Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534303a3a2f33322d3438203d3e203537383438.roa
File:                     326130623a323534303a3a2f33322d3438203d3e203537383438.roa (raw, json)
Hash identifier:          L9YTO2KOeyrNBRJd4xc0xWiFPXNRNF1hK0uUGHRswho=
Subject key identifier:   C4:19:C0:8C:41:39:E1:D2:C5:DA:E8:0E:1E:F4:58:25:12:09:03:8A
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       39D08DA30497BA0F0CFA68DE0D0D6AB8E5DF1658
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534303a3a2f33322d3438203d3e203537383438.roa
Signing time:             Sat 16 Aug 2025 01:48:24 +0000
ROA not before:           Sat 16 Aug 2025 01:43:24 +0000
ROA not after:            Sat 15 Aug 2026 01:48:24 +0000
asID:                     57848
IP address blocks:        2a0b:2540::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:d0:8d:a3:04:97:ba:0f:0c:fa:68:de:0d:0d:6a:b8:e5:df:16:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:24 2025 GMT
            Not After : Aug 15 01:48:24 2026 GMT
        Subject: CN=C419C08C4139E1D2C5DAE80E1EF458251209038A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:07:b7:3d:75:55:89:a1:34:d6:c0:f6:12:1c:
                    dc:9d:e9:c2:15:58:75:03:45:9c:60:34:f2:6a:f8:
                    bd:ea:8d:5c:f6:7c:9a:87:9d:9c:ec:87:27:3e:14:
                    ba:c8:c4:7f:13:9d:87:05:a6:9e:26:83:43:23:94:
                    0c:2f:1a:2d:ba:d8:8e:ee:05:cf:5b:58:e8:0c:9a:
                    73:df:98:71:8a:7b:ba:52:fd:ca:f8:13:61:1d:a0:
                    c7:e6:14:51:03:8a:12:f9:ed:6b:69:78:1d:c2:7f:
                    b0:16:5d:2a:8b:82:71:47:a6:9c:52:c3:9d:94:2e:
                    db:b1:9e:07:cb:31:98:ac:9d:6e:d9:3e:bc:b3:fe:
                    7f:c7:7c:76:14:43:03:b3:39:f1:1c:3f:e0:7b:bf:
                    66:7d:47:b1:7b:02:34:8e:18:be:5a:a5:46:b4:bf:
                    46:63:66:52:8b:8f:dc:d6:54:cc:4a:0f:67:a7:5b:
                    20:e0:1c:fb:dd:5b:bd:2c:de:eb:f6:74:bf:2f:59:
                    13:3e:a5:f6:b6:b5:a5:34:0a:a1:fe:2f:6d:5b:06:
                    1f:52:54:1b:e2:4a:0a:81:e7:9e:95:e7:0e:30:65:
                    cc:7d:cb:86:ab:17:93:9c:a9:e1:48:c8:cd:d5:c8:
                    a3:3a:fe:71:6d:d6:28:5b:c4:40:49:02:af:28:4a:
                    bf:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:19:C0:8C:41:39:E1:D2:C5:DA:E8:0E:1E:F4:58:25:12:09:03:8A
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534303a3a2f33322d3438203d3e203537383438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2540::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:e7:a4:e8:fb:52:f3:90:f5:e9:63:11:23:e8:7f:75:00:35:
         fd:16:7c:6b:82:dd:af:0f:d5:48:ff:d7:2b:e8:da:21:58:01:
         0b:f0:44:cb:8d:81:ec:c9:e7:fc:c3:b1:81:81:c0:54:cb:85:
         b5:61:7a:22:fe:1f:c3:c0:24:92:1b:ca:55:ec:7e:61:ea:62:
         5f:96:be:84:15:23:7a:0b:8e:a3:b0:cb:8d:1f:57:81:2f:c7:
         d1:a6:5d:98:b6:fc:f7:1d:4e:77:1e:29:73:f2:92:ad:30:8a:
         f8:4c:e0:1f:fa:31:7b:a7:30:8b:5e:20:ff:fd:ee:db:10:79:
         dd:bb:2a:66:bd:4d:00:b7:24:ba:77:ef:69:d6:74:9e:d4:61:
         25:79:bb:0e:cb:a2:f9:67:e5:41:87:91:35:0c:95:11:32:af:
         5f:86:4a:2d:72:98:0f:24:f0:86:1a:e4:6d:17:36:fa:fb:c1:
         d4:67:33:8d:c8:a9:b1:25:b2:c4:dd:17:24:ca:ca:a6:26:a6:
         ab:b0:e8:7b:3e:fe:fb:65:fe:d2:0d:f9:3d:d3:df:f9:2a:6e:
         f2:bd:cb:0c:e2:58:cd:9e:29:4a:5b:56:be:3d:f8:36:a4:d6:
         ab:8c:ec:2f:b4:63:0c:fd:90:7c:8b:e1:09:47:3b:84:44:69:
         4d:2c:7f:9c
-----BEGIN CERTIFICATE-----
MIIExTCCA62gAwIBAgIUOdCNowSXug8M+mjeDQ1quOXfFlgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjRaFw0yNjA4MTUwMTQ4MjRaMDMxMTAvBgNV
BAMTKEM0MTlDMDhDNDEzOUUxRDJDNURBRTgwRTFFRjQ1ODI1MTIwOTAzOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdB7c9dVWJoTTWwPYSHNyd6cIV
WHUDRZxgNPJq+L3qjVz2fJqHnZzshyc+FLrIxH8TnYcFpp4mg0MjlAwvGi262I7u
Bc9bWOgMmnPfmHGKe7pS/cr4E2EdoMfmFFEDihL57WtpeB3Cf7AWXSqLgnFHppxS
w52ULtuxngfLMZisnW7ZPryz/n/HfHYUQwOzOfEcP+B7v2Z9R7F7AjSOGL5apUa0
v0ZjZlKLj9zWVMxKD2enWyDgHPvdW70s3uv2dL8vWRM+pfa2taU0CqH+L21bBh9S
VBviSgqB556V5w4wZcx9y4arF5OcqeFIyM3VyKM6/nFt1ihbxEBJAq8oSr8ZAgMB
AAGjggHPMIIByzAdBgNVHQ4EFgQUxBnAjEE54dLF2ugOHvRYJRIJA4owHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB2BggrBgEFBQcBCwRqMGgwZgYIKwYBBQUHMAuGWnJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzA2MjNhMzIzNTM0MzAzYTNhMmYzMzMyMmQz
NDM4MjAzZDNlMjAzNTM3MzgzNDM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgslQDANBgkqhkiG9w0B
AQsFAAOCAQEAp+ek6PtS85D16WMRI+h/dQA1/RZ8a4Ldrw/VSP/XK+jaIVgBC/BE
y42B7Mnn/MOxgYHAVMuFtWF6Iv4fw8AkkhvKVex+YepiX5a+hBUjeguOo7DLjR9X
gS/H0aZdmLb89x1Odx4pc/KSrTCK+EzgH/oxe6cwi14g//3u2xB53bsqZr1NALck
unfvadZ0ntRhJXm7Dsui+WflQYeRNQyVETKvX4ZKLXKYDyTwhhrkbRc2+vvB1Gcz
jcipsSWyxN0XJMrKpiamq7Doez7++2X+0g35PdPf+Spu8r3LDOJYzZ4pSltWvj34
NqTWq4zsL7RjDP2QfIvhCUc7hERpTSx/nA==
-----END CERTIFICATE-----