Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS26042.roa
File:                     AS26042.roa (raw, json)
Hash identifier:          k2pzgKkteqUWdlfob83w7ZcvL3i3q4EWyzJpWxedyh0=
Subject key identifier:   CF:F0:77:54:91:07:E9:B7:65:95:92:6A:B3:92:AE:FC:01:A5:C9:71
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0AA6AAD6289132CDE0FF55A798E83A0956B705FB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS26042.roa
Signing time:             Wed 08 Oct 2025 07:16:53 +0000
ROA not before:           Wed 08 Oct 2025 07:11:53 +0000
ROA not after:            Wed 07 Oct 2026 07:16:53 +0000
asID:                     26042
IP address blocks:        82.24.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:a6:aa:d6:28:91:32:cd:e0:ff:55:a7:98:e8:3a:09:56:b7:05:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct  8 07:11:53 2025 GMT
            Not After : Oct  7 07:16:53 2026 GMT
        Subject: CN=CFF077549107E9B76595926AB392AEFC01A5C971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4b:2e:0a:5b:f6:55:1e:b7:9a:5d:d9:c5:2d:
                    ca:cc:6a:a0:ff:30:fe:6a:e5:ec:41:fd:50:c1:e6:
                    c4:e9:0a:24:89:65:da:8f:09:ee:10:3d:ff:b8:d2:
                    78:95:20:5a:e9:dd:11:31:a5:3e:e7:2a:d3:ce:5c:
                    c6:03:b8:13:0c:18:9f:c3:5d:6a:95:b6:b9:0a:02:
                    6f:fa:89:c0:af:f5:4c:e9:1b:dd:9c:01:93:65:4e:
                    7b:ce:57:57:d9:67:5c:f0:d5:fc:f2:b2:d7:01:c5:
                    61:03:04:1b:9a:99:79:43:50:5c:db:35:46:89:d8:
                    d4:09:af:3e:2e:59:66:fb:60:85:5e:81:f1:86:72:
                    75:a9:35:b4:5d:67:d7:d2:cb:8e:ef:74:95:2a:b9:
                    c8:06:68:3c:06:5a:50:93:63:7d:76:2f:30:f1:40:
                    21:aa:71:1b:14:68:ae:77:cc:eb:d4:47:9e:f6:12:
                    99:26:a9:4c:21:20:50:f9:ba:aa:ec:8a:37:68:93:
                    61:ff:e9:fc:c3:2f:b6:85:df:71:45:0e:10:e4:b8:
                    52:c7:34:c2:a8:3d:4e:ca:61:55:24:63:6e:2a:70:
                    2f:6a:37:87:3f:de:44:ab:0e:f1:8d:d3:2a:79:9a:
                    98:66:16:3a:51:4c:0b:fa:e7:29:95:79:7c:96:bd:
                    7c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:F0:77:54:91:07:E9:B7:65:95:92:6A:B3:92:AE:FC:01:A5:C9:71
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS26042.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:28:9a:08:cf:05:d6:00:ff:8f:1f:c2:af:b2:f2:a2:24:d9:
         2d:f1:07:e6:4b:f4:62:53:fe:d4:09:9d:35:9e:e5:5d:a7:f7:
         e4:fa:5c:78:4b:c2:87:c4:ce:f1:98:8e:d5:6a:4b:20:3e:ba:
         d6:04:bb:2f:c0:22:3d:ac:4b:24:00:50:23:60:68:93:cb:bc:
         28:ce:e1:05:ac:30:60:66:b1:a5:30:e9:72:34:bd:e3:5d:82:
         fc:55:97:1b:72:8b:59:f9:97:d5:30:f6:71:a5:d0:96:be:aa:
         2b:75:ba:37:af:89:b1:73:18:9e:72:b5:56:30:a5:b3:38:27:
         a2:69:a5:86:80:ee:80:43:2c:64:55:1c:b3:00:b7:25:92:66:
         51:25:f7:a5:e0:58:47:89:cd:cb:59:eb:af:99:57:8f:d7:b2:
         34:a0:c4:df:d6:93:5b:93:f5:f4:f2:79:ae:40:a3:0a:4a:60:
         f5:cd:00:48:7d:68:1a:3d:e3:49:b2:f2:80:6f:27:ae:88:80:
         6f:b1:9a:ba:33:f7:f3:23:59:9e:08:10:cf:bb:7d:5f:60:e1:
         de:ce:8a:ce:ed:69:b0:71:26:3b:8a:c2:9c:0a:27:9b:63:6f:
         fa:91:03:14:9f:dc:00:86:d8:3d:eb:86:20:a8:b8:e4:e3:bd:
         87:f3:7a:d4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCqaq1iiRMs3g/1WnmOg6CVa3BfswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMDgwNzExNTNaFw0yNjEwMDcwNzE2NTNaMDMxMTAvBgNV
BAMTKENGRjA3NzU0OTEwN0U5Qjc2NTk1OTI2QUIzOTJBRUZDMDFBNUM5NzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Sy4KW/ZVHreaXdnFLcrMaqD/
MP5q5exB/VDB5sTpCiSJZdqPCe4QPf+40niVIFrp3RExpT7nKtPOXMYDuBMMGJ/D
XWqVtrkKAm/6icCv9UzpG92cAZNlTnvOV1fZZ1zw1fzystcBxWEDBBuamXlDUFzb
NUaJ2NQJrz4uWWb7YIVegfGGcnWpNbRdZ9fSy47vdJUqucgGaDwGWlCTY312LzDx
QCGqcRsUaK53zOvUR572EpkmqUwhIFD5uqrsijdok2H/6fzDL7aF33FFDhDkuFLH
NMKoPU7KYVUkY24qcC9qN4c/3kSrDvGN0yp5mphmFjpRTAv65ymVeXyWvXyDAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUz/B3VJEH6bdllZJqs5Ku/AGlyXEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjYwNDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSGG4w
DQYJKoZIhvcNAQELBQADggEBAAsomgjPBdYA/48fwq+y8qIk2S3xB+ZL9GJT/tQJ
nTWe5V2n9+T6XHhLwofEzvGYjtVqSyA+utYEuy/AIj2sSyQAUCNgaJPLvCjO4QWs
MGBmsaUw6XI0veNdgvxVlxtyi1n5l9Uw9nGl0Ja+qit1ujevibFzGJ5ytVYwpbM4
J6JppYaA7oBDLGRVHLMAtyWSZlEl96XgWEeJzctZ66+ZV4/XsjSgxN/Wk1uT9fTy
ea5AowpKYPXNAEh9aBo940my8oBvJ66IgG+xmroz9/MjWZ4IEM+7fV9g4d7Ois7t
abBxJjuKwpwKJ5tjb/qRAxSf3ACG2D3rhiCouOTjvYfzetQ=
-----END CERTIFICATE-----