Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/BqfUS67NwEGbDUdjYax38K2Njlg.roa
File:                     BqfUS67NwEGbDUdjYax38K2Njlg.roa (raw, json)
Hash identifier:          FXBdDnrJbkKIYFCTwLmrjslC3wsmF26/kRrmIGLYDVE=
Subject key identifier:   06:A7:D4:4B:AE:CD:C0:41:9B:0D:47:63:61:AC:77:F0:AD:8D:8E:58
Certificate issuer:       /CN=f030658f16d2d88d34164592fcd4de13131f1695
Certificate serial:       0199C7F7035C56E737A6C23ABDC1C30C0496
Authority key identifier: F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/BqfUS67NwEGbDUdjYax38K2Njlg.roa
Signing time:             Thu 09 Oct 2025 07:54:38 +0000
ROA not before:           Thu 09 Oct 2025 07:54:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216024
IP address blocks:        45.15.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 10:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c7:f7:03:5c:56:e7:37:a6:c2:3a:bd:c1:c3:0c:04:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f030658f16d2d88d34164592fcd4de13131f1695
        Validity
            Not Before: Oct  9 07:54:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06a7d44baecdc0419b0d476361ac77f0ad8d8e58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b1:ed:86:90:8c:4a:d9:fd:10:47:32:0a:1a:
                    ac:db:a1:21:13:62:c1:5d:fa:e8:cd:6a:04:1c:3d:
                    7e:a4:ed:7f:57:2d:1b:59:e2:b9:ae:c2:73:f0:5e:
                    9d:44:c0:12:15:d9:e3:a8:8c:37:43:6a:aa:d6:04:
                    15:fc:c0:68:48:cd:2a:fd:96:bd:18:53:b1:71:ec:
                    50:74:37:5d:0f:58:12:fd:20:4e:6c:42:a2:6e:f6:
                    88:7d:e5:96:1e:49:d6:b0:ac:59:0b:86:56:66:2e:
                    9b:bf:17:18:49:bd:2f:08:e5:c3:0f:eb:f0:ad:b8:
                    d2:a7:39:48:50:89:3d:6a:d9:29:2e:7f:b5:94:88:
                    44:83:28:82:ee:a3:97:ab:7e:bc:0d:a6:3f:e2:83:
                    34:77:70:66:50:66:87:86:b5:91:81:9b:3e:4d:12:
                    a2:18:6d:cb:ed:91:66:e2:6d:9b:24:6a:b1:83:57:
                    64:0c:ea:28:c4:96:fc:b1:d4:52:8a:d0:f1:47:d8:
                    28:c2:28:0f:b3:af:d5:8b:13:b6:15:31:28:f7:0a:
                    b3:40:e6:2c:41:d4:19:80:ed:4e:aa:c9:b3:82:40:
                    18:51:13:e5:56:ad:1a:be:2c:4c:55:af:6e:6d:e5:
                    6a:ef:88:05:a6:bb:a3:ab:a7:81:fd:c5:94:b9:b0:
                    36:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:A7:D4:4B:AE:CD:C0:41:9B:0D:47:63:61:AC:77:F0:AD:8D:8E:58
            X509v3 Authority Key Identifier:
                keyid:F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/BqfUS67NwEGbDUdjYax38K2Njlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:68:ec:ad:26:d4:9c:cd:8a:88:5e:01:bf:e9:64:1c:23:1a:
         92:76:c2:c5:b3:9b:4e:61:48:48:d1:ab:cd:e6:57:d0:77:c8:
         20:ee:d8:c7:f1:9b:20:33:5d:58:8d:d8:b9:52:4d:37:e5:51:
         41:2d:76:b6:e3:cb:9b:de:df:d5:7f:a3:cc:da:b6:47:41:9f:
         9b:8d:ad:b4:42:6b:be:2b:5e:ee:4c:89:3f:65:8f:7a:df:50:
         99:99:f6:44:bb:b3:1d:8a:11:87:c3:a1:c5:26:96:6c:4d:04:
         1d:d4:da:db:e3:2b:5d:2d:86:75:ad:5d:66:9c:5c:a3:b1:a3:
         d0:3f:00:18:b4:8c:2e:d1:14:77:b9:27:1f:06:df:5d:30:20:
         78:c2:dc:ab:7f:c2:bd:30:9b:cf:eb:68:c4:81:34:ef:7a:32:
         bd:e2:78:93:25:e4:1f:61:95:97:d6:ba:10:15:27:c2:8c:2e:
         21:d5:89:1f:29:e3:90:28:dd:21:8f:97:ac:1f:87:fc:41:c1:
         4d:e7:07:e9:d7:27:2a:45:21:cf:94:44:2b:92:5f:27:94:db:
         ab:12:40:50:10:70:64:27:c5:23:08:51:77:56:cc:f2:98:3b:
         2e:20:51:41:96:c5:1a:47:ec:33:a4:73:0d:73:6a:bd:a1:73:
         da:c8:0c:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnH9wNcVuc3psI6vcHDDASWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMzA2NThmMTZkMmQ4OGQzNDE2NDU5MmZjZDRkZTEzMTMx
ZjE2OTUwHhcNMjUxMDA5MDc1NDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmE3ZDQ0YmFlY2RjMDQxOWIwZDQ3NjM2MWFjNzdmMGFkOGQ4ZTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrHthpCMStn9EEcyChqs26EhE2LB
XfrozWoEHD1+pO1/Vy0bWeK5rsJz8F6dRMASFdnjqIw3Q2qq1gQV/MBoSM0q/Za9
GFOxcexQdDddD1gS/SBObEKibvaIfeWWHknWsKxZC4ZWZi6bvxcYSb0vCOXDD+vw
rbjSpzlIUIk9atkpLn+1lIhEgyiC7qOXq368DaY/4oM0d3BmUGaHhrWRgZs+TRKi
GG3L7ZFm4m2bJGqxg1dkDOooxJb8sdRSitDxR9gowigPs6/VixO2FTEo9wqzQOYs
QdQZgO1OqsmzgkAYURPlVq0avixMVa9ubeVq74gFprujq6eB/cWUubA2WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAan1EuuzcBBmw1HY2Gsd/CtjY5YMB8GA1UdIwQY
MBaAFPAwZY8W0tiNNBZFkvzU3hMTHxaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYt
ODk0ODA1Mjg5Y2MwLzEvQnFmVVM2N053RUdiRFVkallheDM4SzJOamxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYtODk0ODA1Mjg5Y2Mw
LzEvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ+cMA0G
CSqGSIb3DQEBCwUAA4IBAQAPaOytJtSczYqIXgG/6WQcIxqSdsLFs5tOYUhI0avN
5lfQd8gg7tjH8ZsgM11Yjdi5Uk035VFBLXa248ub3t/Vf6PM2rZHQZ+bja20Qmu+
K17uTIk/ZY9631CZmfZEu7MdihGHw6HFJpZsTQQd1Nrb4ytdLYZ1rV1mnFyjsaPQ
PwAYtIwu0RR3uScfBt9dMCB4wtyrf8K9MJvP62jEgTTvejK94niTJeQfYZWX1roQ
FSfCjC4h1YkfKeOQKN0hj5esH4f8QcFN5wfp1ycqRSHPlEQrkl8nlNurEkBQEHBk
J8UjCFF3VszymDsuIFFBlsUaR+wzpHMNc2q9oXPayAwp
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:52 2025 by rpki-client