Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS26042.roa
File:                     AS26042.roa (raw, json)
Hash identifier:          6HVEvh8AISJBcTHJFp5NXMQYdYJxWnkwvS3ctTeKKKM=
Subject key identifier:   D5:64:E1:D8:3A:52:15:BF:1F:54:59:32:54:6D:90:F3:92:80:D5:2A
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       658C58E93F323AEB8BB1FE13EBD54723DA1BADA9
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS26042.roa
Signing time:             Sat 11 Oct 2025 07:36:06 +0000
ROA not before:           Sat 11 Oct 2025 07:31:06 +0000
ROA not after:            Sat 10 Oct 2026 07:36:06 +0000
asID:                     26042
IP address blocks:        2a14:7584:5000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:8c:58:e9:3f:32:3a:eb:8b:b1:fe:13:eb:d5:47:23:da:1b:ad:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Oct 11 07:31:06 2025 GMT
            Not After : Oct 10 07:36:06 2026 GMT
        Subject: CN=D564E1D83A5215BF1F545932546D90F39280D52A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ae:7b:ae:ab:eb:4b:17:c1:aa:38:e4:53:c3:
                    27:3b:fd:28:ee:97:68:eb:cc:46:a9:e7:d3:30:c9:
                    53:67:b3:e9:4f:5e:8d:12:dd:a3:4a:e9:69:d7:32:
                    fa:ef:1b:70:4b:52:77:fa:11:03:d2:45:55:81:2b:
                    61:7c:24:48:91:bd:49:70:17:6b:2e:b6:3f:46:9e:
                    e0:5e:c4:5d:a6:f1:13:13:0c:3a:e8:ad:da:ab:f5:
                    cf:14:f0:ff:4a:c4:85:64:08:39:21:c1:53:3e:8d:
                    6c:e9:04:71:03:b1:bf:cd:11:68:5b:80:11:18:aa:
                    3c:8a:6a:78:4b:09:1e:3d:89:69:77:62:da:8b:d8:
                    b0:45:69:bc:bb:df:0e:58:16:b7:0e:e2:ca:55:0b:
                    eb:49:74:7b:e0:af:9b:62:67:e3:d9:ac:80:72:c0:
                    ec:4f:d0:f7:a5:57:42:b9:ae:1b:9d:e0:08:da:32:
                    3d:78:f1:14:8d:e0:71:29:e0:5f:60:50:cc:30:1d:
                    6b:1d:6a:72:04:1b:8b:4e:fa:a3:b4:7f:a9:71:52:
                    08:c6:b5:8d:05:7f:f3:1e:70:34:20:06:82:ba:e2:
                    f6:53:ec:ad:dd:bc:aa:6d:60:e0:5d:d4:7d:77:84:
                    e1:ec:55:62:57:74:16:b1:24:47:3c:c5:01:7c:da:
                    a2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:64:E1:D8:3A:52:15:BF:1F:54:59:32:54:6D:90:F3:92:80:D5:2A
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS26042.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7584:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         06:98:7b:b6:41:37:d1:88:a8:8a:25:b7:0a:47:e5:11:9e:ef:
         90:fc:f0:82:39:ec:9d:24:27:61:89:8c:12:34:4b:a1:aa:06:
         19:a3:42:c7:06:44:36:4b:c5:ea:b0:ea:66:c6:4a:5a:67:91:
         e8:b9:c5:6f:81:2f:b8:20:ac:25:4a:f2:5a:21:32:45:df:20:
         a1:1a:25:2d:52:ed:3b:c4:92:1c:f8:2f:31:85:8e:74:ad:d7:
         5c:9c:e2:7a:28:f4:ba:93:36:06:97:7e:d8:9a:ec:6a:17:28:
         d7:ac:85:a1:04:bc:be:b9:2a:e8:da:cd:c3:73:52:b0:0b:8e:
         3a:68:fe:76:21:8d:09:81:83:a0:31:66:aa:b4:69:0f:81:d1:
         4c:84:c1:01:81:34:f1:18:7b:fc:84:6a:ea:06:18:de:9f:8b:
         58:18:e9:82:dc:56:7f:16:5b:b1:3c:89:0e:d0:4b:f2:82:d3:
         33:08:6a:a0:63:2b:31:e9:02:a9:18:ff:d5:46:6c:03:28:82:
         fb:6c:b1:f8:b1:0d:03:4e:dc:c6:65:d9:80:b6:8d:db:92:48:
         d0:92:0b:10:61:a5:03:5a:32:c9:91:f1:47:9e:6e:2b:35:04:
         0b:09:fe:cf:2a:91:ba:98:97:48:b8:9b:78:37:2b:ff:87:b9:
         c8:5b:56:80
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUZYxY6T8yOuuLsf4T69VHI9obrakwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTEwMTEwNzMxMDZaFw0yNjEwMTAwNzM2MDZaMDMxMTAvBgNV
BAMTKEQ1NjRFMUQ4M0E1MjE1QkYxRjU0NTkzMjU0NkQ5MEYzOTI4MEQ1MkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFrnuuq+tLF8GqOORTwyc7/Sju
l2jrzEap59MwyVNns+lPXo0S3aNK6WnXMvrvG3BLUnf6EQPSRVWBK2F8JEiRvUlw
F2sutj9GnuBexF2m8RMTDDrordqr9c8U8P9KxIVkCDkhwVM+jWzpBHEDsb/NEWhb
gBEYqjyKanhLCR49iWl3YtqL2LBFaby73w5YFrcO4spVC+tJdHvgr5tiZ+PZrIBy
wOxP0PelV0K5rhud4AjaMj148RSN4HEp4F9gUMwwHWsdanIEG4tO+qO0f6lxUgjG
tY0Ff/MecDQgBoK64vZT7K3dvKptYOBd1H13hOHsVWJXdBaxJEc8xQF82qLbAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQU1WTh2DpSFb8fVFkyVG2Q85KA1SowHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjYwNDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQqFHWE
UDANBgkqhkiG9w0BAQsFAAOCAQEABph7tkE30YioiiW3CkflEZ7vkPzwgjnsnSQn
YYmMEjRLoaoGGaNCxwZENkvF6rDqZsZKWmeR6LnFb4EvuCCsJUryWiEyRd8goRol
LVLtO8SSHPgvMYWOdK3XXJzieij0upM2Bpd+2Jrsahco16yFoQS8vrkq6NrNw3NS
sAuOOmj+diGNCYGDoDFmqrRpD4HRTITBAYE08Rh7/IRq6gYY3p+LWBjpgtxWfxZb
sTyJDtBL8oLTMwhqoGMrMekCqRj/1UZsAyiC+2yx+LENA07cxmXZgLaN25JI0JIL
EGGlA1oyyZHxR55uKzUECwn+zyqRupiXSLibeDcr/4e5yFtWgA==
-----END CERTIFICATE-----