Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630353a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630353a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          KdCFn6uhtHbYv9BqISC3k4vc4h0cOZ6GXxUW7n+GP0k=
Subject key identifier:   6E:31:A0:5C:40:51:F2:07:D7:19:65:D1:C6:82:15:62:04:A2:FF:7C
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       3339A24BB04303536D3F74AAA3D377707019438D
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630353a3a2f33322d3438203d3e2033323134.roa
Signing time:             Sat 16 Aug 2025 01:48:25 +0000
ROA not before:           Sat 16 Aug 2025 01:43:25 +0000
ROA not after:            Sat 15 Aug 2026 01:48:25 +0000
asID:                     3214
IP address blocks:        2a04:6f05::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:39:a2:4b:b0:43:03:53:6d:3f:74:aa:a3:d3:77:70:70:19:43:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:25 2025 GMT
            Not After : Aug 15 01:48:25 2026 GMT
        Subject: CN=6E31A05C4051F207D71965D1C682156204A2FF7C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d7:04:6e:34:4d:c7:cf:96:28:ad:58:32:78:
                    22:40:a5:25:86:31:7f:16:d9:7e:5c:7a:0e:b3:b4:
                    b9:83:6c:f2:d2:41:bb:df:de:da:4e:16:fb:39:e5:
                    0a:9d:51:14:73:cc:78:7b:d2:25:bb:be:33:88:90:
                    f8:76:36:2e:b2:c2:51:32:f5:41:cd:d5:26:38:92:
                    68:f8:0c:3f:30:0d:67:19:18:05:94:23:34:7b:94:
                    84:c6:ca:5e:66:f8:8f:d6:32:16:84:a4:6f:ee:9e:
                    9e:f5:73:e5:e6:1e:63:43:c7:93:99:a8:ab:b2:6d:
                    78:8f:21:a9:f4:6f:3a:8c:46:93:97:9b:7e:d9:df:
                    5f:e1:73:de:11:3f:aa:7b:b8:17:27:6c:c5:33:ed:
                    78:cc:cd:d2:d6:75:d5:13:a2:b1:ae:a0:2c:c3:0b:
                    cc:0e:69:64:cb:56:01:e9:4f:0d:4e:f7:c5:6d:89:
                    f0:86:75:55:a0:db:a0:ae:92:27:f4:4d:e7:ef:7a:
                    28:eb:ce:70:74:dc:09:52:1e:cf:d7:81:99:97:9a:
                    ef:92:79:d7:c5:ed:a2:47:0e:0b:3b:fb:b8:97:6e:
                    45:fd:3f:1f:49:c5:c7:54:26:51:38:29:97:d0:5a:
                    b9:68:80:15:91:a3:79:64:55:d6:6e:ac:0b:12:11:
                    2d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:31:A0:5C:40:51:F2:07:D7:19:65:D1:C6:82:15:62:04:A2:FF:7C
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630353a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f05::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:45:95:5f:a5:71:35:66:14:d6:f3:d2:23:15:cf:6d:7c:31:
         71:0b:c6:aa:4c:af:47:70:67:fe:92:72:c4:56:e7:67:b1:ce:
         91:e6:b2:30:73:b0:2f:aa:8d:62:16:c0:83:83:d9:24:8f:8b:
         41:3d:39:47:fc:96:dc:58:a2:04:a3:e0:98:45:a7:83:13:95:
         a6:fa:57:8d:7f:15:9f:73:28:40:6f:70:0a:7b:75:e0:b6:69:
         66:f4:37:11:16:40:81:35:11:fe:33:1a:1e:1d:8a:0b:da:26:
         47:e3:6c:f5:e1:30:dd:53:60:51:30:81:df:b1:8f:9c:0e:c5:
         8e:1e:93:9d:e0:53:53:ce:94:35:71:48:1d:67:6f:0f:dc:71:
         d8:13:62:c2:22:36:86:42:a9:65:ca:60:9c:8f:e2:84:81:ff:
         27:64:01:a0:42:17:6f:47:df:f6:d3:f3:bf:b0:88:33:15:b6:
         30:57:6f:a8:9e:5d:f8:c5:95:82:11:e5:35:fa:7f:5e:57:eb:
         df:80:25:27:af:ea:6d:b4:42:61:24:41:e2:c1:1b:ea:3c:b6:
         5e:97:43:d8:41:9d:bb:84:cc:6e:4f:f5:f8:ca:61:91:82:62:
         4e:52:a6:e4:21:e2:f5:c1:4c:6a:39:49:60:91:5e:f9:b1:6f:
         db:81:05:5d
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUMzmiS7BDA1NtP3Sqo9N3cHAZQ40wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjVaFw0yNjA4MTUwMTQ4MjVaMDMxMTAvBgNV
BAMTKDZFMzFBMDVDNDA1MUYyMDdENzE5NjVEMUM2ODIxNTYyMDRBMkZGN0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN1wRuNE3Hz5YorVgyeCJApSWG
MX8W2X5ceg6ztLmDbPLSQbvf3tpOFvs55QqdURRzzHh70iW7vjOIkPh2Ni6ywlEy
9UHN1SY4kmj4DD8wDWcZGAWUIzR7lITGyl5m+I/WMhaEpG/unp71c+XmHmNDx5OZ
qKuybXiPIan0bzqMRpOXm37Z31/hc94RP6p7uBcnbMUz7XjMzdLWddUTorGuoCzD
C8wOaWTLVgHpTw1O98VtifCGdVWg26Cukif0TefveijrznB03AlSHs/XgZmXmu+S
edfF7aJHDgs7+7iXbkX9Px9JxcdUJlE4KZfQWrlogBWRo3lkVdZurAsSES0jAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUbjGgXEBR8gfXGWXRxoIVYgSi/3wwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzUzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwUwDQYJKoZIhvcNAQEL
BQADggEBAAZFlV+lcTVmFNbz0iMVz218MXELxqpMr0dwZ/6ScsRW52exzpHmsjBz
sC+qjWIWwIOD2SSPi0E9OUf8ltxYogSj4JhFp4MTlab6V41/FZ9zKEBvcAp7deC2
aWb0NxEWQIE1Ef4zGh4digvaJkfjbPXhMN1TYFEwgd+xj5wOxY4ek53gU1POlDVx
SB1nbw/ccdgTYsIiNoZCqWXKYJyP4oSB/ydkAaBCF29H3/bT87+wiDMVtjBXb6ie
XfjFlYIR5TX6f15X69+AJSev6m20QmEkQeLBG+o8tl6XQ9hBnbuEzG5P9fjKYZGC
Yk5SpuQh4vXBTGo5SWCRXvmxb9uBBV0=
-----END CERTIFICATE-----