Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Wnm2_mte2SWvxgNh94jb-aHWMsA.roa
File:                     Wnm2_mte2SWvxgNh94jb-aHWMsA.roa (raw, json)
Hash identifier:          gwJZ3BaLKPjQ3QTHdYzzkD5mJiinaFsptcDwWB/r9nQ=
Subject key identifier:   5A:79:B6:FE:6B:5E:D9:25:AF:C6:03:61:F7:88:DB:F9:A1:D6:32:C0
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01995ED249C879658057BE92FB030F3BB142
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Wnm2_mte2SWvxgNh94jb-aHWMsA.roa
Signing time:             Thu 18 Sep 2025 21:54:23 +0000
ROA not before:           Thu 18 Sep 2025 21:54:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214854
IP address blocks:        45.43.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5e:d2:49:c8:79:65:80:57:be:92:fb:03:0f:3b:b1:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Sep 18 21:54:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a79b6fe6b5ed925afc60361f788dbf9a1d632c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f5:67:60:7d:15:8d:e9:20:4b:22:bf:56:4b:
                    58:99:8b:8b:56:bf:3a:b1:d2:84:51:6f:b6:7f:88:
                    a3:f4:9e:2d:ae:7e:52:d9:d3:7e:af:dd:cd:7e:bc:
                    c6:98:1b:23:4c:8c:46:91:86:a7:87:48:67:be:62:
                    76:38:b1:ff:b5:c6:4a:70:cb:86:cd:5b:9d:68:1f:
                    b3:81:c1:0b:98:93:c3:db:1f:bd:5f:66:46:51:f8:
                    67:c0:29:94:6e:e5:5c:b2:4d:bc:c7:f1:6c:09:b4:
                    78:b8:ea:6d:2e:9f:cd:48:91:8f:bb:13:ed:d5:70:
                    97:8d:11:d6:60:92:21:a1:cd:81:11:a0:97:ba:b9:
                    cf:ce:69:68:d0:52:8a:e9:88:d6:a3:74:e4:e2:76:
                    39:e2:a3:40:87:3b:75:bd:72:b8:92:cb:ed:89:3a:
                    c0:c5:5e:3f:27:c0:6b:3d:68:04:b4:be:f8:b7:37:
                    71:b8:0b:4e:17:06:47:08:bb:38:33:7a:95:46:8c:
                    8f:f1:71:c7:77:8d:35:60:5b:7d:2e:f5:08:86:47:
                    8a:c8:1c:4a:fb:72:59:f5:8d:f9:c8:77:e4:85:f9:
                    7a:bf:4a:73:10:b0:03:00:91:bf:de:44:9a:06:f4:
                    3c:cf:ca:bd:e0:ad:58:50:ff:2a:ef:75:99:e0:e1:
                    93:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:79:B6:FE:6B:5E:D9:25:AF:C6:03:61:F7:88:DB:F9:A1:D6:32:C0
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Wnm2_mte2SWvxgNh94jb-aHWMsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:91:24:7c:cb:d3:b9:88:58:85:31:74:a4:af:bd:fe:3d:fb:
         67:30:e1:a9:bf:71:37:87:2b:5d:fd:af:80:33:6d:4d:b0:ef:
         30:c3:09:c1:6e:d9:5d:94:ad:c3:ed:1e:39:1a:7d:91:09:3b:
         89:77:52:e7:c3:75:6c:fc:48:9d:3b:af:b1:04:f7:35:eb:14:
         ad:ec:87:d5:be:c6:45:ad:5f:70:e7:83:24:07:11:54:16:8f:
         b3:2f:36:41:2e:a9:ad:00:89:b2:ea:f1:71:71:19:6e:5a:de:
         d2:36:78:9e:e5:b2:02:10:ad:d4:81:6e:8b:84:06:81:83:16:
         50:0d:6e:8e:33:e4:d1:48:e7:96:5e:64:7a:19:cb:68:a5:ce:
         6e:dd:cf:d9:cc:bd:88:29:82:ad:13:d8:e2:92:ff:be:b0:56:
         8d:d6:80:ca:5f:9e:38:f8:ab:93:3a:4b:25:04:f5:35:a4:51:
         7c:76:c0:47:6c:97:33:21:ef:ac:6a:89:c0:63:d4:fd:58:71:
         f9:5d:a8:3e:3b:1b:e7:20:a4:80:0b:48:35:3f:07:a8:af:fb:
         fc:77:fe:25:8f:31:2f:96:7c:6f:09:68:70:1d:91:a3:e5:90:
         1a:e3:6d:a3:f5:37:68:82:e3:c2:8a:4a:0d:07:79:c4:fa:c2:
         2a:8e:4a:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZle0knIeWWAV76S+wMPO7FCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwOTE4MjE1NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTc5YjZmZTZiNWVkOTI1YWZjNjAzNjFmNzg4ZGJmOWExZDYzMmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfVnYH0VjekgSyK/VktYmYuLVr86
sdKEUW+2f4ij9J4trn5S2dN+r93NfrzGmBsjTIxGkYanh0hnvmJ2OLH/tcZKcMuG
zVudaB+zgcELmJPD2x+9X2ZGUfhnwCmUbuVcsk28x/FsCbR4uOptLp/NSJGPuxPt
1XCXjRHWYJIhoc2BEaCXurnPzmlo0FKK6YjWo3Tk4nY54qNAhzt1vXK4ksvtiTrA
xV4/J8BrPWgEtL74tzdxuAtOFwZHCLs4M3qVRoyP8XHHd401YFt9LvUIhkeKyBxK
+3JZ9Y35yHfkhfl6v0pzELADAJG/3kSaBvQ8z8q94K1YUP8q73WZ4OGTGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFp5tv5rXtklr8YDYfeI2/mh1jLAMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvV25tMl9tdGUyU1d2eGdOaDk0amItYUhXTXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALSuaMA0G
CSqGSIb3DQEBCwUAA4IBAQAvkSR8y9O5iFiFMXSkr73+PftnMOGpv3E3hytd/a+A
M21NsO8wwwnBbtldlK3D7R45Gn2RCTuJd1Lnw3Vs/EidO6+xBPc16xSt7IfVvsZF
rV9w54MkBxFUFo+zLzZBLqmtAImy6vFxcRluWt7SNnie5bICEK3UgW6LhAaBgxZQ
DW6OM+TRSOeWXmR6Gctopc5u3c/ZzL2IKYKtE9jikv++sFaN1oDKX544+KuTOksl
BPU1pFF8dsBHbJczIe+saonAY9T9WHH5Xag+OxvnIKSAC0g1Pweor/v8d/4ljzEv
lnxvCWhwHZGj5ZAa422j9TdoguPCikoNB3nE+sIqjkqa
-----END CERTIFICATE-----