Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WC3FelzMT51Jd0FzDfTcBvQbz0c.roa
File:                     WC3FelzMT51Jd0FzDfTcBvQbz0c.roa (raw, json)
Hash identifier:          vMkqwwuueWTkKVbMn75esnOuu/9njTR5uN3u1wI+lvs=
Subject key identifier:   58:2D:C5:7A:5C:CC:4F:9D:49:77:41:73:0D:F4:DC:06:F4:1B:CF:47
Certificate issuer:       /CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
Certificate serial:       019E5B029677998AF3E9E3C2D13822B2C593
Authority key identifier: 59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WC3FelzMT51Jd0FzDfTcBvQbz0c.roa
Signing time:             Sun 24 May 2026 17:22:36 +0000
ROA not before:           Sun 24 May 2026 17:22:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203001
IP address blocks:        185.29.123.0/24 maxlen: 24
                          2a04:4280:9a7e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5b:02:96:77:99:8a:f3:e9:e3:c2:d1:38:22:b2:c5:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
        Validity
            Not Before: May 24 17:22:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=582dc57a5ccc4f9d497741730df4dc06f41bcf47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:35:8e:9e:3f:e6:2c:cf:13:9d:71:d4:5a:5f:
                    4f:29:ef:11:c7:ac:81:c1:82:28:cb:a2:24:30:75:
                    f2:30:3c:4c:94:86:1e:8a:00:08:f7:c0:d5:79:24:
                    ee:e0:80:c2:13:86:d1:dd:0e:ca:49:c6:a6:9a:46:
                    ee:3a:92:3f:3e:49:21:f0:10:52:61:87:21:5a:4a:
                    fc:6c:19:76:4f:e2:d0:1d:d7:88:1d:f6:c0:a4:86:
                    c7:3f:63:c6:34:5d:f0:83:b4:a2:0b:38:7e:ab:01:
                    b9:62:c7:9d:69:27:9c:c5:67:3b:27:b6:a2:d1:7e:
                    1b:ce:78:fa:58:df:c5:20:b7:a7:2d:27:ef:ab:53:
                    1a:dc:9a:90:0e:c2:5a:07:94:20:bb:68:9f:b9:fe:
                    ae:10:a0:f0:b5:59:6f:b1:ce:cc:08:b4:c8:48:fa:
                    2c:73:88:f1:75:9c:07:47:29:ae:97:a4:e2:46:d0:
                    3f:8d:4d:4c:b1:4b:eb:68:bc:bf:d5:90:4f:36:48:
                    a6:7e:b9:48:39:47:f1:a6:4e:5e:34:5e:6f:a6:c6:
                    34:7a:9b:78:2a:42:19:d7:e4:e2:15:1b:ce:4a:e8:
                    e4:88:f5:0f:e9:64:79:bf:07:fc:e5:54:76:ea:86:
                    21:b0:39:54:17:22:3d:94:c0:90:ac:68:1b:fe:ed:
                    58:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:2D:C5:7A:5C:CC:4F:9D:49:77:41:73:0D:F4:DC:06:F4:1B:CF:47
            X509v3 Authority Key Identifier:
                keyid:59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WC3FelzMT51Jd0FzDfTcBvQbz0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.123.0/24
                IPv6:
                  2a04:4280:9a7e::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:2a:24:4a:48:2c:cb:13:25:f1:15:55:3f:3b:a1:cc:03:57:
         6f:96:8d:fb:ce:ba:1e:93:2e:24:ff:f4:fd:75:81:4f:47:0c:
         04:52:46:b2:8c:87:53:23:6d:97:0b:f7:2e:51:49:1c:e1:f9:
         f6:98:21:ca:dd:dd:61:cb:a3:a6:21:c9:3b:62:e6:f4:2e:eb:
         e3:35:29:6d:d8:3c:16:d5:b2:33:90:cf:6d:37:b1:db:af:f4:
         a5:ff:02:0f:7e:9f:03:0e:c8:c7:75:84:3b:a2:55:fe:e4:52:
         60:e4:a7:7a:00:cf:68:48:ff:e6:65:a0:f6:6e:0a:43:d5:c6:
         6a:54:d8:2b:d5:53:ff:66:4a:af:91:63:f5:2d:8f:ca:21:26:
         56:54:18:12:0c:80:b0:8d:2c:0d:19:ca:9f:bd:cb:3e:17:cd:
         d9:4b:66:1f:e1:65:ef:0c:0b:f8:a5:91:0e:6b:85:d8:cc:d2:
         4f:4a:9a:2f:13:8a:79:8e:39:00:67:0b:ff:b2:4e:89:48:ec:
         e8:7a:3f:27:1c:32:84:ab:c8:4d:1a:e9:98:d2:e3:59:a6:a6:
         4b:53:c4:ea:38:2d:c3:d0:f1:e6:54:26:cb:95:5a:2b:37:b1:
         3c:e7:b4:d9:91:ff:4f:b9:af:e8:c9:af:35:82:d7:1a:09:01:
         f8:60:49:05
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ5bApZ3mYrz6ePC0TgissWTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MmU3YzFmMjM5NGMzZTNhYWE4Y2NiNjQ3ZmQ4MzY3MWQ2
MDk4YjcwHhcNMjYwNTI0MTcyMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODJkYzU3YTVjY2M0ZjlkNDk3NzQxNzMwZGY0ZGMwNmY0MWJjZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTWOnj/mLM8TnXHUWl9PKe8Rx6yB
wYIoy6IkMHXyMDxMlIYeigAI98DVeSTu4IDCE4bR3Q7KScammkbuOpI/Pkkh8BBS
YYchWkr8bBl2T+LQHdeIHfbApIbHP2PGNF3wg7SiCzh+qwG5YsedaSecxWc7J7ai
0X4bznj6WN/FILenLSfvq1Ma3JqQDsJaB5Qgu2ifuf6uEKDwtVlvsc7MCLTISPos
c4jxdZwHRymul6TiRtA/jU1MsUvraLy/1ZBPNkimfrlIOUfxpk5eNF5vpsY0ept4
KkIZ1+TiFRvOSujkiPUP6WR5vwf85VR26oYhsDlUFyI9lMCQrGgb/u1YcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFgtxXpczE+dSXdBcw303Ab0G89HMB8GA1UdIwQY
MBaAFFkufB8jlMPjqqjMtkf9g2cdYJi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAt
NDQzYmU2M2ZjMTIzLzEvV0MzRmVsek1UNTFKZDBGekRmVGNCdlFiejBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAtNDQzYmU2M2ZjMTIz
LzEvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuR17MA8E
AgACMAkDBwAqBEKAmn4wDQYJKoZIhvcNAQELBQADggEBALMqJEpILMsTJfEVVT87
ocwDV2+WjfvOuh6TLiT/9P11gU9HDARSRrKMh1MjbZcL9y5RSRzh+faYIcrd3WHL
o6YhyTti5vQu6+M1KW3YPBbVsjOQz203sduv9KX/Ag9+nwMOyMd1hDuiVf7kUmDk
p3oAz2hI/+ZloPZuCkPVxmpU2CvVU/9mSq+RY/Utj8ohJlZUGBIMgLCNLA0Zyp+9
yz4XzdlLZh/hZe8MC/ilkQ5rhdjM0k9Kmi8TinmOOQBnC/+yTolI7Oh6PyccMoSr
yE0a6ZjS41mmpktTxOo4LcPQ8eZUJsuVWis3sTzntNmR/0+5r+jJrzWC1xoJAfhg
SQU=
-----END CERTIFICATE-----