Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa
File:                     326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa (raw, json)
Hash identifier:          gTieBvQnMaK1cIhBSZkfWrKYAsZXnEYpc10y0g+Oh3c=
Subject key identifier:   E7:D6:D5:26:A2:C0:14:F0:EF:33:CA:62:DF:22:03:20:7D:2D:DC:0F
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       05ADD8E01C8F19C29B3B235BF950A753288985FB
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa
Signing time:             Sat 23 Aug 2025 01:48:31 +0000
ROA not before:           Sat 23 Aug 2025 01:43:31 +0000
ROA not after:            Sat 22 Aug 2026 01:48:31 +0000
asID:                     197730
IP address blocks:        2a0b:2542:700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:ad:d8:e0:1c:8f:19:c2:9b:3b:23:5b:f9:50:a7:53:28:89:85:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 23 01:43:31 2025 GMT
            Not After : Aug 22 01:48:31 2026 GMT
        Subject: CN=E7D6D526A2C014F0EF33CA62DF2203207D2DDC0F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:bc:bd:3a:01:56:dc:5d:4e:7c:7f:0b:17:61:
                    94:95:77:50:5f:58:0c:3b:99:cd:2e:b0:1e:33:92:
                    de:12:06:12:d1:2a:32:f5:40:99:00:31:89:cf:19:
                    d2:d1:3b:bc:27:3e:43:0c:f4:03:fe:03:bd:ca:30:
                    f4:77:10:fb:d9:d1:98:6e:19:e4:4f:05:a7:78:46:
                    a3:8e:2d:99:6d:d1:f4:a3:04:c9:4d:10:4d:14:8e:
                    ee:6d:34:0b:10:ce:2b:9d:c8:1f:14:1e:89:68:e1:
                    8d:2c:b0:2f:01:38:ee:61:ce:91:09:c0:50:7e:66:
                    64:c8:9b:93:d0:e9:5e:63:9e:a5:b4:c4:1c:72:88:
                    31:57:d3:f0:1f:fc:fc:56:cb:a9:5d:17:87:b6:f9:
                    ea:2f:86:50:85:ea:d4:43:ff:f8:65:d7:39:76:90:
                    fd:26:96:d0:40:81:1b:a6:02:a2:10:7c:4b:a3:72:
                    52:d4:89:db:09:70:05:cd:db:b9:44:53:57:26:93:
                    02:18:c7:79:f4:d9:08:21:83:6d:3e:56:c1:ab:32:
                    7c:40:f9:f1:85:4f:27:34:9e:a8:94:bb:9f:67:ea:
                    8d:db:c8:08:9b:66:f3:c3:b7:ee:e4:20:bf:e8:74:
                    8a:76:8b:e4:49:82:cf:56:17:d9:76:4b:5c:f4:c2:
                    51:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:D6:D5:26:A2:C0:14:F0:EF:33:CA:62:DF:22:03:20:7D:2D:DC:0F
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3730303a3a2f34302d3438203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         a9:58:70:b3:06:72:90:bb:e1:af:96:67:2b:89:dc:76:85:60:
         50:8e:c5:61:12:07:17:b0:79:d8:b4:bf:ba:47:14:5f:95:ae:
         25:19:28:8d:79:ff:ab:41:a5:41:d4:ca:fa:7e:39:88:e1:d7:
         c9:80:2e:f1:96:63:63:ff:26:98:55:0c:b3:8f:31:e9:5a:47:
         80:4c:b5:5f:ff:bb:e7:f1:27:1c:f3:1f:6c:2e:cf:c9:b3:a9:
         7e:54:4c:85:22:fd:77:92:aa:a7:b6:a3:44:2f:7a:b1:6f:02:
         a2:da:97:80:04:73:7d:61:25:db:5e:6a:ae:37:15:a1:99:32:
         20:41:60:c4:21:4d:03:5d:e6:08:43:17:c2:61:67:13:d7:06:
         aa:80:e6:f9:cb:c0:ba:89:86:15:ed:90:ed:37:47:d8:ea:64:
         37:38:df:39:51:4c:fe:6c:52:b1:1c:93:20:40:bd:d3:b6:89:
         9c:69:72:55:71:96:09:34:c9:e2:fc:66:63:5c:bf:7d:0f:fc:
         c4:aa:e0:21:8c:df:82:1f:d1:fe:55:97:e2:3f:d5:53:ce:9d:
         4d:78:41:d3:79:1f:4e:39:9e:17:2e:35:db:66:87:0d:a7:74:
         1e:dc:18:a3:5f:2e:67:82:ce:57:fa:9f:9d:51:91:1e:87:2d:
         2c:33:11:c3
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUBa3Y4ByPGcKbOyNb+VCnUyiJhfswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MjMwMTQzMzFaFw0yNjA4MjIwMTQ4MzFaMDMxMTAvBgNV
BAMTKEU3RDZENTI2QTJDMDE0RjBFRjMzQ0E2MkRGMjIwMzIwN0QyRERDMEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDovL06AVbcXU58fwsXYZSVd1Bf
WAw7mc0usB4zkt4SBhLRKjL1QJkAMYnPGdLRO7wnPkMM9AP+A73KMPR3EPvZ0Zhu
GeRPBad4RqOOLZlt0fSjBMlNEE0Uju5tNAsQziudyB8UHolo4Y0ssC8BOO5hzpEJ
wFB+ZmTIm5PQ6V5jnqW0xBxyiDFX0/Af/PxWy6ldF4e2+eovhlCF6tRD//hl1zl2
kP0mltBAgRumAqIQfEujclLUidsJcAXN27lEU1cmkwIYx3n02Qghg20+VsGrMnxA
+fGFTyc0nqiUu59n6o3byAibZvPDt+7kIL/odIp2i+RJgs9WF9l2S1z0wlFNAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQU59bVJqLAFPDvM8pi3yIDIH0t3A8wHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzNzMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMTM5MzczNzMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
BzANBgkqhkiG9w0BAQsFAAOCAQEAqVhwswZykLvhr5ZnK4ncdoVgUI7FYRIHF7B5
2LS/ukcUX5WuJRkojXn/q0GlQdTK+n45iOHXyYAu8ZZjY/8mmFUMs48x6VpHgEy1
X/+75/EnHPMfbC7PybOpflRMhSL9d5Kqp7ajRC96sW8CotqXgARzfWEl215qrjcV
oZkyIEFgxCFNA13mCEMXwmFnE9cGqoDm+cvAuomGFe2Q7TdH2OpkNzjfOVFM/mxS
sRyTIEC907aJnGlyVXGWCTTJ4vxmY1y/fQ/8xKrgIYzfgh/R/lWX4j/VU86dTXhB
03kfTjmeFy4122aHDad0HtwYo18uZ4LOV/qfnVGRHoctLDMRww==
-----END CERTIFICATE-----