Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS26042.roa
File:                     AS26042.roa (raw, json)
Hash identifier:          gt0Kw4Bncweckvl6AunMs36Vfwu/vyNiTn1KKRb2dA4=
Subject key identifier:   CF:A4:59:E7:F6:1F:E1:F0:85:C6:D6:88:B6:16:4D:E2:A9:6E:4E:CE
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       516E135CBD97917DE88B2A25EB5285DB2BAC77F2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS26042.roa
Signing time:             Mon 21 Jul 2025 13:09:03 +0000
ROA not before:           Mon 21 Jul 2025 13:04:03 +0000
ROA not after:            Mon 20 Jul 2026 13:09:03 +0000
asID:                     26042
IP address blocks:        143.20.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:6e:13:5c:bd:97:91:7d:e8:8b:2a:25:eb:52:85:db:2b:ac:77:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 21 13:04:03 2025 GMT
            Not After : Jul 20 13:09:03 2026 GMT
        Subject: CN=CFA459E7F61FE1F085C6D688B6164DE2A96E4ECE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fc:b3:61:54:ca:93:54:78:5e:4d:e2:2c:a4:
                    5c:5b:21:fa:90:4c:d2:4c:2e:2b:da:d9:4c:91:65:
                    59:5f:5d:93:30:41:9a:62:a6:7c:0b:e4:c8:c8:8b:
                    e4:7f:f4:c5:23:db:11:78:0c:5a:2d:fb:56:8c:d6:
                    5b:52:94:cc:d8:6e:6c:1a:e6:e9:c1:c7:6b:91:84:
                    e2:d1:f3:ac:3f:ec:ef:c6:3c:bb:42:4e:2f:9c:21:
                    80:e7:fc:d6:a8:ca:99:51:74:9c:7e:9b:f5:cc:27:
                    ba:fe:49:63:71:1a:17:9b:df:0b:3a:37:30:b4:1d:
                    83:25:01:c5:c9:9d:95:af:9d:73:7c:b4:85:87:d0:
                    2e:0d:4a:26:75:a1:70:79:f9:c1:d8:b6:b8:da:0a:
                    29:cf:05:88:13:30:ee:d8:fb:e1:12:76:d3:e3:ec:
                    f3:57:80:5c:10:33:79:94:87:c2:03:19:97:da:b9:
                    79:a5:b6:cf:04:ce:dd:fe:70:c7:31:80:a8:40:b5:
                    ea:d4:2d:d8:e4:b9:5b:74:90:93:4f:6c:ae:ea:47:
                    59:82:eb:1f:ef:5d:b7:a2:1b:d1:de:15:82:55:3b:
                    29:13:54:1d:52:64:da:69:64:36:91:f1:cd:a4:a3:
                    9f:e1:83:bf:55:88:b9:72:6e:70:5d:af:b5:84:de:
                    d8:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:A4:59:E7:F6:1F:E1:F0:85:C6:D6:88:B6:16:4D:E2:A9:6E:4E:CE
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS26042.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:fb:94:12:3a:9c:49:cc:a7:3d:f0:e5:cc:d5:10:e3:de:39:
         b8:cc:a3:da:32:61:6e:59:1a:9a:c2:fe:55:e1:69:84:b8:7b:
         58:f1:2a:38:3a:da:86:aa:6f:58:41:94:81:c8:2c:13:2d:04:
         2f:f7:c3:36:55:46:b7:08:dc:49:29:df:24:43:31:5c:61:62:
         bd:4a:3e:9d:84:c9:97:e6:14:79:ad:2f:bf:0d:76:58:ea:eb:
         23:ae:64:67:a8:78:b9:73:15:57:33:5b:4f:18:70:36:63:da:
         26:1d:1b:85:db:18:3f:56:6a:7f:2a:cd:4b:40:06:d8:11:44:
         99:37:aa:c6:74:ce:19:4b:73:7e:77:84:06:68:06:87:56:74:
         95:c5:29:1a:8c:be:36:02:5d:cd:e2:29:9d:b9:7e:87:19:a9:
         82:2b:14:85:47:4f:75:f6:9e:8e:51:b7:4e:4b:ba:b7:84:98:
         31:6c:3a:1a:3e:92:00:83:56:55:9a:fd:06:d7:70:5d:4f:b8:
         81:16:67:8a:b3:c0:cb:bf:ba:c8:d1:15:54:ef:e5:a1:4b:10:
         73:34:5d:a8:fe:31:fb:81:1d:09:75:44:5f:f9:74:40:35:e2:
         e4:d2:5a:ed:94:d0:27:ba:98:5a:0f:3d:d2:03:cb:75:b6:c1:
         0a:fc:35:80
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUUW4TXL2XkX3oiyol61KF2yusd/IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjExMzA0MDNaFw0yNjA3MjAxMzA5MDNaMDMxMTAvBgNV
BAMTKENGQTQ1OUU3RjYxRkUxRjA4NUM2RDY4OEI2MTY0REUyQTk2RTRFQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB/LNhVMqTVHheTeIspFxbIfqQ
TNJMLiva2UyRZVlfXZMwQZpipnwL5MjIi+R/9MUj2xF4DFot+1aM1ltSlMzYbmwa
5unBx2uRhOLR86w/7O/GPLtCTi+cIYDn/NaoyplRdJx+m/XMJ7r+SWNxGheb3ws6
NzC0HYMlAcXJnZWvnXN8tIWH0C4NSiZ1oXB5+cHYtrjaCinPBYgTMO7Y++ESdtPj
7PNXgFwQM3mUh8IDGZfauXmlts8Ezt3+cMcxgKhAterULdjkuVt0kJNPbK7qR1mC
6x/vXbeiG9HeFYJVOykTVB1SZNppZDaR8c2ko5/hg79ViLlybnBdr7WE3tjZAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUz6RZ5/Yf4fCFxtaIthZN4qluTs4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjYwNDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFKEw
DQYJKoZIhvcNAQELBQADggEBAGf7lBI6nEnMpz3w5czVEOPeObjMo9oyYW5ZGprC
/lXhaYS4e1jxKjg62oaqb1hBlIHILBMtBC/3wzZVRrcI3Ekp3yRDMVxhYr1KPp2E
yZfmFHmtL78Ndljq6yOuZGeoeLlzFVczW08YcDZj2iYdG4XbGD9Wan8qzUtABtgR
RJk3qsZ0zhlLc353hAZoBodWdJXFKRqMvjYCXc3iKZ25focZqYIrFIVHT3X2no5R
t05LureEmDFsOho+kgCDVlWa/QbXcF1PuIEWZ4qzwMu/usjRFVTv5aFLEHM0Xaj+
MfuBHQl1RF/5dEA14uTSWu2U0Ce6mFoPPdIDy3W2wQr8NYA=
-----END CERTIFICATE-----