Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/fjstBPLI--0YJTSJz1c5eLH3zG8.roa
File:                     fjstBPLI--0YJTSJz1c5eLH3zG8.roa (raw, json)
Hash identifier:          9Wv7XHCTiBwKLybpkXtJhd3M2nTLjTnmejqUT/qaus0=
Subject key identifier:   7E:3B:2D:04:F2:C8:FB:ED:18:25:34:89:CF:57:39:78:B1:F7:CC:6F
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       01920970EDEE1001589C24DC37DC57D61495
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/fjstBPLI--0YJTSJz1c5eLH3zG8.roa
Signing time:             Thu 19 Sep 2024 08:40:48 +0000
ROA not before:           Thu 19 Sep 2024 08:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214457
IP address blocks:        194.15.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:09:70:ed:ee:10:01:58:9c:24:dc:37:dc:57:d6:14:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Sep 19 08:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e3b2d04f2c8fbed18253489cf573978b1f7cc6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0b:18:98:a1:99:96:c8:73:15:b6:ac:69:af:
                    3a:f0:26:05:69:8a:e7:37:fd:9d:83:09:c5:e2:99:
                    e7:8b:e5:bb:aa:10:8c:0d:15:9d:a8:62:0a:83:20:
                    62:eb:e4:97:6e:9f:11:b5:f6:c7:e5:e3:2e:76:27:
                    9e:73:80:1c:94:98:82:65:66:2e:f9:41:fc:a0:fc:
                    4a:96:3e:36:91:98:08:27:25:43:50:c4:64:4a:aa:
                    b2:a3:10:93:d6:e7:f6:83:53:19:df:fd:19:df:b7:
                    24:5a:8d:00:3c:af:73:c5:4e:22:11:29:22:a0:39:
                    de:5f:f9:f1:1a:40:81:4b:f8:43:0f:5c:cc:bf:07:
                    2a:ea:6b:fa:16:8a:52:7d:f2:99:18:6c:44:55:d0:
                    bb:11:ea:62:4d:b4:b9:a6:c4:d4:4e:d2:95:37:93:
                    50:2a:51:7d:ec:e3:ea:85:6b:7b:a5:e6:08:96:a8:
                    40:da:16:ae:b0:e8:31:f0:48:d0:cf:c7:87:8f:da:
                    0e:b3:2c:fd:ec:27:96:9d:04:ef:ed:95:9f:cb:ff:
                    49:cb:c2:9e:dd:15:d5:36:09:75:4b:06:b7:7b:6e:
                    ab:6d:ae:df:bd:1a:7c:a1:56:a8:e1:0c:ba:84:a1:
                    62:88:8b:db:f1:f1:de:b9:f0:e5:d1:b1:b5:4d:ff:
                    d2:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:3B:2D:04:F2:C8:FB:ED:18:25:34:89:CF:57:39:78:B1:F7:CC:6F
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/fjstBPLI--0YJTSJz1c5eLH3zG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:ba:8d:e2:c3:88:46:29:20:8c:70:8f:1b:75:fd:fd:66:54:
         e5:3a:85:75:28:7c:70:87:70:e7:ae:ac:09:c2:46:f0:57:89:
         4e:f4:01:52:0f:df:4a:c3:65:7f:02:d5:df:fa:b6:84:8b:12:
         08:b9:af:85:38:85:5d:59:8e:64:db:ee:c9:0a:66:73:a5:b2:
         12:bd:af:c7:3d:88:46:5f:63:2d:21:68:b4:2f:28:e8:de:bb:
         fb:e1:fe:35:54:11:34:e3:42:d5:3c:97:18:d2:d0:a5:25:49:
         cd:81:84:d2:1b:b6:ba:7d:7f:21:45:4b:cb:97:31:3a:55:14:
         8a:68:03:54:69:28:b2:84:a8:53:66:41:ea:2c:e9:29:ef:37:
         9b:a9:be:fe:2d:dc:4b:00:be:fa:1e:f7:a9:af:0e:07:51:f7:
         e7:19:53:ff:42:27:c5:56:46:0c:53:34:e5:b2:63:51:42:14:
         25:32:9a:a4:45:6b:fa:a7:64:e9:ec:dc:62:b4:2c:ff:4b:1c:
         81:cd:15:1a:e6:20:a5:28:0a:82:3b:12:36:b1:e2:08:58:9e:
         cc:32:e1:a8:42:03:24:47:ae:94:54:22:e6:1c:f4:0f:67:d3:
         6c:15:1f:77:d6:fc:d3:96:16:5a:bc:25:4d:c8:55:78:f0:d2:
         8a:37:de:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIJcO3uEAFYnCTcN9xX1hSVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwOTE5MDg0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTNiMmQwNGYyYzhmYmVkMTgyNTM0ODljZjU3Mzk3OGIxZjdjYzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwsYmKGZlshzFbasaa868CYFaYrn
N/2dgwnF4pnni+W7qhCMDRWdqGIKgyBi6+SXbp8RtfbH5eMudieec4AclJiCZWYu
+UH8oPxKlj42kZgIJyVDUMRkSqqyoxCT1uf2g1MZ3/0Z37ckWo0APK9zxU4iESki
oDneX/nxGkCBS/hDD1zMvwcq6mv6FopSffKZGGxEVdC7EepiTbS5psTUTtKVN5NQ
KlF97OPqhWt7peYIlqhA2hausOgx8EjQz8eHj9oOsyz97CeWnQTv7ZWfy/9Jy8Ke
3RXVNgl1Swa3e26rba7fvRp8oVao4Qy6hKFiiIvb8fHeufDl0bG1Tf/SIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH47LQTyyPvtGCU0ic9XOXix98xvMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvZmpzdEJQTEktLTBZSlRTSnoxYzVlTEgzekc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg9hMA0G
CSqGSIb3DQEBCwUAA4IBAQB7uo3iw4hGKSCMcI8bdf39ZlTlOoV1KHxwh3DnrqwJ
wkbwV4lO9AFSD99Kw2V/AtXf+raEixIIua+FOIVdWY5k2+7JCmZzpbISva/HPYhG
X2MtIWi0Lyjo3rv74f41VBE040LVPJcY0tClJUnNgYTSG7a6fX8hRUvLlzE6VRSK
aANUaSiyhKhTZkHqLOkp7zebqb7+LdxLAL76Hveprw4HUffnGVP/QifFVkYMUzTl
smNRQhQlMpqkRWv6p2Tp7NxitCz/SxyBzRUa5iClKAqCOxI2seIIWJ7MMuGoQgMk
R66UVCLmHPQPZ9NsFR931vzTlhZavCVNyFV48NKKN964
-----END CERTIFICATE-----