Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/PLzlfTmqAL1rzlLN1TFrpHpYMVU.roa
File:                     PLzlfTmqAL1rzlLN1TFrpHpYMVU.roa (raw, json)
Hash identifier:          INujx6I3LZF9XIVr4zE9W5J6NHU6IlkfUKgf+j8aJrU=
Subject key identifier:   3C:BC:E5:7D:39:AA:00:BD:6B:CE:52:CD:D5:31:6B:A4:7A:58:31:55
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       01971D4D0074021E9583CE9317D9931B87EA
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/PLzlfTmqAL1rzlLN1TFrpHpYMVU.roa
Signing time:             Thu 29 May 2025 18:27:55 +0000
ROA not before:           Thu 29 May 2025 18:27:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397373
IP address blocks:        5.182.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1d:4d:00:74:02:1e:95:83:ce:93:17:d9:93:1b:87:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: May 29 18:27:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3cbce57d39aa00bd6bce52cdd5316ba47a583155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:09:95:e7:db:c4:d0:ae:b6:cd:54:19:e8:27:
                    22:99:f5:b7:a7:8a:5c:21:8f:1c:3c:5b:39:a1:10:
                    e7:91:05:40:7f:cd:5e:15:e8:25:2b:a4:64:5e:77:
                    e3:c0:39:1d:b4:9b:cd:09:1e:5d:78:ec:5c:0f:f6:
                    ed:f9:6e:13:90:70:2e:4b:94:bb:66:ce:05:76:e1:
                    d7:6a:08:d3:1e:d7:08:b6:56:90:d3:2b:72:89:a4:
                    e7:d3:4a:fd:67:c7:b8:6f:bc:53:38:84:2d:51:e5:
                    93:1a:f7:e8:5b:68:91:21:3d:a0:4d:13:2b:a0:d0:
                    23:3f:ff:b8:9c:68:81:06:71:bf:32:72:b9:25:44:
                    6f:70:61:4d:d2:d9:be:9b:55:bb:33:bf:13:a1:be:
                    d1:bf:bd:19:a6:93:9e:32:1d:54:f9:a2:3a:ef:ad:
                    01:e3:1e:62:40:32:12:cc:33:00:6c:1e:92:f0:8c:
                    ca:2c:49:4d:7a:b3:91:ff:fd:77:5e:18:cc:1c:55:
                    fe:a6:73:95:94:75:75:cb:53:a9:0f:d6:dc:e9:36:
                    47:01:49:e1:92:e0:c2:b8:7a:d6:05:ca:6c:73:d1:
                    48:ae:96:5e:66:2b:c1:13:d2:75:9d:ab:61:4d:3b:
                    68:10:ff:de:14:a6:85:8b:3b:92:bd:db:1c:db:39:
                    6f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:BC:E5:7D:39:AA:00:BD:6B:CE:52:CD:D5:31:6B:A4:7A:58:31:55
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/PLzlfTmqAL1rzlLN1TFrpHpYMVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:b9:c9:03:ef:e8:f4:4b:16:fe:7b:75:51:39:21:59:00:b4:
         af:fb:15:9d:d7:b8:ed:cf:16:ad:1f:0d:e4:c2:0f:04:9f:d9:
         b7:29:34:0e:b6:83:20:c4:df:8e:5c:76:8e:c8:42:4f:c4:a7:
         25:ec:bd:eb:37:d3:fc:eb:6a:17:ae:06:21:92:7c:73:40:44:
         48:ab:71:88:b4:07:ce:c6:a3:a7:81:14:3d:fe:f3:84:b2:91:
         57:f2:56:71:25:3f:aa:1c:f7:03:cc:21:53:91:79:aa:0e:ad:
         6f:7d:28:06:4f:08:ec:c1:77:63:ba:54:41:e4:7c:93:5b:f9:
         34:91:50:d2:c1:a2:c3:41:e7:d7:b0:f2:56:06:8e:b2:c9:9c:
         15:da:b6:8d:68:4f:a0:08:fd:cb:3f:dc:1f:12:30:5a:eb:54:
         d3:0c:02:7e:2f:da:89:c8:7e:60:48:07:5b:07:c9:22:3d:ce:
         db:25:a9:1c:aa:01:da:b9:49:7d:52:35:55:ed:8d:a9:c0:64:
         fa:46:22:c8:93:f2:38:8c:75:57:c0:e0:cc:a3:fc:61:ac:31:
         a7:b9:50:a9:d2:2a:f0:91:a4:d1:ac:b0:b5:84:4d:2e:e0:1e:
         20:ca:81:a6:35:90:b8:92:a7:a9:b2:0b:8b:34:ff:ed:72:41:
         2e:f4:49:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcdTQB0Ah6Vg86TF9mTG4fqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjUwNTI5MTgyNzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2JjZTU3ZDM5YWEwMGJkNmJjZTUyY2RkNTMxNmJhNDdhNTgzMTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQmV59vE0K62zVQZ6CcimfW3p4pc
IY8cPFs5oRDnkQVAf81eFeglK6RkXnfjwDkdtJvNCR5deOxcD/bt+W4TkHAuS5S7
Zs4FduHXagjTHtcItlaQ0ytyiaTn00r9Z8e4b7xTOIQtUeWTGvfoW2iRIT2gTRMr
oNAjP/+4nGiBBnG/MnK5JURvcGFN0tm+m1W7M78Tob7Rv70ZppOeMh1U+aI6760B
4x5iQDISzDMAbB6S8IzKLElNerOR//13XhjMHFX+pnOVlHV1y1OpD9bc6TZHAUnh
kuDCuHrWBcpsc9FIrpZeZivBE9J1nathTTtoEP/eFKaFizuSvdsc2zlveQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDy85X05qgC9a85SzdUxa6R6WDFVMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvUEx6bGZUbXFBTDFyemxMTjFURnJwSHBZTVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbZ4MA0G
CSqGSIb3DQEBCwUAA4IBAQCBuckD7+j0Sxb+e3VROSFZALSv+xWd17jtzxatHw3k
wg8En9m3KTQOtoMgxN+OXHaOyEJPxKcl7L3rN9P862oXrgYhknxzQERIq3GItAfO
xqOngRQ9/vOEspFX8lZxJT+qHPcDzCFTkXmqDq1vfSgGTwjswXdjulRB5HyTW/k0
kVDSwaLDQefXsPJWBo6yyZwV2raNaE+gCP3LP9wfEjBa61TTDAJ+L9qJyH5gSAdb
B8kiPc7bJakcqgHauUl9UjVV7Y2pwGT6RiLIk/I4jHVXwODMo/xhrDGnuVCp0irw
kaTRrLC1hE0u4B4gyoGmNZC4kqepsguLNP/tckEu9ElY
-----END CERTIFICATE-----