Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/TJXWLM_f1SLJ9QLRgKk5eWFWRWg.roa
File:                     TJXWLM_f1SLJ9QLRgKk5eWFWRWg.roa (raw, json)
Hash identifier:          U09rnHXYuOIiTSo58nsYq7oF2UX+cCeIr2J6otu7qE0=
Subject key identifier:   4C:95:D6:2C:CF:DF:D5:22:C9:F5:02:D1:80:A9:39:79:61:56:45:68
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       019422FC35A8CFE975EE718FB83D01A2F336
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/TJXWLM_f1SLJ9QLRgKk5eWFWRWg.roa
Signing time:             Wed 01 Jan 2025 17:49:01 +0000
ROA not before:           Wed 01 Jan 2025 17:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57494
IP address blocks:        81.31.247.0/24 maxlen: 24
                          185.84.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:35:a8:cf:e9:75:ee:71:8f:b8:3d:01:a2:f3:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan  1 17:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c95d62ccfdfd522c9f502d180a9397961564568
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:da:a6:eb:b7:16:b4:22:be:49:ea:8b:cf:3b:
                    70:65:f7:99:60:19:ae:15:01:be:5b:e4:d3:b7:62:
                    41:93:07:ce:c6:19:2a:4f:7d:e7:25:6d:76:57:3b:
                    42:e3:2e:35:c9:28:59:e2:e7:ff:98:31:f7:80:12:
                    e6:a3:03:53:ce:24:45:4f:68:f9:b0:cc:76:33:b2:
                    3c:12:5e:39:57:ab:6c:de:b0:e4:46:f6:bd:31:3f:
                    83:e0:01:bf:3e:18:c9:f6:05:d5:bf:69:68:35:29:
                    29:6d:7f:66:1b:eb:9a:e2:a1:e8:d2:56:aa:db:64:
                    9e:b6:8e:f9:58:a4:be:bc:3f:2f:01:b4:ae:01:54:
                    84:66:ea:35:73:ef:b9:9e:8e:06:da:f6:15:2f:16:
                    df:fb:64:08:a4:1e:73:be:aa:cd:23:82:d1:4b:42:
                    91:dd:91:8e:56:cc:ee:06:84:9f:83:97:53:d3:e8:
                    2f:a3:98:aa:df:d0:16:6b:a8:b2:e4:0e:67:10:8a:
                    e5:64:f3:c6:ca:6a:4e:a6:b4:82:c2:11:f2:91:69:
                    1d:50:bb:9b:24:bd:ac:91:e3:c5:f2:81:31:a8:61:
                    09:d6:d4:4b:86:2e:da:6d:b9:bc:79:98:cb:4b:55:
                    fe:98:a8:08:14:11:25:8c:77:90:a5:c2:c4:09:ac:
                    4c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:95:D6:2C:CF:DF:D5:22:C9:F5:02:D1:80:A9:39:79:61:56:45:68
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/TJXWLM_f1SLJ9QLRgKk5eWFWRWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.247.0/24
                  185.84.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ee:6f:92:11:d9:1d:b5:e1:12:93:e6:c8:da:1b:26:f7:96:2d:
         2a:47:8a:ac:7c:d9:c7:80:00:c9:fc:94:33:a4:4a:cf:0f:e2:
         a6:7f:fb:b8:88:9f:7a:4c:c8:a5:78:cd:ca:14:d8:94:ec:9a:
         19:9b:29:1c:47:4e:74:db:91:76:a3:72:66:1d:5e:49:0f:2e:
         dd:56:f4:67:12:ee:fe:0a:da:9e:42:a9:b0:f6:0f:44:92:08:
         f6:da:38:3d:43:4b:ab:8d:40:39:d5:73:d3:c9:10:23:ab:5e:
         c9:81:bf:80:9b:a2:51:65:93:2c:62:97:cc:2b:e2:03:5e:6d:
         c8:12:63:c7:ef:6e:e1:66:e6:6a:07:fc:e9:12:2e:fe:20:6d:
         82:e4:67:5a:39:48:29:2c:b5:c8:1f:bd:ab:62:b4:10:45:5e:
         fe:0e:03:78:ec:c6:63:62:d3:66:b4:2d:23:e1:56:ee:a0:35:
         4d:51:66:50:05:cf:77:28:a0:4f:1e:3c:a0:e1:2b:21:ab:36:
         34:2a:a8:c0:ee:f8:b1:eb:6f:04:31:3e:16:b5:20:3f:a8:dd:
         bd:2c:97:77:df:99:a7:d2:3f:da:14:95:93:05:8b:49:8a:f7:
         c3:69:ec:28:41:53:25:11:bd:63:ec:58:18:ed:dd:4f:79:bc:
         b3:a7:26:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi/DWoz+l17nGPuD0BovM2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjUwMTAxMTc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzk1ZDYyY2NmZGZkNTIyYzlmNTAyZDE4MGE5Mzk3OTYxNTY0NTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntqm67cWtCK+SeqLzztwZfeZYBmu
FQG+W+TTt2JBkwfOxhkqT33nJW12VztC4y41yShZ4uf/mDH3gBLmowNTziRFT2j5
sMx2M7I8El45V6ts3rDkRva9MT+D4AG/PhjJ9gXVv2loNSkpbX9mG+ua4qHo0laq
22Seto75WKS+vD8vAbSuAVSEZuo1c++5no4G2vYVLxbf+2QIpB5zvqrNI4LRS0KR
3ZGOVszuBoSfg5dT0+gvo5iq39AWa6iy5A5nEIrlZPPGympOprSCwhHykWkdULub
JL2skePF8oExqGEJ1tRLhi7abbm8eZjLS1X+mKgIFBEljHeQpcLECaxMxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEyV1izP39UiyfUC0YCpOXlhVkVoMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvVEpYV0xNX2YxU0xKOVFMUmdLazVlV0ZXUldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUR/3AwQA
uVSjMA0GCSqGSIb3DQEBCwUAA4IBAQDub5IR2R214RKT5sjaGyb3li0qR4qsfNnH
gADJ/JQzpErPD+Kmf/u4iJ96TMileM3KFNiU7JoZmykcR05025F2o3JmHV5JDy7d
VvRnEu7+CtqeQqmw9g9Ekgj22jg9Q0urjUA51XPTyRAjq17Jgb+Am6JRZZMsYpfM
K+IDXm3IEmPH727hZuZqB/zpEi7+IG2C5GdaOUgpLLXIH72rYrQQRV7+DgN47MZj
YtNmtC0j4VbuoDVNUWZQBc93KKBPHjyg4SshqzY0KqjA7vix628EMT4WtSA/qN29
LJd335mn0j/aFJWTBYtJivfDaewoQVMlEb1j7FgY7d1Pebyzpybw
-----END CERTIFICATE-----