Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/dpj-gbwzbz00wBAZxRLu2JRmudE.roa
File:                     dpj-gbwzbz00wBAZxRLu2JRmudE.roa (raw, json)
Hash identifier:          ZvHTjTrZScF3pxyYvHGxOD3c/TPO+OkBRoCVWJ9HqnA=
Subject key identifier:   76:98:FE:81:BC:33:6F:3D:34:C0:10:19:C5:12:EE:D8:94:66:B9:D1
Certificate issuer:       /CN=e482fd07e20d406ea4152e492b000e554ebfcc80
Certificate serial:       01979C47D763353C14926E320F488C9ED0F1
Authority key identifier: E4:82:FD:07:E2:0D:40:6E:A4:15:2E:49:2B:00:0E:55:4E:BF:CC:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5IL9B-INQG6kFS5JKwAOVU6_zIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/dpj-gbwzbz00wBAZxRLu2JRmudE.roa
Signing time:             Mon 23 Jun 2025 10:14:03 +0000
ROA not before:           Mon 23 Jun 2025 10:14:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41625
IP address blocks:        89.31.240.0/21 maxlen: 21
                          89.31.242.0/24 maxlen: 24
                          89.31.246.0/24 maxlen: 24
                          2a00:8900::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/5IL9B-INQG6kFS5JKwAOVU6_zIA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/5IL9B-INQG6kFS5JKwAOVU6_zIA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5IL9B-INQG6kFS5JKwAOVU6_zIA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9c:47:d7:63:35:3c:14:92:6e:32:0f:48:8c:9e:d0:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e482fd07e20d406ea4152e492b000e554ebfcc80
        Validity
            Not Before: Jun 23 10:14:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7698fe81bc336f3d34c01019c512eed89466b9d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:27:a5:10:2e:d7:58:e2:26:93:a8:be:c0:47:
                    aa:2e:80:f7:77:f9:a4:13:93:0a:5a:fc:89:9a:f1:
                    3b:65:79:e4:17:cd:fe:d7:3a:0e:67:47:2c:8d:42:
                    01:c1:9e:fc:46:46:e0:2f:41:e4:65:1e:4c:3f:c2:
                    76:18:65:36:77:b0:27:e6:f7:08:e6:d2:4f:41:5e:
                    cb:d6:3e:7c:f8:b8:40:92:bf:28:ad:a0:e0:cf:c2:
                    e6:aa:bb:ad:f6:7f:f9:fd:e4:b0:59:c8:22:f1:4f:
                    72:a8:16:91:93:0c:43:38:84:c1:5b:c2:32:16:fe:
                    ea:35:99:f6:28:94:c4:f3:80:bb:90:ee:27:8e:d1:
                    6f:30:bf:97:bc:33:5b:50:b1:3d:12:94:7d:e3:24:
                    44:c8:23:b7:b0:d1:13:51:8d:df:1b:2c:62:41:65:
                    c1:a7:d2:36:c2:99:9d:31:d4:3b:4d:32:72:9d:9e:
                    5e:69:9a:73:8e:a9:92:c5:39:e2:b8:6c:19:77:27:
                    1a:62:18:d2:bf:16:14:45:34:50:04:7a:93:8d:26:
                    b9:f9:ef:dc:b7:9b:13:9a:e3:0f:da:0e:dd:cc:48:
                    ca:6e:ee:7e:9f:96:a0:c9:9a:92:ba:ce:9f:c2:23:
                    99:90:e9:df:7d:04:2e:7a:08:7c:34:eb:17:a4:b0:
                    90:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:98:FE:81:BC:33:6F:3D:34:C0:10:19:C5:12:EE:D8:94:66:B9:D1
            X509v3 Authority Key Identifier:
                keyid:E4:82:FD:07:E2:0D:40:6E:A4:15:2E:49:2B:00:0E:55:4E:BF:CC:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5IL9B-INQG6kFS5JKwAOVU6_zIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/dpj-gbwzbz00wBAZxRLu2JRmudE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/5IL9B-INQG6kFS5JKwAOVU6_zIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.240.0/21
                IPv6:
                  2a00:8900::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:93:07:7d:d4:b9:01:c2:36:af:28:a3:5b:7c:05:f7:05:b4:
         ad:a0:e5:e6:82:6d:66:2f:37:af:fa:74:d4:f2:b4:23:82:f1:
         fd:ce:57:fe:89:dc:07:cf:06:37:6a:bf:ee:8d:81:cb:a7:47:
         8d:1a:23:b3:12:aa:4c:14:b0:f6:78:29:4c:95:3e:94:9b:4e:
         36:2a:03:9c:b8:75:48:d5:00:1c:eb:83:ae:57:4e:b5:6f:fa:
         a7:f5:15:19:f9:52:14:99:f6:75:05:65:7f:30:26:cc:8c:a7:
         c1:c7:37:c6:56:34:6f:9e:9c:af:a8:08:c4:1b:82:ba:79:e1:
         fb:15:f8:e2:fe:34:ca:60:de:cd:38:82:84:56:41:f4:78:00:
         98:ec:86:69:47:ad:08:67:95:37:0e:8b:ff:ae:50:2a:96:e3:
         94:e8:05:08:b1:6f:83:2c:6c:fe:2a:4b:ca:36:ac:d1:ab:c2:
         bf:ae:f3:99:b4:e6:5c:8e:08:07:0a:1d:4b:d6:ed:60:8d:4a:
         ea:82:73:17:f5:8e:f5:0f:15:62:7a:01:08:d9:79:41:6a:ce:
         f1:c1:78:39:c9:86:a6:60:ef:2a:e4:7a:eb:37:2d:3b:94:eb:
         59:fd:81:97:73:62:92:a1:3b:57:8d:cf:67:37:0b:65:b8:34:
         49:29:63:20
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZecR9djNTwUkm4yD0iMntDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ODJmZDA3ZTIwZDQwNmVhNDE1MmU0OTJiMDAwZTU1NGVi
ZmNjODAwHhcNMjUwNjIzMTAxNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njk4ZmU4MWJjMzM2ZjNkMzRjMDEwMTljNTEyZWVkODk0NjZiOWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSelEC7XWOImk6i+wEeqLoD3d/mk
E5MKWvyJmvE7ZXnkF83+1zoOZ0csjUIBwZ78RkbgL0HkZR5MP8J2GGU2d7An5vcI
5tJPQV7L1j58+LhAkr8oraDgz8Lmqrut9n/5/eSwWcgi8U9yqBaRkwxDOITBW8Iy
Fv7qNZn2KJTE84C7kO4njtFvML+XvDNbULE9EpR94yREyCO3sNETUY3fGyxiQWXB
p9I2wpmdMdQ7TTJynZ5eaZpzjqmSxTniuGwZdycaYhjSvxYURTRQBHqTjSa5+e/c
t5sTmuMP2g7dzEjKbu5+n5agyZqSus6fwiOZkOnffQQuegh8NOsXpLCQMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHaY/oG8M289NMAQGcUS7tiUZrnRMB8GA1UdIwQY
MBaAFOSC/QfiDUBupBUuSSsADlVOv8yAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUlMOUItSU5RRzZrRlM1Skt3QU9WVTZfeklBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9mN2E4N2EtYzE4NC00OTA0LTk0ZTMt
MjY4NTk4NmY2ZDAxLzEvZHBqLWdid3piejAwd0JBWnhSTHUySlJtdWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9mN2E4N2EtYzE4NC00OTA0LTk0ZTMtMjY4NTk4NmY2ZDAx
LzEvNUlMOUItSU5RRzZrRlM1Skt3QU9WVTZfeklBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDWR/wMA0E
AgACMAcDBQAqAIkAMA0GCSqGSIb3DQEBCwUAA4IBAQA0kwd91LkBwjavKKNbfAX3
BbStoOXmgm1mLzev+nTU8rQjgvH9zlf+idwHzwY3ar/ujYHLp0eNGiOzEqpMFLD2
eClMlT6Um042KgOcuHVI1QAc64OuV061b/qn9RUZ+VIUmfZ1BWV/MCbMjKfBxzfG
VjRvnpyvqAjEG4K6eeH7Ffji/jTKYN7NOIKEVkH0eACY7IZpR60IZ5U3Dov/rlAq
luOU6AUIsW+DLGz+KkvKNqzRq8K/rvOZtOZcjggHCh1L1u1gjUrqgnMX9Y71DxVi
egEI2XlBas7xwXg5yYamYO8q5HrrNy07lOtZ/YGXc2KSoTtXjc9nNwtluDRJKWMg
-----END CERTIFICATE-----