Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130343a366630373a3a2f33322d3438203d3e2033323134.roa
File:                     326130343a366630373a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          VugVK1D3/SoIJFLCzYDlkKyW1ghJzP8MnQoi6CCQXmQ=
Subject key identifier:   F3:7C:33:3C:DC:0D:97:D4:40:C5:9E:C2:FA:34:D9:D2:14:54:C1:49
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       7454312A1697472BA2F0D91C67E3394E023A31CB
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630373a3a2f33322d3438203d3e2033323134.roa
Signing time:             Sat 16 Aug 2025 01:48:25 +0000
ROA not before:           Sat 16 Aug 2025 01:43:25 +0000
ROA not after:            Sat 15 Aug 2026 01:48:25 +0000
asID:                     3214
IP address blocks:        2a04:6f07::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 03:46:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:54:31:2a:16:97:47:2b:a2:f0:d9:1c:67:e3:39:4e:02:3a:31:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:25 2025 GMT
            Not After : Aug 15 01:48:25 2026 GMT
        Subject: CN=F37C333CDC0D97D440C59EC2FA34D9D21454C149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:da:e9:15:74:ea:5d:5c:5b:a6:00:43:d7:86:
                    be:32:88:91:b3:db:ef:f3:de:2b:1e:e8:e8:c9:11:
                    5b:ea:7c:5b:1a:78:62:3d:09:40:a8:2d:33:ea:4f:
                    66:8a:4a:f9:7e:33:71:70:57:d0:2d:a2:bf:73:e2:
                    67:bc:c7:b7:fd:e4:14:c9:3d:af:ec:1b:e2:6d:35:
                    ac:13:39:8c:78:75:11:a6:b4:6f:29:8f:23:65:ac:
                    71:05:2c:b2:a3:2d:c1:63:74:7f:5b:02:fd:c4:9b:
                    43:c0:e9:25:58:62:3b:a3:f7:e2:a5:2e:36:76:75:
                    b1:06:4c:86:8e:4c:fa:bb:5e:7e:9b:06:3a:a2:67:
                    b0:f9:b0:12:a7:15:cd:af:79:32:ec:af:3b:8b:26:
                    28:5a:90:3c:84:7d:9c:49:15:d4:33:5f:73:f8:73:
                    92:82:8c:05:13:37:d2:de:a9:59:fb:1e:5e:cc:dc:
                    7a:64:e3:9a:7e:10:cc:4f:13:71:fa:f7:f6:85:9c:
                    87:a5:ce:65:62:fa:10:0d:53:80:ed:ae:98:aa:fd:
                    b2:8b:7b:1a:66:0b:b7:e8:bd:8e:b8:b9:eb:4f:1e:
                    c6:d2:c4:04:11:9d:3c:cf:ea:44:0b:75:06:97:21:
                    53:98:67:91:e5:36:83:b7:ea:c7:17:7b:27:dc:db:
                    c0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:7C:33:3C:DC:0D:97:D4:40:C5:9E:C2:FA:34:D9:D2:14:54:C1:49
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130343a366630373a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6f07::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:87:90:67:04:44:41:f0:db:bd:60:42:37:b2:70:a6:ea:4e:
         0b:87:7a:08:1a:39:71:ed:2c:6d:45:25:69:40:e8:00:f0:d1:
         87:55:f1:5c:b3:a9:8f:aa:42:0a:75:da:5a:29:ff:37:3f:b7:
         0c:9e:8a:3e:cb:4e:f5:ca:db:2f:4f:07:60:37:f1:b9:0c:97:
         19:de:6c:2a:64:88:b1:9b:33:7e:4c:a0:f3:cc:41:5a:99:54:
         cd:70:89:15:68:0e:71:67:94:01:79:f8:27:45:3f:ed:59:8b:
         1d:c4:9b:d1:a1:06:d6:52:66:d4:ac:bd:1f:aa:90:70:17:62:
         da:76:9e:6d:6d:c4:fb:4e:a3:f2:03:26:f2:86:d9:0a:a1:7d:
         33:2e:aa:dd:29:e0:b7:dd:8d:1d:74:c4:7a:3c:0c:7a:43:ca:
         36:60:08:a6:6e:ae:8f:68:e9:10:41:59:a7:b4:cf:55:b4:3f:
         b4:97:05:bb:70:fb:30:e1:44:84:20:4f:cc:9a:c6:c4:ad:ef:
         41:4f:8a:79:3b:11:e1:03:e1:0c:75:96:45:57:9b:bd:7b:4b:
         37:a0:7a:7f:9a:fa:ae:3f:fc:5e:47:98:ec:35:3d:3a:ca:14:
         07:58:df:be:62:50:cb:0b:7d:ca:93:0f:f6:ec:13:c1:0f:31:
         fc:99:54:0e
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUdFQxKhaXRyui8NkcZ+M5TgI6McswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjVaFw0yNjA4MTUwMTQ4MjVaMDMxMTAvBgNV
BAMTKEYzN0MzMzNDREMwRDk3RDQ0MEM1OUVDMkZBMzREOUQyMTQ1NEMxNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl2ukVdOpdXFumAEPXhr4yiJGz
2+/z3ise6OjJEVvqfFsaeGI9CUCoLTPqT2aKSvl+M3FwV9Ator9z4me8x7f95BTJ
Pa/sG+JtNawTOYx4dRGmtG8pjyNlrHEFLLKjLcFjdH9bAv3Em0PA6SVYYjuj9+Kl
LjZ2dbEGTIaOTPq7Xn6bBjqiZ7D5sBKnFc2veTLsrzuLJihakDyEfZxJFdQzX3P4
c5KCjAUTN9LeqVn7Hl7M3Hpk45p+EMxPE3H69/aFnIelzmVi+hANU4Dtrpiq/bKL
expmC7fovY64uetPHsbSxAQRnTzP6kQLdQaXIVOYZ5HlNoO36scXeyfc28CvAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQU83wzPNwNl9RAxZ7C+jTZ0hRUwUkwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzAzNDNhMzY2NjMwMzczYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoEbwcwDQYJKoZIhvcNAQEL
BQADggEBAECHkGcEREHw271gQjeycKbqTguHeggaOXHtLG1FJWlA6ADw0YdV8Vyz
qY+qQgp12lop/zc/twyeij7LTvXK2y9PB2A38bkMlxnebCpkiLGbM35MoPPMQVqZ
VM1wiRVoDnFnlAF5+CdFP+1Zix3Em9GhBtZSZtSsvR+qkHAXYtp2nm1txPtOo/ID
JvKG2QqhfTMuqt0p4LfdjR10xHo8DHpDyjZgCKZuro9o6RBBWae0z1W0P7SXBbtw
+zDhRIQgT8yaxsSt70FPink7EeED4Qx1lkVXm717Szegen+a+q4//F5HmOw1PTrK
FAdY375iUMsLfcqTD/bsE8EPMfyZVA4=
-----END CERTIFICATE-----