Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/1106b1-9bdf-4f92-9754-abe52d7aa77e/1/40TampSG5GQkpvyLk5qLlZwkf9M.roa
File:                     40TampSG5GQkpvyLk5qLlZwkf9M.roa (raw, json)
Hash identifier:          cij1fX5KV3iHK8G+eUN/m++nExVx1hf+zVnHeptClME=
Subject key identifier:   E3:44:DA:9A:94:86:E4:64:24:A6:FC:8B:93:9A:8B:95:9C:24:7F:D3
Certificate issuer:       /CN=399eb53226a660b7c93816c616b66d8c76550603
Certificate serial:       0194274773CF7BFC36F8B6560B4D48335CFD
Authority key identifier: 39:9E:B5:32:26:A6:60:B7:C9:38:16:C6:16:B6:6D:8C:76:55:06:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OZ61MiamYLfJOBbGFrZtjHZVBgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/1106b1-9bdf-4f92-9754-abe52d7aa77e/1/40TampSG5GQkpvyLk5qLlZwkf9M.roa
Signing time:             Thu 02 Jan 2025 13:49:41 +0000
ROA not before:           Thu 02 Jan 2025 13:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59783
IP address blocks:        217.144.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/1106b1-9bdf-4f92-9754-abe52d7aa77e/1/OZ61MiamYLfJOBbGFrZtjHZVBgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/1106b1-9bdf-4f92-9754-abe52d7aa77e/1/OZ61MiamYLfJOBbGFrZtjHZVBgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OZ61MiamYLfJOBbGFrZtjHZVBgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:73:cf:7b:fc:36:f8:b6:56:0b:4d:48:33:5c:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=399eb53226a660b7c93816c616b66d8c76550603
        Validity
            Not Before: Jan  2 13:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e344da9a9486e46424a6fc8b939a8b959c247fd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:dd:c5:fc:52:77:fb:52:8e:10:8c:b9:18:d6:
                    ea:1b:21:ef:d9:84:7a:7a:b5:e7:55:67:91:a0:01:
                    e1:bb:63:fa:8d:65:7e:7d:cf:da:9c:9d:57:4f:86:
                    27:a4:51:53:1d:81:53:31:5f:58:14:87:16:e7:d7:
                    5a:25:3f:d4:1f:ae:79:6f:9c:ad:ca:f6:00:8b:46:
                    c7:f4:47:4b:de:2d:09:86:79:07:47:be:cd:87:d6:
                    bc:17:c2:9a:0c:4b:9d:ad:72:97:fa:9a:ce:f0:a7:
                    b6:20:30:f3:81:07:47:fe:d1:01:e7:ea:58:73:ae:
                    3b:bc:49:24:d7:ef:ff:17:aa:af:a0:c2:ea:82:60:
                    35:26:5b:9f:f4:f7:6a:7d:dd:0b:c7:b4:2f:2f:c5:
                    f9:19:5a:9d:84:72:da:4b:4f:cc:52:1c:bc:c2:92:
                    a3:c2:0e:35:b9:5a:f2:ac:d9:6a:ec:26:33:22:f9:
                    8c:fd:f4:a2:56:d9:96:96:e0:0c:93:b9:0c:95:be:
                    e2:e1:df:72:57:55:47:59:d5:ca:3d:c8:dd:d6:20:
                    9a:7a:2b:1a:ce:57:08:85:74:f7:59:20:1d:f4:50:
                    3a:df:2b:c0:d0:41:4c:d7:c8:51:e7:72:61:ec:9e:
                    bf:ba:64:8d:8c:45:18:b8:e1:c9:27:0d:73:43:89:
                    53:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:44:DA:9A:94:86:E4:64:24:A6:FC:8B:93:9A:8B:95:9C:24:7F:D3
            X509v3 Authority Key Identifier:
                keyid:39:9E:B5:32:26:A6:60:B7:C9:38:16:C6:16:B6:6D:8C:76:55:06:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OZ61MiamYLfJOBbGFrZtjHZVBgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/1106b1-9bdf-4f92-9754-abe52d7aa77e/1/40TampSG5GQkpvyLk5qLlZwkf9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/1106b1-9bdf-4f92-9754-abe52d7aa77e/1/OZ61MiamYLfJOBbGFrZtjHZVBgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.144.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:19:a3:49:be:4b:3d:63:b9:77:cb:e4:b1:9b:60:62:c9:2a:
         45:65:d6:04:0a:59:c7:6d:a2:a0:f9:6e:c0:aa:7f:ec:c8:2b:
         8a:f1:6a:3f:44:97:cf:49:e9:c8:39:e8:95:fd:87:f5:c3:43:
         a1:f5:13:0a:5d:cc:ce:07:ad:be:b8:6e:1e:cf:8f:b2:bf:48:
         c6:89:de:85:1e:60:27:75:6e:34:58:53:86:ae:f9:a9:5e:a2:
         95:12:95:c7:ed:ea:77:9b:6d:3a:88:ea:b8:c5:06:af:e1:5a:
         0a:71:0d:09:3f:9a:a7:a9:ac:44:c3:5c:bc:5d:a4:a1:cf:a2:
         de:e5:f7:fd:8c:e2:d5:b1:f8:d9:03:5e:3a:fe:d1:5b:bd:b7:
         17:d6:e0:b4:17:56:ac:b0:21:40:11:4e:02:56:3e:b7:d1:7a:
         51:26:96:67:7d:70:ee:1a:78:dc:85:fa:88:4d:5b:80:b1:19:
         1e:84:19:3e:89:f1:ae:9b:84:02:1b:7a:f5:b1:0e:15:09:dd:
         d8:96:41:5f:16:06:aa:53:18:d0:7f:14:c1:b6:65:2f:87:e6:
         a0:71:d8:9d:19:fe:81:c2:07:c9:9b:91:87:f4:df:1e:e7:1f:
         2f:86:97:de:56:4b:5d:42:8a:df:59:98:1a:c3:21:4f:1b:75:
         1d:02:24:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR3PPe/w2+LZWC01IM1z9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5OWViNTMyMjZhNjYwYjdjOTM4MTZjNjE2YjY2ZDhjNzY1
NTA2MDMwHhcNMjUwMTAyMTM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzQ0ZGE5YTk0ODZlNDY0MjRhNmZjOGI5MzlhOGI5NTljMjQ3ZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxN3F/FJ3+1KOEIy5GNbqGyHv2YR6
erXnVWeRoAHhu2P6jWV+fc/anJ1XT4YnpFFTHYFTMV9YFIcW59daJT/UH655b5yt
yvYAi0bH9EdL3i0JhnkHR77Nh9a8F8KaDEudrXKX+prO8Ke2IDDzgQdH/tEB5+pY
c647vEkk1+//F6qvoMLqgmA1Jluf9Pdqfd0Lx7QvL8X5GVqdhHLaS0/MUhy8wpKj
wg41uVryrNlq7CYzIvmM/fSiVtmWluAMk7kMlb7i4d9yV1VHWdXKPcjd1iCaeisa
zlcIhXT3WSAd9FA63yvA0EFM18hR53Jh7J6/umSNjEUYuOHJJw1zQ4lTEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONE2pqUhuRkJKb8i5Oai5WcJH/TMB8GA1UdIwQY
MBaAFDmetTImpmC3yTgWxha2bYx2VQYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1o2MU1pYW1ZTGZKT0JiR0ZyWnRqSFpWQmdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8xMTA2YjEtOWJkZi00ZjkyLTk3NTQt
YWJlNTJkN2FhNzdlLzEvNDBUYW1wU0c1R1FrcHZ5TGs1cUxsWndrZjlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8xMTA2YjEtOWJkZi00ZjkyLTk3NTQtYWJlNTJkN2FhNzdl
LzEvT1o2MU1pYW1ZTGZKT0JiR0ZyWnRqSFpWQmdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZA0MA0G
CSqGSIb3DQEBCwUAA4IBAQASGaNJvks9Y7l3y+Sxm2BiySpFZdYEClnHbaKg+W7A
qn/syCuK8Wo/RJfPSenIOeiV/Yf1w0Oh9RMKXczOB62+uG4ez4+yv0jGid6FHmAn
dW40WFOGrvmpXqKVEpXH7ep3m206iOq4xQav4VoKcQ0JP5qnqaxEw1y8XaShz6Le
5ff9jOLVsfjZA146/tFbvbcX1uC0F1assCFAEU4CVj630XpRJpZnfXDuGnjchfqI
TVuAsRkehBk+ifGum4QCG3r1sQ4VCd3YlkFfFgaqUxjQfxTBtmUvh+agcdidGf6B
wgfJm5GH9N8e5x8vhpfeVktdQorfWZgawyFPG3UdAiQc
-----END CERTIFICATE-----