Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS26042.roa
File:                     AS26042.roa (raw, json)
Hash identifier:          ccHBToTQm8WJZp++NaBIgDjcUTquJ7wLff8A7LZJDq4=
Subject key identifier:   DE:BB:6D:AB:4E:E0:0C:DD:99:B6:0B:3F:B0:F0:B4:D1:B4:AB:12:6B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5ACD38F560F45AADFF33CCA2FA6F49294838600C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS26042.roa
Signing time:             Wed 08 Jan 2025 11:27:43 +0000
ROA not before:           Wed 08 Jan 2025 11:22:43 +0000
ROA not after:            Wed 07 Jan 2026 11:27:43 +0000
asID:                     26042
IP address blocks:        82.29.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:cd:38:f5:60:f4:5a:ad:ff:33:cc:a2:fa:6f:49:29:48:38:60:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan  8 11:22:43 2025 GMT
            Not After : Jan  7 11:27:43 2026 GMT
        Subject: CN=DEBB6DAB4EE00CDD99B60B3FB0F0B4D1B4AB126B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fb:a3:55:61:3d:b8:57:af:f3:7d:79:72:25:
                    2c:ad:cf:1d:20:8c:97:97:58:85:e1:a5:c5:ba:a2:
                    fe:3b:be:42:65:68:47:e1:a6:ae:74:27:f3:8c:35:
                    bd:8c:26:e0:ff:6b:27:a4:7f:ef:c8:f4:2e:d6:0a:
                    74:ee:88:a3:12:3a:11:10:c6:5e:fe:26:fb:cc:bf:
                    a2:da:b4:dc:b1:0e:74:d5:cc:d6:8d:a9:e5:9f:c8:
                    70:0e:3a:6b:03:5d:18:e6:61:a1:2a:b3:53:c2:19:
                    c5:1e:ad:71:f5:f3:0f:cb:be:73:c2:b0:f2:c4:fd:
                    86:a0:bf:9f:ea:5f:26:17:a7:77:55:27:78:3b:d1:
                    2d:85:eb:78:19:b7:4e:35:68:ed:0c:69:41:b9:d4:
                    b7:30:46:ee:de:a3:8f:ea:10:75:2d:80:40:cb:84:
                    b6:35:b5:f4:ed:7d:42:ec:15:dd:8f:cd:e8:24:34:
                    67:db:79:f6:e8:c2:6e:48:b8:02:ae:bd:ea:fd:d4:
                    53:82:c6:b6:65:59:2a:a7:1b:77:32:56:f8:8a:f7:
                    90:38:01:29:16:a9:bc:fa:05:18:ad:86:7d:83:9c:
                    5f:41:ed:46:7f:b5:8f:56:ed:13:bc:a4:b3:f1:fd:
                    44:0c:13:87:9a:70:e3:0b:f3:b1:2b:6f:73:06:f6:
                    d6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BB:6D:AB:4E:E0:0C:DD:99:B6:0B:3F:B0:F0:B4:D1:B4:AB:12:6B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS26042.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:a1:c0:2b:60:88:88:75:02:37:bc:53:33:8b:7d:b3:8f:cd:
         0f:20:21:6f:ee:97:a9:16:17:10:51:93:74:fe:0a:12:90:3a:
         9c:a8:9f:ac:8b:4d:ff:68:51:59:82:97:da:a2:00:7b:63:08:
         0f:97:7d:e7:8f:b8:67:90:51:d0:d8:ba:07:01:0a:56:d7:53:
         44:97:73:d3:90:bd:5e:ee:7f:dc:3d:60:d1:5b:bd:60:ad:ff:
         16:a9:64:77:50:8f:3b:56:69:66:b5:ef:7e:dc:cc:55:c7:5a:
         b9:d0:2c:39:3c:f9:52:50:01:73:fb:e6:21:28:08:89:b1:3e:
         e6:5c:ef:f4:a7:13:7b:ce:c4:39:b0:df:00:38:18:15:cd:7a:
         77:ae:9e:13:eb:bd:40:5f:0a:25:31:22:1c:f5:6d:4f:39:21:
         a5:6d:2d:48:ce:06:df:a4:bc:27:bf:c8:b9:67:33:c3:dc:87:
         b1:32:f9:d8:f9:5e:2b:15:0d:0d:db:0b:1b:f1:25:74:02:08:
         c7:48:bc:cc:01:85:4c:fe:2f:a9:aa:69:90:31:8d:64:4f:63:
         c0:af:e3:7b:f8:de:d9:5f:cd:c7:e3:c1:3a:39:e2:3c:98:e9:
         c9:fa:31:5c:93:28:c2:83:f6:25:0d:5b:ef:58:97:64:53:c6:
         e7:33:6e:db
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUWs049WD0Wq3/M8yi+m9JKUg4YAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMDgxMTIyNDNaFw0yNjAxMDcxMTI3NDNaMDMxMTAvBgNV
BAMTKERFQkI2REFCNEVFMDBDREQ5OUI2MEIzRkIwRjBCNEQxQjRBQjEyNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt+6NVYT24V6/zfXlyJSytzx0g
jJeXWIXhpcW6ov47vkJlaEfhpq50J/OMNb2MJuD/ayekf+/I9C7WCnTuiKMSOhEQ
xl7+JvvMv6LatNyxDnTVzNaNqeWfyHAOOmsDXRjmYaEqs1PCGcUerXH18w/LvnPC
sPLE/Yagv5/qXyYXp3dVJ3g70S2F63gZt041aO0MaUG51LcwRu7eo4/qEHUtgEDL
hLY1tfTtfULsFd2PzegkNGfbefbowm5IuAKuver91FOCxrZlWSqnG3cyVviK95A4
ASkWqbz6BRithn2DnF9B7UZ/tY9W7RO8pLPx/UQME4eacOML87Erb3MG9tZXAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU3rttq07gDN2Ztgs/sPC00bSrEmswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjYwNDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSHRYw
DQYJKoZIhvcNAQELBQADggEBAFWhwCtgiIh1Aje8UzOLfbOPzQ8gIW/ul6kWFxBR
k3T+ChKQOpyon6yLTf9oUVmCl9qiAHtjCA+XfeePuGeQUdDYugcBClbXU0SXc9OQ
vV7uf9w9YNFbvWCt/xapZHdQjztWaWa1737czFXHWrnQLDk8+VJQAXP75iEoCImx
PuZc7/SnE3vOxDmw3wA4GBXNeneunhPrvUBfCiUxIhz1bU85IaVtLUjOBt+kvCe/
yLlnM8Pch7Ey+dj5XisVDQ3bCxvxJXQCCMdIvMwBhUz+L6mqaZAxjWRPY8Cv43v4
3tlfzcfjwTo54jyY6cn6MVyTKMKD9iUNW+9Yl2RTxuczbts=
-----END CERTIFICATE-----