Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RJipxSg2_GA1X3x21elo4shwf1o.roa
File:                     RJipxSg2_GA1X3x21elo4shwf1o.roa (raw, json)
Hash identifier:          hnDIuQWTF0IYoHE9s7D8H0GDWtm0wP2OPiamEIyW4o0=
Subject key identifier:   44:98:A9:C5:28:36:FC:60:35:5F:7C:76:D5:E9:68:E2:C8:70:7F:5A
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0199D26DD891BAD69E7BEAFF26281FEE429D
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RJipxSg2_GA1X3x21elo4shwf1o.roa
Signing time:             Sat 11 Oct 2025 08:40:38 +0000
ROA not before:           Sat 11 Oct 2025 08:40:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        88.151.56.0/23 maxlen: 24
                          88.209.201.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d2:6d:d8:91:ba:d6:9e:7b:ea:ff:26:28:1f:ee:42:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct 11 08:40:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4498a9c52836fc60355f7c76d5e968e2c8707f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6c:66:9e:dd:cd:d5:0d:b0:00:69:f7:03:82:
                    45:15:ae:a2:53:94:27:26:86:b3:06:99:9b:a6:c0:
                    f1:17:4f:ed:bc:5a:ef:2e:c2:52:88:01:0b:b1:13:
                    17:77:43:7b:d5:49:18:79:c4:83:2e:47:68:f6:bd:
                    67:6e:f1:30:05:f1:ee:63:61:ce:c2:d7:f0:29:dd:
                    55:e3:87:ab:0b:d8:36:43:e0:f8:fa:92:64:db:04:
                    eb:2b:e7:e3:f6:3a:d7:e8:92:48:87:92:88:48:5c:
                    cf:b5:d7:c2:9f:d8:01:6d:1c:10:eb:1f:23:1b:73:
                    fb:fa:35:26:7c:e8:b1:bb:26:fb:e4:66:c3:fb:bb:
                    5d:28:4b:fd:22:2c:ce:a2:ff:b5:47:4b:d3:cc:85:
                    e9:3d:99:c3:91:76:76:20:2c:26:ac:b3:ac:76:56:
                    22:49:69:96:bd:67:5a:a7:9f:d0:e3:44:b3:d3:48:
                    16:4a:73:c4:87:b6:25:23:af:b1:2e:6f:64:35:46:
                    28:dc:0c:d4:39:82:23:73:7b:a7:31:eb:2b:26:9d:
                    d8:b9:19:97:3d:f8:29:ee:c5:77:82:3d:b6:c6:d8:
                    3e:7b:46:fe:2f:0b:7c:f8:82:12:48:39:63:2b:22:
                    18:34:4e:88:fe:d5:f9:7f:64:fe:37:a7:41:f4:ab:
                    cd:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:98:A9:C5:28:36:FC:60:35:5F:7C:76:D5:E9:68:E2:C8:70:7F:5A
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RJipxSg2_GA1X3x21elo4shwf1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.56.0/23
                  88.209.201.0/24
                  88.209.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:f4:d2:1d:4c:df:68:46:9a:9b:e4:83:a1:85:b1:ea:ed:cd:
         fa:14:64:b3:09:58:de:bb:9e:a9:7c:a2:94:31:0c:62:8d:e6:
         4b:52:89:5f:62:8b:50:ca:6b:39:6e:1b:35:27:27:64:80:dd:
         2e:e7:d4:d1:0b:aa:1e:16:3b:f2:7c:3c:fb:23:28:ff:4c:24:
         a2:5c:f3:00:ba:b3:79:63:cd:db:b1:2a:69:55:b0:54:eb:5c:
         c0:c6:0c:f0:18:56:94:fd:96:0b:3a:19:37:90:0d:fb:92:06:
         49:1f:35:01:44:d0:37:d9:a0:bd:ca:f5:88:18:00:81:71:a6:
         0c:b8:95:8f:6f:55:f8:5e:9b:f9:2f:e2:f9:c8:7c:4b:48:4d:
         66:99:31:ca:74:35:b9:8e:fb:1c:47:1e:7b:7f:6b:11:08:8d:
         c4:c3:12:47:7d:23:1a:73:05:e4:21:5b:d5:44:23:35:1c:59:
         e0:d9:18:a1:77:09:ac:94:88:1f:06:75:34:d4:06:db:0d:67:
         a4:75:a1:d0:07:16:16:78:ab:cd:26:f9:db:e7:5a:61:88:1b:
         f7:9e:12:70:7b:fe:f2:67:65:02:af:04:28:17:e8:92:3e:4e:
         5e:22:e9:02:49:8e:be:d5:46:b9:3e:86:e3:98:5c:78:39:41:
         dc:59:20:9f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnSbdiRutaee+r/Jigf7kKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUxMDExMDg0MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDk4YTljNTI4MzZmYzYwMzU1ZjdjNzZkNWU5NjhlMmM4NzA3ZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGxmnt3N1Q2wAGn3A4JFFa6iU5Qn
JoazBpmbpsDxF0/tvFrvLsJSiAELsRMXd0N71UkYecSDLkdo9r1nbvEwBfHuY2HO
wtfwKd1V44erC9g2Q+D4+pJk2wTrK+fj9jrX6JJIh5KISFzPtdfCn9gBbRwQ6x8j
G3P7+jUmfOixuyb75GbD+7tdKEv9IizOov+1R0vTzIXpPZnDkXZ2ICwmrLOsdlYi
SWmWvWdap5/Q40Sz00gWSnPEh7YlI6+xLm9kNUYo3AzUOYIjc3unMesrJp3YuRmX
Pfgp7sV3gj22xtg+e0b+Lwt8+IISSDljKyIYNE6I/tX5f2T+N6dB9KvNiQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFESYqcUoNvxgNV98dtXpaOLIcH9aMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvUkppcHhTZzJfR0ExWDN4MjFlbG80c2h3ZjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBWJc4AwQA
WNHJAwQCWNHoMA0GCSqGSIb3DQEBCwUAA4IBAQBz9NIdTN9oRpqb5IOhhbHq7c36
FGSzCVjeu56pfKKUMQxijeZLUolfYotQyms5bhs1JydkgN0u59TRC6oeFjvyfDz7
Iyj/TCSiXPMAurN5Y83bsSppVbBU61zAxgzwGFaU/ZYLOhk3kA37kgZJHzUBRNA3
2aC9yvWIGACBcaYMuJWPb1X4Xpv5L+L5yHxLSE1mmTHKdDW5jvscRx57f2sRCI3E
wxJHfSMacwXkIVvVRCM1HFng2RihdwmslIgfBnU01AbbDWekdaHQBxYWeKvNJvnb
51phiBv3nhJwe/7yZ2UCrwQoF+iSPk5eIukCSY6+1Ua5PobjmFx4OUHcWSCf
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:40 2025 by rpki-client