Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa
File:                     326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa (raw, json)
Hash identifier:          MdHX3mAcwm0rR7kOpnjhXT8f7asD2NipkfCJ6A5LIZE=
Subject key identifier:   7A:63:D3:AE:CD:16:F2:60:FF:FE:AC:A5:09:35:44:45:FB:F7:A9:90
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       2576BDA9648E0E74566319CEDCEC5E0BD029DE57
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa
Signing time:             Mon 06 Oct 2025 07:50:55 +0000
ROA not before:           Mon 06 Oct 2025 07:45:55 +0000
ROA not after:            Mon 05 Oct 2026 07:50:55 +0000
asID:                     197730
IP address blocks:        2a0b:2542:800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:76:bd:a9:64:8e:0e:74:56:63:19:ce:dc:ec:5e:0b:d0:29:de:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Oct  6 07:45:55 2025 GMT
            Not After : Oct  5 07:50:55 2026 GMT
        Subject: CN=7A63D3AECD16F260FFFEACA509354445FBF7A990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:22:d4:9e:62:79:62:10:e3:8d:39:f3:5f:ef:
                    6a:fd:96:2b:a0:e6:34:5c:4a:15:f3:76:87:65:d6:
                    8f:eb:37:01:83:e0:12:d1:fc:67:a3:a6:67:d1:68:
                    12:4b:d5:60:2d:b9:25:3d:42:6e:34:25:29:e1:59:
                    27:c4:20:bb:f3:b8:fc:64:63:56:9d:e2:20:c8:da:
                    b5:21:32:13:dd:ec:fa:d1:20:2a:04:16:2a:c5:56:
                    d0:dc:0a:87:72:a5:ff:3a:af:9c:21:1b:4d:41:41:
                    e2:25:bb:9f:9f:70:37:48:00:d0:6e:e0:94:b9:82:
                    bc:4d:37:0a:f5:00:9c:2d:48:ae:af:4f:05:28:ea:
                    f4:15:7b:62:4c:3f:5e:02:62:be:11:eb:ab:9f:f4:
                    f9:74:ea:d3:0e:00:1e:fc:60:db:ea:6e:40:6d:cf:
                    b0:75:43:31:03:aa:ca:0f:bd:ed:dc:4d:34:61:42:
                    08:14:5f:4e:9c:2f:bb:76:78:50:20:75:dd:26:fd:
                    df:99:70:2f:1c:00:c8:17:3b:f9:dc:6a:9a:6c:80:
                    b2:97:25:43:8e:fb:15:70:77:fc:80:ac:18:88:75:
                    cc:dd:16:96:56:3a:07:7a:74:60:ed:01:95:13:67:
                    48:5a:89:a7:ba:ae:a8:ce:f7:f0:44:fa:7a:59:0d:
                    ce:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:63:D3:AE:CD:16:F2:60:FF:FE:AC:A5:09:35:44:45:FB:F7:A9:90
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3830303a3a2f34302d3438203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         68:80:71:ce:ab:6c:22:1f:b7:93:9e:d5:31:a1:d2:ac:8d:01:
         8a:65:37:8b:6d:f4:1b:9b:8e:7a:3b:a3:e0:36:6f:4a:ba:ba:
         df:7e:00:a8:18:5a:dd:fb:24:e9:d2:35:2c:d1:b0:7f:6d:4f:
         e2:ec:ba:d4:eb:72:c7:37:34:c9:9c:a7:d4:20:80:27:c2:21:
         72:9d:ca:63:d4:64:96:3f:d3:a7:a3:57:71:26:1d:3c:66:2d:
         ff:b3:46:7a:3f:26:ac:26:ae:3f:94:69:55:69:dd:21:7a:5a:
         7c:d7:f9:e7:88:e3:0a:7a:f2:ef:f8:2e:f5:f9:32:49:6a:d1:
         36:42:0d:00:20:fc:98:6b:e3:be:e7:5d:2b:68:c8:69:a5:b7:
         6d:4b:30:e7:ed:29:05:b0:42:3f:36:09:1e:e2:92:bb:92:cd:
         0e:94:fc:3e:a1:e9:23:08:70:71:f7:c1:45:15:bb:ca:75:b6:
         08:a7:f6:c9:76:95:c3:ab:f9:46:4f:d4:95:f9:91:6f:a7:13:
         ac:76:a7:a4:0d:88:60:3a:26:cb:5d:de:bd:94:55:c7:85:51:
         70:7e:1e:b7:39:55:7e:c8:15:65:aa:e3:3a:19:ce:07:2f:ac:
         03:f4:56:b8:72:0d:16:ec:5e:09:dd:88:f8:0f:eb:2d:74:9c:
         1c:ae:fb:1a
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUJXa9qWSODnRWYxnO3OxeC9Ap3lcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTEwMDYwNzQ1NTVaFw0yNjEwMDUwNzUwNTVaMDMxMTAvBgNV
BAMTKDdBNjNEM0FFQ0QxNkYyNjBGRkZFQUNBNTA5MzU0NDQ1RkJGN0E5OTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnItSeYnliEOONOfNf72r9liug
5jRcShXzdodl1o/rNwGD4BLR/GejpmfRaBJL1WAtuSU9Qm40JSnhWSfEILvzuPxk
Y1ad4iDI2rUhMhPd7PrRICoEFirFVtDcCodypf86r5whG01BQeIlu5+fcDdIANBu
4JS5grxNNwr1AJwtSK6vTwUo6vQVe2JMP14CYr4R66uf9Pl06tMOAB78YNvqbkBt
z7B1QzEDqsoPve3cTTRhQggUX06cL7t2eFAgdd0m/d+ZcC8cAMgXO/ncappsgLKX
JUOO+xVwd/yArBiIdczdFpZWOgd6dGDtAZUTZ0haiae6rqjO9/BE+npZDc7JAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUemPTrs0W8mD//qylCTVERfv3qZAwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jwa2kucm9h
Lm5ldC9ycmRwL3hUb20vNDEvMzI2MTMwNjIzYTMyMzUzNDMyM2EzODMwMzAzYTNh
MmYzNDMwMmQzNDM4MjAzZDNlMjAzMTM5MzczNzMzMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqCyVC
CDANBgkqhkiG9w0BAQsFAAOCAQEAaIBxzqtsIh+3k57VMaHSrI0BimU3i230G5uO
ejuj4DZvSrq6334AqBha3fsk6dI1LNGwf21P4uy61Otyxzc0yZyn1CCAJ8Ihcp3K
Y9Rklj/Tp6NXcSYdPGYt/7NGej8mrCauP5RpVWndIXpafNf554jjCnry7/gu9fky
SWrRNkINACD8mGvjvuddK2jIaaW3bUsw5+0pBbBCPzYJHuKSu5LNDpT8PqHpIwhw
cffBRRW7ynW2CKf2yXaVw6v5Rk/UlfmRb6cTrHanpA2IYDomy13evZRVx4VRcH4e
tzlVfsgVZarjOhnOBy+sA/RWuHINFuxeCd2I+A/rLXScHK77Gg==
-----END CERTIFICATE-----