Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/BdwKrA3_WtymcZHrin1UbSvaM6I.roa
File:                     BdwKrA3_WtymcZHrin1UbSvaM6I.roa (raw, json)
Hash identifier:          hLYKiWaS6F2wUxf+C0/s1s/an98DLa5OeyodIfFFEK0=
Subject key identifier:   05:DC:0A:AC:0D:FF:5A:DC:A6:71:91:EB:8A:7D:54:6D:2B:DA:33:A2
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       019422200006D4769737D4938F3D84C612C7
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/BdwKrA3_WtymcZHrin1UbSvaM6I.roa
Signing time:             Wed 01 Jan 2025 13:48:30 +0000
ROA not before:           Wed 01 Jan 2025 13:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        77.83.247.0/24 maxlen: 24
                          185.77.217.0/24 maxlen: 24
                          185.77.218.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:00:06:d4:76:97:37:d4:93:8f:3d:84:c6:12:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  1 13:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05dc0aac0dff5adca67191eb8a7d546d2bda33a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0b:f2:f4:cf:6c:f1:7d:5e:61:71:4a:63:af:
                    5b:c8:dd:08:02:8e:e9:ad:f1:a2:dd:f0:24:17:81:
                    10:f7:28:78:3b:75:bb:79:7e:08:99:18:ba:8d:26:
                    ec:3f:31:30:e2:ec:65:24:1f:68:0a:5c:9d:bf:a3:
                    70:ea:d9:14:3c:0f:7d:f8:9c:99:ee:e2:bf:a4:e7:
                    da:9e:bd:93:bd:11:83:1f:47:d0:38:8a:c5:9b:2a:
                    5f:1d:1b:9c:ef:0c:c1:6b:5d:47:b3:c1:3b:f3:c3:
                    5a:a9:6e:a0:e3:db:9c:f4:de:ae:46:de:d3:df:48:
                    47:d6:1c:58:d6:dd:38:bd:79:ce:be:79:04:85:fb:
                    a2:90:cc:6d:d7:46:8e:81:52:f1:ce:59:dd:19:d5:
                    9d:88:0d:d7:f0:d7:e5:ac:e4:e2:4d:6c:66:80:1d:
                    bd:f2:00:ce:e8:ee:ff:b3:95:6e:34:e5:1f:75:22:
                    47:b9:ef:bb:82:02:1b:d0:23:c4:98:cf:03:4c:42:
                    f9:0d:5b:ca:76:e5:71:74:9d:6b:5f:38:43:d4:ce:
                    7c:ee:25:ba:17:eb:45:d6:1f:b5:32:19:f1:7b:78:
                    c7:70:de:47:6b:8e:bf:66:55:1c:23:f3:d5:13:0b:
                    20:d1:f5:37:c7:f1:28:ae:c9:35:57:4f:11:cb:ef:
                    cf:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:DC:0A:AC:0D:FF:5A:DC:A6:71:91:EB:8A:7D:54:6D:2B:DA:33:A2
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/BdwKrA3_WtymcZHrin1UbSvaM6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.247.0/24
                  185.77.217.0-185.77.219.255

    Signature Algorithm: sha256WithRSAEncryption
         95:14:db:88:0a:20:bc:5f:95:b5:53:a1:93:28:07:36:b7:69:
         4a:52:b4:42:ec:d6:45:ae:47:e8:e6:f1:d8:52:c3:fd:e9:c6:
         90:68:64:0e:5c:c7:65:ee:28:91:90:41:37:93:1a:f6:3b:35:
         ee:c6:99:b3:6f:39:70:24:d2:e6:7f:13:f3:b5:fc:08:c6:d0:
         e6:1a:4a:f2:27:53:9e:71:c0:22:2f:f0:bc:5d:a8:d0:49:8f:
         36:50:23:3e:76:c9:86:63:e9:16:23:60:7d:d3:85:9b:d4:42:
         9c:7a:51:15:06:66:82:8f:a5:23:ea:05:31:91:fd:13:8b:94:
         b8:50:45:77:5c:e6:7e:87:18:48:50:8f:3b:1d:61:74:b8:07:
         84:6a:f2:4d:9c:67:5f:31:8f:a2:51:a2:20:0d:a8:d7:fe:ce:
         15:4a:8b:bf:7a:82:cc:76:4f:cb:2f:14:2a:27:bc:99:b3:bb:
         c0:c3:4d:32:43:54:bd:7b:03:de:02:5c:e4:74:5a:f1:44:dd:
         c5:ce:c3:5c:1e:42:24:14:6c:81:06:b4:ba:32:82:6a:2e:c4:
         bb:17:05:3b:c6:b8:46:57:07:22:b4:40:bf:f1:03:1e:c6:54:
         28:2c:f6:85:f4:4a:52:2f:c2:7d:23:be:61:71:93:fa:00:c8:
         3b:67:56:c7
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQiIAAG1HaXN9STjz2ExhLHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwMTAxMTM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWRjMGFhYzBkZmY1YWRjYTY3MTkxZWI4YTdkNTQ2ZDJiZGEzM2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwvy9M9s8X1eYXFKY69byN0IAo7p
rfGi3fAkF4EQ9yh4O3W7eX4ImRi6jSbsPzEw4uxlJB9oClydv6Nw6tkUPA99+JyZ
7uK/pOfanr2TvRGDH0fQOIrFmypfHRuc7wzBa11Hs8E788NaqW6g49uc9N6uRt7T
30hH1hxY1t04vXnOvnkEhfuikMxt10aOgVLxzlndGdWdiA3X8NflrOTiTWxmgB29
8gDO6O7/s5VuNOUfdSJHue+7ggIb0CPEmM8DTEL5DVvKduVxdJ1rXzhD1M587iW6
F+tF1h+1Mhnxe3jHcN5Ha46/ZlUcI/PVEwsg0fU3x/Eorsk1V08Ry+/PVQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAXcCqwN/1rcpnGR64p9VG0r2jOiMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvQmR3S3JBM19XdHltY1pIcmluMVViU3ZhTTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQATVP3MAwD
BAC5TdkDBAK5TdgwDQYJKoZIhvcNAQELBQADggEBAJUU24gKILxflbVToZMoBza3
aUpStELs1kWuR+jm8dhSw/3pxpBoZA5cx2XuKJGQQTeTGvY7Ne7GmbNvOXAk0uZ/
E/O1/AjG0OYaSvInU55xwCIv8LxdqNBJjzZQIz52yYZj6RYjYH3ThZvUQpx6URUG
ZoKPpSPqBTGR/ROLlLhQRXdc5n6HGEhQjzsdYXS4B4Rq8k2cZ18xj6JRoiANqNf+
zhVKi796gsx2T8svFConvJmzu8DDTTJDVL17A94CXOR0WvFE3cXOw1weQiQUbIEG
tLoygmouxLsXBTvGuEZXByK0QL/xAx7GVCgs9oX0SlIvwn0jvmFxk/oAyDtnVsc=
-----END CERTIFICATE-----