Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630323a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630323a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          B+eOg+cAHMNqKY5MUdSl9SF8tG5/ZSo65z1pbIoUn8s=
Subject key identifier:   E6:05:D4:CF:D5:06:86:F8:3A:D2:0D:9A:1C:7E:4C:94:7E:47:DF:60
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       6B0F0683EE0A0695F588212AB1122418EAF42BAF
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630323a3a2f33322d3438203d3e2033323134.roa
Signing time:             Sat 16 Aug 2025 01:48:24 +0000
ROA not before:           Sat 16 Aug 2025 01:43:24 +0000
ROA not after:            Sat 15 Aug 2026 01:48:24 +0000
asID:                     3214
IP address blocks:        2a04:6f02::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 03:46:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:0f:06:83:ee:0a:06:95:f5:88:21:2a:b1:12:24:18:ea:f4:2b:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:24 2025 GMT
            Not After : Aug 15 01:48:24 2026 GMT
        Subject: CN=E605D4CFD50686F83AD20D9A1C7E4C947E47DF60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:94:37:11:64:fa:13:f7:0a:74:95:86:74:10:
                    fd:96:2c:74:b1:77:77:8a:30:b7:77:b0:60:db:ce:
                    fb:fb:80:ba:40:9f:85:ff:ba:7e:82:dd:f1:e5:3a:
                    c0:f7:d3:f1:b3:49:6a:d5:c5:54:3a:51:7b:36:19:
                    71:1e:fb:35:2d:39:ff:95:5f:bb:71:e0:e2:d7:03:
                    33:13:30:75:88:11:1c:e8:3a:b2:60:72:97:97:84:
                    aa:24:17:a7:ce:c3:b8:4e:a3:bb:1a:b8:01:8c:74:
                    56:b0:9d:ad:ba:89:b3:b2:2b:6b:75:22:eb:0f:d8:
                    6b:e0:a2:be:4f:cf:d6:be:86:b4:b7:c8:5b:17:ba:
                    82:9a:53:f7:07:f2:d6:75:2b:5e:a7:c0:dc:0f:59:
                    fe:d2:02:d9:f8:b8:d8:57:00:50:2d:05:cb:0d:c0:
                    01:82:b0:81:89:93:9a:21:c6:bd:69:13:9d:5c:e2:
                    fb:d2:fe:b0:69:be:16:cd:ed:9e:c7:31:5c:1a:41:
                    71:6a:55:84:7f:40:c0:c2:a2:03:c1:fc:2f:d1:5d:
                    70:2e:c6:f1:cd:3d:55:13:d7:a6:53:6b:31:ca:93:
                    f7:f0:3a:7d:03:b5:18:8e:4a:db:cb:14:bd:54:a2:
                    9a:ec:3b:ef:3e:6c:11:51:9c:d0:e8:af:96:3c:19:
                    4f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:05:D4:CF:D5:06:86:F8:3A:D2:0D:9A:1C:7E:4C:94:7E:47:DF:60
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630323a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f02::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:6b:74:49:82:db:b1:b8:3f:0e:2a:6b:03:8a:ee:14:9b:de:
         fb:f7:ef:43:b2:bc:be:84:43:3e:8c:08:7c:37:67:9b:19:85:
         ea:fd:0e:9a:9f:56:19:9b:cc:46:59:66:bb:e0:4f:e5:08:36:
         09:e5:95:4f:c0:39:0f:a0:e3:f6:a9:82:fd:0b:1e:5d:91:88:
         63:78:d8:71:cd:2e:95:d5:80:72:e0:93:62:a6:63:36:61:fd:
         8a:8b:c8:fa:9a:24:19:0d:6b:8c:05:e1:3b:4c:e3:49:9d:28:
         ff:46:d0:5f:7d:02:69:40:1f:c7:ba:49:bf:f1:4c:4e:10:73:
         54:a9:a8:57:a3:18:58:e3:36:c6:36:17:2e:cb:fd:aa:78:be:
         d2:ac:a4:6a:19:54:70:09:63:45:4d:d7:bb:cd:1b:32:bf:67:
         78:b2:da:60:75:dd:d5:cf:83:d3:a1:05:21:18:75:ca:5d:64:
         3c:4e:47:08:88:e3:61:9d:9c:e7:82:90:ed:46:b6:93:7b:7c:
         a5:34:6f:08:d7:f1:d1:26:74:4a:f8:bc:61:c9:78:21:ff:d0:
         9f:88:61:24:ac:75:37:57:b9:dc:31:f1:1d:f4:47:6d:23:9e:
         82:17:5f:2e:c3:df:8f:06:3b:da:54:b0:0f:a2:25:15:94:9b:
         10:c4:1f:74
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUaw8Gg+4KBpX1iCEqsRIkGOr0K68wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjRaFw0yNjA4MTUwMTQ4MjRaMDMxMTAvBgNV
BAMTKEU2MDVENENGRDUwNjg2RjgzQUQyMEQ5QTFDN0U0Qzk0N0U0N0RGNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXlDcRZPoT9wp0lYZ0EP2WLHSx
d3eKMLd3sGDbzvv7gLpAn4X/un6C3fHlOsD30/GzSWrVxVQ6UXs2GXEe+zUtOf+V
X7tx4OLXAzMTMHWIERzoOrJgcpeXhKokF6fOw7hOo7sauAGMdFawna26ibOyK2t1
IusP2Gvgor5Pz9a+hrS3yFsXuoKaU/cH8tZ1K16nwNwPWf7SAtn4uNhXAFAtBcsN
wAGCsIGJk5ohxr1pE51c4vvS/rBpvhbN7Z7HMVwaQXFqVYR/QMDCogPB/C/RXXAu
xvHNPVUT16ZTazHKk/fwOn0DtRiOStvLFL1UoprsO+8+bBFRnNDor5Y8GU+hAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQU5gXUz9UGhvg60g2aHH5MlH5H32AwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzIzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwIwDQYJKoZIhvcNAQEL
BQADggEBAFJrdEmC27G4Pw4qawOK7hSb3vv370OyvL6EQz6MCHw3Z5sZher9Dpqf
VhmbzEZZZrvgT+UINgnllU/AOQ+g4/apgv0LHl2RiGN42HHNLpXVgHLgk2KmYzZh
/YqLyPqaJBkNa4wF4TtM40mdKP9G0F99AmlAH8e6Sb/xTE4Qc1SpqFejGFjjNsY2
Fy7L/ap4vtKspGoZVHAJY0VN17vNGzK/Z3iy2mB13dXPg9OhBSEYdcpdZDxORwiI
42GdnOeCkO1GtpN7fKU0bwjX8dEmdEr4vGHJeCH/0J+IYSSsdTdXudwx8R30R20j
noIXXy7D348GO9pUsA+iJRWUmxDEH3Q=
-----END CERTIFICATE-----