Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BiG3Lboa-yi8-3cO8dbg_kY8s0s.roa
File:                     BiG3Lboa-yi8-3cO8dbg_kY8s0s.roa (raw, json)
Hash identifier:          PUhj3yqAe/tyjqOgmwwn8VbtMRCG2TFNmQSth1ouqx8=
Subject key identifier:   06:21:B7:2D:BA:1A:FB:28:BC:FB:77:0E:F1:D6:E0:FE:46:3C:B3:4B
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0194ABE914415F683DFFC6F2E2567BC52D4D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BiG3Lboa-yi8-3cO8dbg_kY8s0s.roa
Signing time:             Tue 28 Jan 2025 07:56:06 +0000
ROA not before:           Tue 28 Jan 2025 07:56:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        95.82.40.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ab:e9:14:41:5f:68:3d:ff:c6:f2:e2:56:7b:c5:2d:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan 28 07:56:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0621b72dba1afb28bcfb770ef1d6e0fe463cb34b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:52:f2:84:26:42:95:ed:14:ec:6b:71:bc:b1:
                    21:41:64:fa:1c:da:18:ce:c5:89:63:f3:b3:af:52:
                    cc:f5:1c:5a:60:bb:90:9a:4c:10:24:0e:90:ef:3d:
                    0a:d3:c3:2f:37:6f:56:e3:c4:87:ca:95:d3:45:18:
                    54:47:b0:1d:58:cd:61:72:b2:94:40:1f:84:d7:71:
                    bb:2c:df:80:53:d1:af:56:dc:23:30:0e:53:c5:eb:
                    e9:15:49:58:fb:8f:cc:1d:51:76:d5:e4:9b:74:7b:
                    b7:fd:c2:ae:0c:c6:04:07:50:db:99:00:cc:86:f7:
                    af:28:2e:86:d4:64:ed:4e:e1:41:99:71:2f:49:b5:
                    20:78:b4:76:89:ec:28:69:02:42:5e:cf:c1:09:11:
                    b3:bd:99:3a:e8:71:12:b2:71:6a:65:21:cb:af:9a:
                    67:f0:3a:94:82:a4:98:09:94:fe:82:3e:98:77:df:
                    2d:d4:4f:82:cd:e7:60:82:c2:46:e0:b4:1d:18:e3:
                    0e:17:a7:7e:bc:b2:f4:e4:c4:e4:f7:a3:73:0a:59:
                    44:f7:e0:d4:2b:4f:42:4b:18:09:05:0b:9d:ea:51:
                    97:64:79:65:56:9b:9b:ff:de:e4:0f:3d:30:c5:b6:
                    ed:ee:8d:6c:f1:57:23:94:37:a4:64:7b:bf:e9:f2:
                    57:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:21:B7:2D:BA:1A:FB:28:BC:FB:77:0E:F1:D6:E0:FE:46:3C:B3:4B
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BiG3Lboa-yi8-3cO8dbg_kY8s0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.82.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9b:a3:88:27:cc:0e:1d:e1:9d:68:50:3f:79:cf:57:03:ad:e8:
         31:bf:a1:04:34:85:4f:14:c4:c7:6a:c4:34:3d:b6:a6:f5:49:
         b0:fa:e3:4d:a2:96:c4:d6:65:29:0d:87:dd:94:7e:41:9b:1f:
         26:13:35:09:89:d6:59:63:1a:0c:c8:fc:6b:49:9d:c1:b7:bb:
         ba:93:c8:c1:c3:c6:60:c8:0c:9b:46:02:5b:0e:9f:21:7c:6b:
         f8:22:28:69:f0:6a:d0:d1:f0:23:ac:0e:54:27:2a:97:a3:36:
         1e:fb:59:9a:4f:85:1a:41:1a:b6:4c:ef:f8:68:03:9a:1c:26:
         2a:ee:50:af:9a:89:94:3c:c2:1d:02:50:c9:9d:42:ab:eb:b6:
         eb:2c:06:df:3c:47:27:96:4b:72:98:33:e2:a5:86:04:cc:be:
         71:09:2c:d2:cb:f2:d4:a5:c6:b0:6b:d1:10:8f:90:07:56:1a:
         6c:bf:1e:aa:ba:f3:5a:c1:1e:83:97:a1:2b:95:f9:9f:ed:b6:
         9d:54:3e:62:0c:1f:fa:92:83:6e:d1:8c:1f:83:f4:b2:7f:09:
         e1:00:2e:2a:cd:43:03:48:ba:50:01:47:e7:0e:18:10:a7:2c:
         0a:7b:76:eb:59:3b:82:03:d2:63:48:24:cf:ce:a3:b0:5c:0e:
         15:2e:de:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSr6RRBX2g9/8by4lZ7xS1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTI4MDc1NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjIxYjcyZGJhMWFmYjI4YmNmYjc3MGVmMWQ2ZTBmZTQ2M2NiMzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlLyhCZCle0U7GtxvLEhQWT6HNoY
zsWJY/Ozr1LM9RxaYLuQmkwQJA6Q7z0K08MvN29W48SHypXTRRhUR7AdWM1hcrKU
QB+E13G7LN+AU9GvVtwjMA5TxevpFUlY+4/MHVF21eSbdHu3/cKuDMYEB1DbmQDM
hvevKC6G1GTtTuFBmXEvSbUgeLR2iewoaQJCXs/BCRGzvZk66HESsnFqZSHLr5pn
8DqUgqSYCZT+gj6Yd98t1E+CzedggsJG4LQdGOMOF6d+vLL05MTk96NzCllE9+DU
K09CSxgJBQud6lGXZHllVpub/97kDz0wxbbt7o1s8VcjlDekZHu/6fJXewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYhty26GvsovPt3DvHW4P5GPLNLMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvQmlHM0xib2EteWk4LTNjTzhkYmdfa1k4czBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX1IoMA0G
CSqGSIb3DQEBCwUAA4IBAQCbo4gnzA4d4Z1oUD95z1cDregxv6EENIVPFMTHasQ0
Pbam9Umw+uNNopbE1mUpDYfdlH5Bmx8mEzUJidZZYxoMyPxrSZ3Bt7u6k8jBw8Zg
yAybRgJbDp8hfGv4Iihp8GrQ0fAjrA5UJyqXozYe+1maT4UaQRq2TO/4aAOaHCYq
7lCvmomUPMIdAlDJnUKr67brLAbfPEcnlktymDPipYYEzL5xCSzSy/LUpcawa9EQ
j5AHVhpsvx6quvNawR6Dl6Erlfmf7badVD5iDB/6koNu0Ywfg/SyfwnhAC4qzUMD
SLpQAUfnDhgQpywKe3brWTuCA9JjSCTPzqOwXA4VLt4w
-----END CERTIFICATE-----