6lNDFN9M68oZ3q87UcBNt8CeiHq0vBh0i+
dieo+tAUrc87qRPkaiGTYc0Q21Q1qLhXuwCZOrQghmDUuDGp18xuzfRcyaKFy7gg
Frxhdgna/06HajKtIurZVsgDan1XKG/a0LdE8RaBkPk1GeP5l0vDwnKLfsitNrq7
PboGecfN90BGqbZDXA3C98yOqjTdK5nztH8TShSPcA==
-----END CERTIFICATE-----