Route Origin Authorization

$ rpki-client -vvf rpki.roa.net/rrdp/xTom/41/326130623a323534323a3a2f34382d3438203d3e20313337323536.roa
File:                     326130623a323534323a3a2f34382d3438203d3e20313337323536.roa (raw, json)
Hash identifier:          b8AnzXFe1r4SzYOIv8Wh1VSgJql09o6QAfvtXQXiK+0=
Subject key identifier:   08:A5:23:41:AE:D2:69:3C:10:F6:B9:EA:5B:96:94:84:92:FB:21:4C
Certificate issuer:       /CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
Certificate serial:       5D4BA79EC66F95376D8668A8241C3E4DE3762842
Authority key identifier: 39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
Subject info access:      rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3a2f34382d3438203d3e20313337323536.roa
Signing time:             Sat 16 Aug 2025 01:48:24 +0000
ROA not before:           Sat 16 Aug 2025 01:43:24 +0000
ROA not after:            Sat 15 Aug 2026 01:48:24 +0000
asID:                     137256
IP address blocks:        2a0b:2542::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl
                          rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:4b:a7:9e:c6:6f:95:37:6d:86:68:a8:24:1c:3e:4d:e3:76:28:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f66f45a59b837ed24d6b9f20c60702114b70bb
        Validity
            Not Before: Aug 16 01:43:24 2025 GMT
            Not After : Aug 15 01:48:24 2026 GMT
        Subject: CN=08A52341AED2693C10F6B9EA5B96948492FB214C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:20:7f:9c:7a:85:15:84:5b:67:03:8b:d7:fd:
                    de:9b:71:78:d1:44:e2:9f:26:73:6e:c7:33:de:5f:
                    c7:af:62:14:af:81:48:5d:aa:9d:73:27:d9:40:53:
                    3d:92:65:69:6d:15:20:fa:87:f7:18:87:b0:cf:dd:
                    cb:39:16:63:63:65:34:d0:01:c3:16:e2:f3:61:95:
                    bb:04:d3:1f:56:e5:78:db:4c:4d:c5:db:5b:96:ac:
                    bf:b1:0f:53:42:b0:7e:96:e8:db:fa:3e:c1:bf:74:
                    61:47:56:15:6f:58:f8:ac:31:f5:28:e0:cf:0d:14:
                    48:f5:28:fb:d4:a4:ec:e4:59:1f:9b:ae:c7:08:d2:
                    73:d2:25:a7:13:37:49:46:c2:c0:17:53:d1:1c:ae:
                    b0:7b:f4:3a:cb:66:20:93:cf:8c:56:b4:8c:9c:94:
                    6d:6e:88:f2:c9:ce:2f:d5:18:7e:34:1b:6d:b2:66:
                    25:31:79:ea:69:63:5b:ba:7a:23:5e:58:9e:ab:2f:
                    29:16:a2:7e:78:00:f0:bc:00:13:eb:26:67:cb:f2:
                    91:25:68:af:3e:72:6b:2d:a9:5e:10:18:b4:0b:8e:
                    0d:d5:b0:a8:dc:f4:2e:fd:5f:94:dc:d1:4d:bd:f9:
                    8f:f5:10:17:c4:f5:a0:e3:fd:f8:4b:22:99:09:1b:
                    b1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:A5:23:41:AE:D2:69:3C:10:F6:B9:EA:5B:96:94:84:92:FB:21:4C
            X509v3 Authority Key Identifier:
                keyid:39:F6:6F:45:A5:9B:83:7E:D2:4D:6B:9F:20:C6:07:02:11:4B:70:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.roa.net/rrdp/xTom/41/39F66F45A59B837ED24D6B9F20C60702114B70BB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfZvRaWbg37STWufIMYHAhFLcLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.roa.net/rrdp/xTom/41/326130623a323534323a3a2f34382d3438203d3e20313337323536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2542::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:63:03:48:2f:24:51:59:8d:f2:7f:48:6b:f9:36:39:1d:81:
         8a:6f:0d:e4:5f:52:57:41:f7:d0:63:22:ec:58:5b:ee:cc:42:
         f2:3e:5f:0e:81:9d:4a:fa:16:cb:b6:ec:ef:b1:9e:91:79:25:
         b6:a1:28:7a:15:ac:81:39:08:37:07:e2:00:00:3e:5f:64:21:
         2d:e8:63:05:21:c8:84:50:fe:bf:b3:5c:75:4a:b7:97:f5:45:
         d9:17:7c:3d:74:59:06:84:ed:6f:18:32:40:fc:ee:77:90:4f:
         10:96:17:71:01:c9:88:4f:4b:af:fd:6b:07:ac:83:b5:6d:8c:
         f3:3e:0e:56:03:d9:eb:7c:35:65:ad:bd:15:7b:f7:46:82:70:
         33:9b:3a:f3:6c:e2:43:93:43:0b:96:09:a0:7d:b7:fa:c2:4a:
         29:07:45:67:42:df:85:fd:c8:c3:fe:ef:dd:e5:98:b4:cb:ab:
         bb:24:46:b0:91:77:b1:75:29:d0:2d:3a:32:bf:3f:a2:7b:96:
         10:ce:86:25:0c:8a:99:1f:cd:ac:8b:7c:9c:fc:3b:13:85:cd:
         ff:c0:24:ff:9b:e0:8e:e3:a9:7e:9f:9e:e5:e9:17:ad:05:0c:
         bf:7a:1e:8d:ab:58:e0:4e:1d:c7:a6:3e:ac:9e:b4:e0:49:2f:
         8e:66:45:a2
-----BEGIN CERTIFICATE-----
MIIEyTCCA7GgAwIBAgIUXUunnsZvlTdthmioJBw+TeN2KEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzlmNjZmNDVhNTliODM3ZWQyNGQ2YjlmMjBjNjA3MDIx
MTRiNzBiYjAeFw0yNTA4MTYwMTQzMjRaFw0yNjA4MTUwMTQ4MjRaMDMxMTAvBgNV
BAMTKDA4QTUyMzQxQUVEMjY5M0MxMEY2QjlFQTVCOTY5NDg0OTJGQjIxNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsIH+ceoUVhFtnA4vX/d6bcXjR
ROKfJnNuxzPeX8evYhSvgUhdqp1zJ9lAUz2SZWltFSD6h/cYh7DP3cs5FmNjZTTQ
AcMW4vNhlbsE0x9W5XjbTE3F21uWrL+xD1NCsH6W6Nv6PsG/dGFHVhVvWPisMfUo
4M8NFEj1KPvUpOzkWR+brscI0nPSJacTN0lGwsAXU9EcrrB79DrLZiCTz4xWtIyc
lG1uiPLJzi/VGH40G22yZiUxeeppY1u6eiNeWJ6rLykWon54APC8ABPrJmfL8pEl
aK8+cmstqV4QGLQLjg3VsKjc9C79X5Tc0U29+Y/1EBfE9aDj/fhLIpkJG7HRAgMB
AAGjggHTMIIBzzAdBgNVHQ4EFgQUCKUjQa7SaTwQ9rnqW5aUhJL7IUwwHwYDVR0j
BBgwFoAUOfZvRaWbg37STWufIMYHAhFLcLswDgYDVR0PAQH/BAQDAgeAMF8GA1Ud
HwRYMFYwVKBSoFCGTnJzeW5jOi8vcnBraS5yb2EubmV0L3JyZHAveFRvbS80MS8z
OUY2NkY0NUE1OUI4MzdFRDI0RDZCOUYyMEM2MDcwMjExNEI3MEJCLmNybDBkBggr
BgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvT2ZadlJhV2JnMzdTVFd1ZklNWUhBaEZMY0xzLmNl
cjB4BggrBgEFBQcBCwRsMGowaAYIKwYBBQUHMAuGXHJzeW5jOi8vcnBraS5yb2Eu
bmV0L3JyZHAveFRvbS80MS8zMjYxMzA2MjNhMzIzNTM0MzIzYTNhMmYzNDM4MmQz
NDM4MjAzZDNlMjAzMTMzMzczMjM1MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqCyVCAAAwDQYJKoZI
hvcNAQELBQADggEBAIFjA0gvJFFZjfJ/SGv5NjkdgYpvDeRfUldB99BjIuxYW+7M
QvI+Xw6BnUr6Fsu27O+xnpF5JbahKHoVrIE5CDcH4gAAPl9kIS3oYwUhyIRQ/r+z
XHVKt5f1RdkXfD10WQaE7W8YMkD87neQTxCWF3EByYhPS6/9awesg7VtjPM+DlYD
2et8NWWtvRV790aCcDObOvNs4kOTQwuWCaB9t/rCSikHRWdC34X9yMP+793lmLTL
q7skRrCRd7F1KdAtOjK/P6J7lhDOhiUMipkfzayLfJz8OxOFzf/AJP+b4I7jqX6f
nuXpF60FDL96Ho2rWOBOHcemPqyetOBJL45mRaI=
-----END CERTIFICATE-----