Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_bs_FizNiaQaAN_paY1ZGIqFPdY.roa
File:                     _bs_FizNiaQaAN_paY1ZGIqFPdY.roa (raw, json)
Hash identifier:          3PVyOtemMpbDydspJ2ysEWrupxMsE/nxxk1eA/ejRYg=
Subject key identifier:   FD:BB:3F:16:2C:CD:89:A4:1A:00:DF:E9:69:8D:59:18:8A:85:3D:D6
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942C83723A4BB69E4284B1E72B8CE48DBD
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_bs_FizNiaQaAN_paY1ZGIqFPdY.roa
Signing time:             Fri 03 Jan 2025 14:13:19 +0000
ROA not before:           Fri 03 Jan 2025 14:13:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213918
IP address blocks:        31.57.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2c:83:72:3a:4b:b6:9e:42:84:b1:e7:2b:8c:e4:8d:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  3 14:13:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdbb3f162ccd89a41a00dfe9698d59188a853dd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1a:92:ee:04:02:b2:b0:fa:01:17:ba:e1:51:
                    3d:ec:e0:e7:75:d0:1a:b7:d5:40:97:91:ca:8e:b8:
                    51:49:9d:1b:ad:f4:7e:f3:92:d7:8a:3c:14:a7:dd:
                    9d:4b:57:81:fb:4c:4c:60:9c:bb:85:50:e6:76:dd:
                    57:e6:78:d9:f3:4a:82:15:0c:20:e1:12:d7:e9:58:
                    78:80:bd:24:97:7f:ec:bd:24:72:fa:c6:31:7e:1e:
                    4d:c3:e7:24:9f:21:12:78:6e:54:48:12:45:d2:02:
                    c2:67:43:2a:81:18:5b:25:44:aa:3f:43:8b:2f:6a:
                    49:e2:b0:dc:35:c0:f5:a3:28:44:12:46:40:49:67:
                    2f:4e:78:1c:02:ec:a9:89:03:ba:ce:1e:5c:4f:bc:
                    8a:33:1c:b7:37:10:88:cf:1c:40:33:29:e6:cd:df:
                    ed:29:ac:85:56:02:49:c2:dc:4b:d9:3d:c6:9d:1f:
                    12:d0:b9:ed:a8:7e:2f:cb:2e:22:58:9e:aa:a3:b3:
                    48:ee:15:ff:07:ae:99:78:bf:7e:b9:e0:8c:cb:f9:
                    e4:af:c4:ae:8d:14:3c:6f:35:c8:5f:ba:58:d0:02:
                    a5:59:a3:d0:a2:7b:c4:93:5d:97:4b:91:b9:bf:e8:
                    5f:5e:d3:44:ff:58:48:b6:dc:b4:b2:6c:f3:44:04:
                    ec:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:BB:3F:16:2C:CD:89:A4:1A:00:DF:E9:69:8D:59:18:8A:85:3D:D6
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/_bs_FizNiaQaAN_paY1ZGIqFPdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:7f:47:25:75:de:ca:71:23:1e:4c:ec:bc:a7:83:47:c1:ad:
         7d:e7:49:af:aa:8b:2f:2b:c1:fa:35:d2:b9:13:26:49:7b:9f:
         bb:66:32:00:fc:d0:c4:74:00:3d:ec:15:19:85:30:25:1e:41:
         6e:f1:d5:57:44:77:7d:36:0a:7f:44:4a:4b:cb:62:a4:af:c4:
         d5:c8:c6:eb:8b:2d:05:ff:ed:cb:08:a7:fe:99:fe:d7:95:72:
         88:e8:8e:69:33:bc:c8:9e:05:6b:ed:15:71:97:dd:96:e7:c2:
         77:c5:99:3c:04:5c:b3:8b:4b:80:a0:a9:e8:92:5a:ec:bd:54:
         ae:87:3b:1e:cc:f4:12:cb:32:5c:89:84:42:82:65:13:29:21:
         35:3f:fe:9c:bf:0c:cb:26:9d:05:42:8c:66:77:b0:d5:cb:c2:
         fb:74:8a:4c:3d:0b:d8:86:93:5c:11:f5:78:d0:42:50:b9:48:
         d3:b9:02:ac:64:c8:9b:ce:bf:16:2c:0d:77:66:fc:39:81:bd:
         10:3a:b0:47:fd:12:a6:36:d2:75:ed:13:d0:2d:f7:2b:92:67:
         74:fd:3d:f3:90:4c:41:de:47:c5:5d:71:c2:96:a0:01:d8:4f:
         ea:56:25:b3:5f:c8:e2:38:6b:b5:17:50:4b:b5:ed:6c:21:02:
         92:6f:13:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQsg3I6S7aeQoSx5yuM5I29MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAzMTQxMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGJiM2YxNjJjY2Q4OWE0MWEwMGRmZTk2OThkNTkxODhhODUzZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhqS7gQCsrD6ARe64VE97ODnddAa
t9VAl5HKjrhRSZ0brfR+85LXijwUp92dS1eB+0xMYJy7hVDmdt1X5njZ80qCFQwg
4RLX6Vh4gL0kl3/svSRy+sYxfh5Nw+cknyESeG5USBJF0gLCZ0MqgRhbJUSqP0OL
L2pJ4rDcNcD1oyhEEkZASWcvTngcAuypiQO6zh5cT7yKMxy3NxCIzxxAMynmzd/t
KayFVgJJwtxL2T3GnR8S0LntqH4vyy4iWJ6qo7NI7hX/B66ZeL9+ueCMy/nkr8Su
jRQ8bzXIX7pY0AKlWaPQonvEk12XS5G5v+hfXtNE/1hItty0smzzRATsFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP27PxYszYmkGgDf6WmNWRiKhT3WMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvX2JzX0Zpek5pYVFhQU5fcGFZMVpHSXFGUGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmYMA0G
CSqGSIb3DQEBCwUAA4IBAQCBf0cldd7KcSMeTOy8p4NHwa1950mvqosvK8H6NdK5
EyZJe5+7ZjIA/NDEdAA97BUZhTAlHkFu8dVXRHd9Ngp/REpLy2Kkr8TVyMbriy0F
/+3LCKf+mf7XlXKI6I5pM7zIngVr7RVxl92W58J3xZk8BFyzi0uAoKnoklrsvVSu
hzsezPQSyzJciYRCgmUTKSE1P/6cvwzLJp0FQoxmd7DVy8L7dIpMPQvYhpNcEfV4
0EJQuUjTuQKsZMibzr8WLA13Zvw5gb0QOrBH/RKmNtJ17RPQLfcrkmd0/T3zkExB
3kfFXXHClqAB2E/qViWzX8jiOGu1F1BLte1sIQKSbxMD
-----END CERTIFICATE-----