Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3330303a3a2f34302d3438203d3e20323036333135.roa
File:                     326130623a323534323a3330303a3a2f34302d3438203d3e20323036333135.roa (raw, json)
Hash identifier:          QWl30p14TV0yaWJBRRDe71K4drJf3CoB3A0YNNsfHrM=
Subject key identifier:   72:BB:83:3D:11:FB:2A:3E:84:0B:65:DF:25:DA:F0:EC:04:17:71:07
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       728198D92491568AB9EDA2A7D3B6FCE285D4FEDF
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3330303a3a2f34302d3438203d3e20323036333135.roa
Signing time:             Sat 16 Aug 2025 01:48:23 +0000
ROA not before:           Sat 16 Aug 2025 01:43:23 +0000
ROA not after:            Sat 15 Aug 2026 01:48:23 +0000
asID:                     206315
IP address blocks:        2a0b:2542:300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:81:98:d9:24:91:56:8a:b9:ed:a2:a7:d3:b6:fc:e2:85:d4:fe:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:23 2025 GMT
            Not After : Aug 15 01:48:23 2026 GMT
        Subject: CN=72BB833D11FB2A3E840B65DF25DAF0EC04177107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a7:c0:53:28:35:0c:dd:ca:24:80:58:b6:85:
                    80:86:ba:92:5a:b9:fa:11:48:d2:3e:4b:16:31:41:
                    cf:f1:fd:ca:9c:84:74:71:91:38:6c:8b:ef:e4:73:
                    35:ae:8c:2c:d5:76:6c:73:f5:7d:bb:59:12:23:e3:
                    93:0e:5a:49:58:fa:f3:72:d7:ee:bb:a0:c8:5b:1b:
                    88:cf:c8:3f:18:53:7a:31:83:90:0b:d0:ca:07:38:
                    1d:d2:bc:d2:e5:95:f6:d4:1b:ef:6b:3f:e5:33:2d:
                    c8:70:f9:74:51:46:c9:df:5b:54:0c:71:be:16:34:
                    28:e8:3b:8a:11:ae:3c:1b:3f:39:9e:0a:f8:e0:58:
                    3e:0e:b0:82:d4:60:22:fb:62:ac:cd:1c:58:06:5f:
                    02:89:dd:39:7b:91:af:6f:1c:34:98:83:45:f5:bd:
                    3f:52:db:00:11:86:cd:da:1d:0c:2c:6f:eb:dd:5e:
                    da:d5:97:7a:4d:52:71:ae:a3:ed:ea:7c:8e:00:28:
                    19:7e:59:4b:84:67:5b:0e:81:1d:9d:c3:e6:ad:cb:
                    1c:30:0e:e1:1c:82:5c:fc:af:2c:16:fa:e0:d7:52:
                    0b:9e:45:ef:ea:94:ca:81:45:73:67:d0:72:21:96:
                    f9:9d:38:da:1f:ac:e2:a7:bb:6d:0b:c3:a0:88:13:
                    a8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:BB:83:3D:11:FB:2A:3E:84:0B:65:DF:25:DA:F0:EC:04:17:71:07
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3330303a3a2f34302d3438203d3e20323036333135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         ab:f3:64:5a:76:d8:96:00:ec:3d:08:5a:a5:8a:52:74:87:0e:
         79:61:90:ea:71:02:57:bc:b1:44:99:4b:04:a9:bb:e0:ee:fc:
         55:51:49:4a:a9:3a:99:5a:5e:49:e3:e2:6e:66:6c:f5:89:a1:
         7a:95:72:0e:28:20:b6:6c:ff:90:82:fa:14:2a:8d:51:d9:36:
         bf:d7:d1:2f:b2:10:a1:ce:87:06:71:99:57:d6:27:5e:75:19:
         6a:37:50:18:93:5d:8d:2e:ed:ae:a6:8d:44:c0:8a:46:19:c4:
         5f:49:85:97:b4:75:98:7f:a5:68:7a:bd:6e:7a:55:f3:c3:41:
         03:4b:9c:d5:c8:d8:a4:7d:c1:2e:ca:37:3c:bb:24:b5:52:3b:
         5d:e1:28:09:a1:c8:71:d5:0a:64:f6:e1:d2:39:e6:10:04:ec:
         22:0b:e5:fa:ee:78:08:ca:18:dd:9f:3c:23:39:52:08:27:d2:
         f7:9b:64:48:9f:d0:1e:ac:bc:5f:20:f3:0e:26:e4:8d:3a:90:
         09:9f:04:db:8e:44:91:13:21:78:7a:22:13:1d:4e:07:56:3e:
         5a:7f:fa:7a:4d:2c:2b:3e:9d:80:ff:eb:0e:30:7d:5e:71:7d:
         81:9e:0c:fc:ae:b1:80:56:64:68:5c:fb:4d:b4:dd:b6:16:e5:
         eb:ec:91:d3
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUcoGY2SSRVoq57aKn07b84oXU/t8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjNaFw0yNjA4MTUwMTQ4MjNaMDMxMTAvBgNV
BAMTKDcyQkI4MzNEMTFGQjJBM0U4NDBCNjVERjI1REFGMEVDMDQxNzcxMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgp8BTKDUM3cokgFi2hYCGupJa
ufoRSNI+SxYxQc/x/cqchHRxkThsi+/kczWujCzVdmxz9X27WRIj45MOWklY+vNy
1+67oMhbG4jPyD8YU3oxg5AL0MoHOB3SvNLllfbUG+9rP+UzLchw+XRRRsnfW1QM
cb4WNCjoO4oRrjwbPzmeCvjgWD4OsILUYCL7YqzNHFgGXwKJ3Tl7ka9vHDSYg0X1
vT9S2wARhs3aHQwsb+vdXtrVl3pNUnGuo+3qfI4AKBl+WUuEZ1sOgR2dw+atyxww
DuEcglz8rywW+uDXUgueRe/qlMqBRXNn0HIhlvmdONofrOKnu20Lw6CIE6i9AgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUcruDPRH7Kj6EC2XfJdrw7AQXcQcwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzMzMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMwMzYzMzMxMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
AzANBgkqhkiG9w0BAQsFAAOCAQEAq/NkWnbYlgDsPQhapYpSdIcOeWGQ6nECV7yx
RJlLBKm74O78VVFJSqk6mVpeSePibmZs9YmhepVyDiggtmz/kIL6FCqNUdk2v9fR
L7IQoc6HBnGZV9YnXnUZajdQGJNdjS7trqaNRMCKRhnEX0mFl7R1mH+laHq9bnpV
88NBA0uc1cjYpH3BLso3PLsktVI7XeEoCaHIcdUKZPbh0jnmEATsIgvl+u54CMoY
3Z88IzlSCCfS95tkSJ/QHqy8XyDzDibkjTqQCZ8E245EkRMheHoiEx1OB1Y+Wn/6
ek0sKz6dgP/rDjB9XnF9gZ4M/K6xgFZkaFz7TbTdthbl6+yR0w==
-----END CERTIFICATE-----