Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630363a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630363a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          qJqIdb2BkZHf6O6GnVlZJYkvHc3SRNCRrZkRQAO4Erg=
Subject key identifier:   4C:9E:95:72:4B:8E:26:22:5C:3F:9B:13:AF:9E:C8:CD:10:7B:F7:41
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       0A0858607CBE33073D10E0A2D6B7808E2D37F41B
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630363a3a2f33322d3438203d3e2033323134.roa
Signing time:             Sat 16 Aug 2025 01:48:23 +0000
ROA not before:           Sat 16 Aug 2025 01:43:23 +0000
ROA not after:            Sat 15 Aug 2026 01:48:23 +0000
asID:                     3214
IP address blocks:        2a04:6f06::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:08:58:60:7c:be:33:07:3d:10:e0:a2:d6:b7:80:8e:2d:37:f4:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:23 2025 GMT
            Not After : Aug 15 01:48:23 2026 GMT
        Subject: CN=4C9E95724B8E26225C3F9B13AF9EC8CD107BF741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:08:4f:2a:b9:25:f2:b7:a4:bd:93:65:fa:c2:
                    d7:0f:4c:6d:d0:ae:24:b6:54:a7:c5:b7:fe:d5:5f:
                    39:4f:15:44:c6:c0:94:bb:9d:99:c7:0e:cc:86:0b:
                    d0:f4:bc:bd:ae:3e:11:e4:11:c8:ae:4b:ce:fb:cf:
                    41:8f:a0:62:4b:fa:45:0d:a6:88:3b:bd:b8:1f:54:
                    ac:bd:3b:4b:7e:12:e0:81:bb:99:d9:0c:00:37:1f:
                    c8:aa:52:42:d0:2c:f0:7e:b1:3d:5f:7b:da:b3:5b:
                    15:4a:04:53:e8:5d:28:f6:e4:16:7a:28:7b:a0:19:
                    78:49:6e:18:78:5d:38:0b:39:45:71:d8:72:37:ce:
                    28:db:82:1c:33:88:37:76:92:31:ff:df:98:1c:28:
                    79:34:5b:f2:d4:f9:dd:ab:d9:b6:75:b2:a9:02:b5:
                    31:01:f4:74:15:12:34:6b:12:b7:e1:a1:56:3f:f8:
                    68:c5:69:84:e9:b1:cb:54:89:58:f3:22:36:a8:ac:
                    42:cf:d4:3e:bd:1e:90:83:99:cc:4a:13:e1:8b:78:
                    db:f0:c5:98:7d:09:2d:c2:b5:43:94:c5:91:b7:f9:
                    02:40:e7:31:da:54:47:a9:15:fb:8c:c5:ba:d1:1c:
                    4c:da:6b:fa:fa:64:15:f1:06:75:63:18:71:13:c8:
                    1a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:9E:95:72:4B:8E:26:22:5C:3F:9B:13:AF:9E:C8:CD:10:7B:F7:41
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630363a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f06::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:ce:f0:e5:fb:72:e4:ab:37:36:13:20:b2:ee:c2:62:2c:d5:
         d0:d3:40:45:ad:fb:72:35:bc:5a:9d:7b:dc:2e:74:69:1f:ca:
         4f:cd:8a:d9:be:22:fd:61:b9:13:64:5f:e7:76:d7:4e:fb:36:
         04:44:0b:52:e8:87:0f:31:39:f9:6f:42:af:c5:25:56:45:a8:
         09:5d:b7:62:67:46:c9:13:8f:84:20:be:8a:a8:95:90:cc:a8:
         30:3e:0d:00:1a:8c:3b:37:ca:ef:cf:8b:05:43:2a:12:00:ad:
         97:7d:34:a9:76:63:b8:3d:c8:df:9f:38:ef:c8:4d:f0:77:20:
         a0:bf:39:f5:85:3f:7d:f7:11:0c:40:9c:20:7e:e5:c3:fc:4b:
         55:c3:dd:3b:38:76:12:4c:eb:98:1c:96:08:84:a4:f4:1c:7e:
         c1:19:05:43:03:ab:da:e4:da:0d:2c:d5:ba:ee:94:ec:0b:6b:
         b5:18:73:7d:57:31:ff:78:72:30:a4:c1:f0:4d:fa:6a:d5:cf:
         96:45:c9:e8:2a:7b:27:9d:06:23:39:29:d2:c3:75:89:55:07:
         b0:01:a2:f2:8b:4a:d6:ba:ed:1e:f8:7e:f5:bc:a1:05:53:d7:
         db:5c:83:55:df:ce:b7:b6:9e:ed:21:d1:09:ad:ce:13:ba:98:
         c3:9e:47:68
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUCghYYHy+Mwc9EOCi1reAji039BswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjNaFw0yNjA4MTUwMTQ4MjNaMDMxMTAvBgNV
BAMTKDRDOUU5NTcyNEI4RTI2MjI1QzNGOUIxM0FGOUVDOENEMTA3QkY3NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgCE8quSXyt6S9k2X6wtcPTG3Q
riS2VKfFt/7VXzlPFUTGwJS7nZnHDsyGC9D0vL2uPhHkEciuS877z0GPoGJL+kUN
pog7vbgfVKy9O0t+EuCBu5nZDAA3H8iqUkLQLPB+sT1fe9qzWxVKBFPoXSj25BZ6
KHugGXhJbhh4XTgLOUVx2HI3zijbghwziDd2kjH/35gcKHk0W/LU+d2r2bZ1sqkC
tTEB9HQVEjRrErfhoVY/+GjFaYTpsctUiVjzIjaorELP1D69HpCDmcxKE+GLeNvw
xZh9CS3CtUOUxZG3+QJA5zHaVEepFfuMxbrRHEzaa/r6ZBXxBnVjGHETyBrjAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUTJ6VckuOJiJcP5sTr57IzRB790EwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzYzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwYwDQYJKoZIhvcNAQEL
BQADggEBAJvO8OX7cuSrNzYTILLuwmIs1dDTQEWt+3I1vFqde9wudGkfyk/Nitm+
Iv1huRNkX+d21077NgREC1Lohw8xOflvQq/FJVZFqAldt2JnRskTj4QgvoqolZDM
qDA+DQAajDs3yu/PiwVDKhIArZd9NKl2Y7g9yN+fOO/ITfB3IKC/OfWFP333EQxA
nCB+5cP8S1XD3Ts4dhJM65gclgiEpPQcfsEZBUMDq9rk2g0s1brulOwLa7UYc31X
Mf94cjCkwfBN+mrVz5ZFyegqeyedBiM5KdLDdYlVB7ABovKLSta67R74fvW8oQVT
19tcg1Xfzre2nu0h0QmtzhO6mMOeR2g=
-----END CERTIFICATE-----