Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/GUZJwUekoSDEqjZcHdGx64eaJA8.roa
File:                     GUZJwUekoSDEqjZcHdGx64eaJA8.roa (raw, json)
Hash identifier:          bSTJiQHsptXZqavqvFPzIuCEdxKQYq366QorqXVm/oc=
Subject key identifier:   19:46:49:C1:47:A4:A1:20:C4:AA:36:5C:1D:D1:B1:EB:87:9A:24:0F
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D249E2D4790C115F09DDE5DA5D0754A47
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/GUZJwUekoSDEqjZcHdGx64eaJA8.roa
Signing time:             Wed 25 Mar 2026 10:50:39 +0000
ROA not before:           Wed 25 Mar 2026 10:50:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        158.173.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:9e:2d:47:90:c1:15:f0:9d:de:5d:a5:d0:75:4a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 25 10:50:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=194649c147a4a120c4aa365c1dd1b1eb879a240f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7c:52:91:bd:c1:7b:9b:cb:a9:b3:07:5b:4a:
                    b9:27:d4:e3:93:1d:f1:e7:bd:11:c1:5b:41:3a:94:
                    67:7c:d5:48:a2:8d:b0:bc:fc:1b:fd:e4:1d:3c:89:
                    df:50:af:6a:af:8b:69:d7:31:77:76:0e:a9:a5:42:
                    60:af:fc:b9:7f:64:f4:e9:69:cb:7c:f4:56:74:eb:
                    39:13:db:26:89:80:24:02:ed:27:f5:f2:8f:21:c3:
                    10:92:1f:34:92:1e:08:2d:25:f6:e3:0d:56:91:34:
                    37:72:4b:0e:b0:d0:90:d1:bc:81:37:74:7d:ad:44:
                    f5:9c:48:6e:b8:6a:62:03:7f:34:a6:a1:cb:11:1f:
                    69:ab:b8:43:61:9c:54:41:41:d9:ce:e5:f7:7c:34:
                    b0:a2:39:84:1f:80:ad:f0:54:37:bc:5a:97:76:8f:
                    35:57:41:f9:1b:81:ff:d7:e5:df:52:a0:4f:4c:5b:
                    4b:9e:58:a3:af:98:12:f2:94:85:d9:6d:f1:f6:03:
                    50:7c:4c:5b:87:ad:58:77:fc:94:48:6a:05:2e:1f:
                    6a:36:22:c9:65:de:4b:9c:74:9d:e7:12:af:85:d6:
                    31:f8:88:6a:ec:50:77:02:cb:50:a4:0e:db:06:2a:
                    87:96:08:2b:7a:3d:a3:24:96:63:05:ff:3b:26:d1:
                    34:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:46:49:C1:47:A4:A1:20:C4:AA:36:5C:1D:D1:B1:EB:87:9A:24:0F
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/GUZJwUekoSDEqjZcHdGx64eaJA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:73:1b:c2:7e:76:b6:fa:06:fb:16:f3:6e:4e:ad:4c:f5:57:
         62:ed:bf:7e:e9:40:f1:32:9f:42:30:94:50:87:28:2b:a0:00:
         49:8a:db:18:8f:96:c1:a3:35:2b:82:4d:97:b0:9a:95:81:49:
         17:2c:e3:f3:b8:4e:10:3d:c2:2d:df:66:ad:b4:ed:9f:f5:f2:
         c3:07:47:b7:8c:58:8c:b1:ce:c4:fe:5e:ec:f5:76:36:e8:0a:
         8a:7b:d6:8d:57:31:91:d8:2a:8f:78:b3:bd:d7:4b:5a:cb:1e:
         b1:2f:79:4b:f2:f2:64:22:17:68:27:14:13:70:70:cc:9e:38:
         c8:03:03:7a:e2:5a:3d:22:bc:44:a8:76:6c:8b:4d:03:51:63:
         09:76:8b:da:04:ba:01:62:28:6c:63:c1:42:17:14:7c:e8:cd:
         7d:5c:8a:a5:7e:36:02:25:b6:8b:66:c0:3f:4f:73:63:69:e5:
         4f:db:ea:34:de:57:ca:62:9e:b2:e0:17:10:1e:f5:4d:90:c4:
         a6:20:5a:98:ee:92:7a:95:76:74:84:8c:e0:9b:d1:0e:ad:8e:
         36:7c:58:3e:a1:44:f9:07:a2:e6:30:26:9a:9f:4a:24:61:31:
         63:9c:7c:2d:3a:8a:12:09:b3:1f:30:c1:b1:f6:f2:b9:14:3a:
         f3:fc:09:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kni1HkMEV8J3eXaXQdUpHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzI1MTA1MDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTQ2NDljMTQ3YTRhMTIwYzRhYTM2NWMxZGQxYjFlYjg3OWEyNDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3xSkb3Be5vLqbMHW0q5J9Tjkx3x
570RwVtBOpRnfNVIoo2wvPwb/eQdPInfUK9qr4tp1zF3dg6ppUJgr/y5f2T06WnL
fPRWdOs5E9smiYAkAu0n9fKPIcMQkh80kh4ILSX24w1WkTQ3cksOsNCQ0byBN3R9
rUT1nEhuuGpiA380pqHLER9pq7hDYZxUQUHZzuX3fDSwojmEH4Ct8FQ3vFqXdo81
V0H5G4H/1+XfUqBPTFtLnlijr5gS8pSF2W3x9gNQfExbh61Yd/yUSGoFLh9qNiLJ
Zd5LnHSd5xKvhdYx+Ihq7FB3AstQpA7bBiqHlggrej2jJJZjBf87JtE0hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlGScFHpKEgxKo2XB3RseuHmiQPMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvR1VaSndVZWtvU0RFcWpaY0hkR3g2NGVhSkE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq3BMA0G
CSqGSIb3DQEBCwUAA4IBAQB0cxvCfna2+gb7FvNuTq1M9Vdi7b9+6UDxMp9CMJRQ
hygroABJitsYj5bBozUrgk2XsJqVgUkXLOPzuE4QPcIt32attO2f9fLDB0e3jFiM
sc7E/l7s9XY26AqKe9aNVzGR2CqPeLO910tayx6xL3lL8vJkIhdoJxQTcHDMnjjI
AwN64lo9IrxEqHZsi00DUWMJdovaBLoBYihsY8FCFxR86M19XIqlfjYCJbaLZsA/
T3NjaeVP2+o03lfKYp6y4BcQHvVNkMSmIFqY7pJ6lXZ0hIzgm9EOrY42fFg+oUT5
B6LmMCaan0okYTFjnHwtOooSCbMfMMGx9vK5FDrz/Ale
-----END CERTIFICATE-----