Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/BoG23-hU6aLnORa5fAFyExELy2Q.roa
File:                     BoG23-hU6aLnORa5fAFyExELy2Q.roa (raw, json)
Hash identifier:          7PLhZA2QvLLlRihbluQxWHzQ8l7aMC7leTU8/xYnBAM=
Subject key identifier:   06:81:B6:DF:E8:54:E9:A2:E7:39:16:B9:7C:01:72:13:11:0B:CB:64
Certificate issuer:       /CN=7302cdc29fdca09e9a0f3f7d2113da85a7e1d654
Certificate serial:       019B8E1E6E6DCC17C6609A8289FEC38C744A
Authority key identifier: 73:02:CD:C2:9F:DC:A0:9E:9A:0F:3F:7D:21:13:DA:85:A7:E1:D6:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cwLNwp_coJ6aDz99IRPahafh1lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/BoG23-hU6aLnORa5fAFyExELy2Q.roa
Signing time:             Mon 05 Jan 2026 12:25:17 +0000
ROA not before:           Mon 05 Jan 2026 12:25:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206648
IP address blocks:        77.223.140.0/24 maxlen: 24
                          195.244.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/cwLNwp_coJ6aDz99IRPahafh1lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/cwLNwp_coJ6aDz99IRPahafh1lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cwLNwp_coJ6aDz99IRPahafh1lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:8e:1e:6e:6d:cc:17:c6:60:9a:82:89:fe:c3:8c:74:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7302cdc29fdca09e9a0f3f7d2113da85a7e1d654
        Validity
            Not Before: Jan  5 12:25:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0681b6dfe854e9a2e73916b97c017213110bcb64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f1:1a:9d:72:29:4d:05:1b:12:9c:cc:70:c5:
                    b8:30:29:a7:c4:48:69:44:3c:02:10:45:e2:b2:a5:
                    95:b9:87:25:7d:15:b8:1e:67:85:b2:60:c7:48:66:
                    72:c7:39:32:fa:61:7c:0c:ef:d9:58:0d:34:c4:9b:
                    7a:8d:60:00:ea:77:e2:0a:14:88:d1:e5:fc:38:1b:
                    39:6c:00:b5:cc:d5:dd:0b:11:68:d9:d9:ee:42:27:
                    2e:be:25:f6:c3:8b:7f:be:a9:fa:ea:ed:09:33:b5:
                    d9:a3:01:0f:f3:a4:06:2b:aa:f1:c3:e1:bd:3e:6c:
                    28:ee:25:4c:83:4f:b4:70:fa:ce:a5:0d:7f:11:14:
                    18:a8:9f:bc:29:d9:0b:0b:d4:e8:d1:d0:3e:5a:b6:
                    ff:c3:a2:89:80:cb:70:52:c1:f4:e0:a9:b9:54:04:
                    01:a1:c5:5e:87:ef:c6:20:72:fc:b7:64:75:a5:05:
                    63:55:21:4f:b0:17:d6:b4:80:24:3b:cc:c0:f2:5d:
                    03:2c:32:cc:7e:fc:86:75:23:00:68:ff:72:87:b9:
                    1e:0a:2d:cc:49:29:eb:03:c9:3f:82:57:36:49:a1:
                    09:48:4e:48:39:df:df:aa:10:8b:60:b7:a8:fa:af:
                    45:ae:71:37:08:13:a0:3d:d9:53:0d:4c:72:a3:96:
                    07:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:81:B6:DF:E8:54:E9:A2:E7:39:16:B9:7C:01:72:13:11:0B:CB:64
            X509v3 Authority Key Identifier:
                keyid:73:02:CD:C2:9F:DC:A0:9E:9A:0F:3F:7D:21:13:DA:85:A7:E1:D6:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cwLNwp_coJ6aDz99IRPahafh1lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/BoG23-hU6aLnORa5fAFyExELy2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/77217d-814b-486a-8ef2-fe0333ed005f/1/cwLNwp_coJ6aDz99IRPahafh1lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.223.140.0/24
                  195.244.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:ed:17:4f:46:0b:5b:79:8d:f9:f9:75:6a:8a:c7:7c:bf:01:
         65:96:8b:cd:4c:29:fb:14:12:4a:28:39:42:6d:31:6a:e1:08:
         a1:ff:b0:ba:51:c7:77:a3:cb:d9:59:80:b4:69:3d:7c:a1:12:
         2f:76:61:91:ee:f7:16:80:ce:15:6c:c1:66:b3:f2:4f:c0:4d:
         c1:6c:11:21:84:30:59:6b:d4:01:09:31:bd:49:a8:5d:20:a6:
         b2:fb:4b:8c:c0:5d:2f:a8:84:1e:65:cb:9f:01:4f:8f:8a:ab:
         e5:a5:9f:3f:f2:c0:a1:73:de:43:6f:30:cc:e8:ce:1f:7b:83:
         62:3c:59:9a:51:5c:44:3d:b9:d1:40:3d:f0:74:db:da:e8:3f:
         d5:56:1b:fb:f6:3c:87:5c:10:fb:20:32:37:6f:b9:a7:fc:e7:
         14:eb:e4:d6:55:4b:aa:fe:3e:24:7b:71:a7:70:67:b0:2c:1b:
         b9:56:02:e9:eb:0d:c9:9f:e6:df:3d:c6:25:f7:c5:7e:4e:84:
         b0:95:a3:89:6f:48:2d:0e:f8:45:9d:7a:79:ff:19:ae:6d:7a:
         ca:b4:4d:e2:22:9b:c6:10:10:6d:d2:1d:ba:f3:98:bd:b4:63:
         ee:37:bf:63:5c:51:80:96:d6:77:c1:38:45:7b:5e:fe:32:93:
         db:6b:91:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZuOHm5tzBfGYJqCif7DjHRKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMDJjZGMyOWZkY2EwOWU5YTBmM2Y3ZDIxMTNkYTg1YTdl
MWQ2NTQwHhcNMjYwMTA1MTIyNTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjgxYjZkZmU4NTRlOWEyZTczOTE2Yjk3YzAxNzIxMzExMGJjYjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPEanXIpTQUbEpzMcMW4MCmnxEhp
RDwCEEXisqWVuYclfRW4HmeFsmDHSGZyxzky+mF8DO/ZWA00xJt6jWAA6nfiChSI
0eX8OBs5bAC1zNXdCxFo2dnuQicuviX2w4t/vqn66u0JM7XZowEP86QGK6rxw+G9
Pmwo7iVMg0+0cPrOpQ1/ERQYqJ+8KdkLC9To0dA+Wrb/w6KJgMtwUsH04Km5VAQB
ocVeh+/GIHL8t2R1pQVjVSFPsBfWtIAkO8zA8l0DLDLMfvyGdSMAaP9yh7keCi3M
SSnrA8k/glc2SaEJSE5IOd/fqhCLYLeo+q9FrnE3CBOgPdlTDUxyo5YHmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAaBtt/oVOmi5zkWuXwBchMRC8tkMB8GA1UdIwQY
MBaAFHMCzcKf3KCemg8/fSET2oWn4dZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3dMTndwX2NvSjZhRHo5OUlSUGFoYWZoMWxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC83NzIxN2QtODE0Yi00ODZhLThlZjIt
ZmUwMzMzZWQwMDVmLzEvQm9HMjMtaFU2YUxuT1JhNWZBRnlFeEVMeTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC83NzIxN2QtODE0Yi00ODZhLThlZjItZmUwMzMzZWQwMDVm
LzEvY3dMTndwX2NvSjZhRHo5OUlSUGFoYWZoMWxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATd+MAwQA
w/QtMA0GCSqGSIb3DQEBCwUAA4IBAQAy7RdPRgtbeY35+XVqisd8vwFllovNTCn7
FBJKKDlCbTFq4Qih/7C6Ucd3o8vZWYC0aT18oRIvdmGR7vcWgM4VbMFms/JPwE3B
bBEhhDBZa9QBCTG9SahdIKay+0uMwF0vqIQeZcufAU+PiqvlpZ8/8sChc95DbzDM
6M4fe4NiPFmaUVxEPbnRQD3wdNva6D/VVhv79jyHXBD7IDI3b7mn/OcU6+TWVUuq
/j4ke3GncGewLBu5VgLp6w3Jn+bfPcYl98V+ToSwlaOJb0gtDvhFnXp5/xmubXrK
tE3iIpvGEBBt0h2685i9tGPuN79jXFGAltZ3wThFe17+MpPba5GR
-----END CERTIFICATE-----