Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/d46001-1609-4487-9150-bf78bb85a69e/1/TAMhyO_TxaxCZl8ndF5QQYJ7fSc.roa
File:                     TAMhyO_TxaxCZl8ndF5QQYJ7fSc.roa (raw, json)
Hash identifier:          fwo98qFwUrEP75fKt0AHaKO4fww5cOw9kGra/QKoqNw=
Subject key identifier:   4C:03:21:C8:EF:D3:C5:AC:42:66:5F:27:74:5E:50:41:82:7B:7D:27
Certificate issuer:       /CN=41bfad97a58cb50cbfc84ec865af3d71c8b185af
Certificate serial:       019422FB30E9B36C865AFED2BB4A98CBB860
Authority key identifier: 41:BF:AD:97:A5:8C:B5:0C:BF:C8:4E:C8:65:AF:3D:71:C8:B1:85:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qb-tl6WMtQy_yE7IZa89ccixha8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/d46001-1609-4487-9150-bf78bb85a69e/1/TAMhyO_TxaxCZl8ndF5QQYJ7fSc.roa
Signing time:             Wed 01 Jan 2025 17:47:54 +0000
ROA not before:           Wed 01 Jan 2025 17:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20794
IP address blocks:        217.12.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/d46001-1609-4487-9150-bf78bb85a69e/1/Qb-tl6WMtQy_yE7IZa89ccixha8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/d46001-1609-4487-9150-bf78bb85a69e/1/Qb-tl6WMtQy_yE7IZa89ccixha8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qb-tl6WMtQy_yE7IZa89ccixha8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:30:e9:b3:6c:86:5a:fe:d2:bb:4a:98:cb:b8:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41bfad97a58cb50cbfc84ec865af3d71c8b185af
        Validity
            Not Before: Jan  1 17:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c0321c8efd3c5ac42665f27745e5041827b7d27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:79:05:0a:aa:8d:69:36:f5:49:8f:93:9c:4b:
                    9f:b9:f7:c7:2f:a1:77:93:66:21:9d:18:5c:fa:0d:
                    9b:e8:3a:ec:63:f0:ab:a9:cf:6f:68:21:c1:f6:56:
                    b6:06:78:0d:6d:60:04:c0:35:8e:cb:0e:86:94:c2:
                    f2:b2:d1:71:a4:fc:ae:76:6e:5e:55:03:4e:ca:a4:
                    48:46:03:59:b1:98:06:8d:65:94:a3:fd:d0:fd:79:
                    ec:a0:e9:9a:0c:cd:1b:0d:ab:37:cc:a4:cc:53:a2:
                    58:ba:b0:e1:36:fd:5d:f8:cf:73:33:be:ab:26:7c:
                    65:5e:5f:a2:d9:eb:a2:84:35:45:c5:82:af:02:01:
                    6a:7e:70:52:a4:9e:5c:92:93:60:d4:65:67:43:7c:
                    30:0a:90:df:51:d1:59:25:f9:09:1d:70:65:3f:31:
                    e2:aa:7a:46:e3:f4:93:da:6d:4e:8c:3c:c5:29:23:
                    4a:c1:1d:f5:13:3c:80:0b:69:3f:fe:49:e0:c2:74:
                    af:60:60:5e:21:f7:4c:ae:8b:07:a5:fb:aa:0c:1a:
                    80:a5:68:76:eb:f1:6f:79:19:f7:51:51:21:ae:26:
                    07:65:f5:b9:57:ed:58:dc:35:bd:34:fc:5a:02:2a:
                    b9:26:71:1b:84:24:de:de:62:7c:d1:73:d6:5a:8e:
                    53:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:03:21:C8:EF:D3:C5:AC:42:66:5F:27:74:5E:50:41:82:7B:7D:27
            X509v3 Authority Key Identifier:
                keyid:41:BF:AD:97:A5:8C:B5:0C:BF:C8:4E:C8:65:AF:3D:71:C8:B1:85:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qb-tl6WMtQy_yE7IZa89ccixha8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/d46001-1609-4487-9150-bf78bb85a69e/1/TAMhyO_TxaxCZl8ndF5QQYJ7fSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/d46001-1609-4487-9150-bf78bb85a69e/1/Qb-tl6WMtQy_yE7IZa89ccixha8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.12.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:55:f8:7a:9c:df:d7:86:ba:f3:ba:1f:ea:b7:a1:50:52:b4:
         5c:7f:18:bd:13:cb:11:16:f5:ef:7d:c3:0f:96:bd:92:63:79:
         92:9e:a5:d6:a4:c9:01:07:0e:5d:fe:74:3c:0c:88:f7:e2:56:
         03:91:5f:36:72:c2:48:2c:a6:df:84:9b:d5:75:5e:5a:06:7d:
         ce:e7:11:cf:11:e2:23:6e:f3:85:12:72:48:96:19:80:ec:8a:
         6e:f2:37:b5:c6:d0:59:8f:d3:4d:1b:cc:64:6b:af:12:53:0e:
         76:57:94:08:90:90:44:15:21:dd:44:0a:b3:cf:f4:40:4f:a2:
         e3:4c:55:00:a0:4c:b1:be:1c:89:00:44:4e:8b:b0:df:5a:09:
         66:93:fd:1e:d7:85:e6:90:42:96:ba:01:e8:c3:ec:54:40:fd:
         58:f0:e0:69:9b:f6:cd:8b:50:93:4f:c3:22:15:a0:e4:ee:66:
         1b:a6:2d:76:d7:90:74:7f:0e:c6:98:a7:8f:9a:82:ee:7c:b9:
         9d:12:a6:d5:17:62:b2:f1:c3:3f:31:f5:52:3b:7b:63:1f:e9:
         64:54:59:7f:75:3b:a2:7d:02:29:e2:9d:88:62:fd:d9:8c:2f:
         3b:69:94:a6:dc:5c:10:1f:2f:bc:e2:d1:09:8b:ad:bc:6e:77:
         4e:48:5e:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+zDps2yGWv7Su0qYy7hgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxYmZhZDk3YTU4Y2I1MGNiZmM4NGVjODY1YWYzZDcxYzhi
MTg1YWYwHhcNMjUwMTAxMTc0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzAzMjFjOGVmZDNjNWFjNDI2NjVmMjc3NDVlNTA0MTgyN2I3ZDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7nkFCqqNaTb1SY+TnEufuffHL6F3
k2YhnRhc+g2b6DrsY/Crqc9vaCHB9la2BngNbWAEwDWOyw6GlMLystFxpPyudm5e
VQNOyqRIRgNZsZgGjWWUo/3Q/XnsoOmaDM0bDas3zKTMU6JYurDhNv1d+M9zM76r
JnxlXl+i2euihDVFxYKvAgFqfnBSpJ5ckpNg1GVnQ3wwCpDfUdFZJfkJHXBlPzHi
qnpG4/ST2m1OjDzFKSNKwR31EzyAC2k//kngwnSvYGBeIfdMrosHpfuqDBqApWh2
6/FveRn3UVEhriYHZfW5V+1Y3DW9NPxaAiq5JnEbhCTe3mJ80XPWWo5TcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwDIcjv08WsQmZfJ3ReUEGCe30nMB8GA1UdIwQY
MBaAFEG/rZeljLUMv8hOyGWvPXHIsYWvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWItdGw2V010UXlfeUU3SVphODljY2l4aGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kNDYwMDEtMTYwOS00NDg3LTkxNTAt
YmY3OGJiODVhNjllLzEvVEFNaHlPX1R4YXhDWmw4bmRGNVFRWUo3ZlNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kNDYwMDEtMTYwOS00NDg3LTkxNTAtYmY3OGJiODVhNjll
LzEvUWItdGw2V010UXlfeUU3SVphODljY2l4aGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2QygMA0G
CSqGSIb3DQEBCwUAA4IBAQAwVfh6nN/Xhrrzuh/qt6FQUrRcfxi9E8sRFvXvfcMP
lr2SY3mSnqXWpMkBBw5d/nQ8DIj34lYDkV82csJILKbfhJvVdV5aBn3O5xHPEeIj
bvOFEnJIlhmA7Ipu8je1xtBZj9NNG8xka68SUw52V5QIkJBEFSHdRAqzz/RAT6Lj
TFUAoEyxvhyJAEROi7DfWglmk/0e14XmkEKWugHow+xUQP1Y8OBpm/bNi1CTT8Mi
FaDk7mYbpi1215B0fw7GmKePmoLufLmdEqbVF2Ky8cM/MfVSO3tjH+lkVFl/dTui
fQIp4p2IYv3ZjC87aZSm3FwQHy+84tEJi628bndOSF57
-----END CERTIFICATE-----