Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS26042.roa
File:                     AS26042.roa (raw, json)
Hash identifier:          8CsVqCuo/MG+Vhok0gVXmRoGZNznUinNoTT8RHpSSsA=
Subject key identifier:   85:FE:C5:4D:19:90:6B:4E:0A:9F:B0:89:D6:92:EA:3C:C5:4D:88:2A
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       7FE6955CAF512B88AAE785D519E276A892366D8E
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS26042.roa
Signing time:             Wed 11 Jun 2025 03:35:38 +0000
ROA not before:           Wed 11 Jun 2025 03:30:38 +0000
ROA not after:            Wed 10 Jun 2026 03:35:38 +0000
asID:                     26042
IP address blocks:        206.53.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:e6:95:5c:af:51:2b:88:aa:e7:85:d5:19:e2:76:a8:92:36:6d:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jun 11 03:30:38 2025 GMT
            Not After : Jun 10 03:35:38 2026 GMT
        Subject: CN=85FEC54D19906B4E0A9FB089D692EA3CC54D882A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:68:5b:0a:fc:ae:33:85:e9:40:d5:ba:cd:a3:
                    b8:d7:aa:a3:5d:17:d8:14:15:51:4a:5f:ee:fe:b5:
                    b8:2a:0c:96:41:9b:cc:4d:a6:00:6f:d4:68:36:39:
                    a8:6e:55:57:05:36:da:99:f2:90:d6:ba:f8:a2:ff:
                    4c:b3:59:69:5d:5a:73:32:5e:9b:05:e2:10:c2:10:
                    b2:8a:49:3e:a0:1c:da:4b:19:27:85:f0:54:48:5c:
                    0c:51:97:3b:db:d0:3a:6c:86:3c:15:1c:4d:9f:57:
                    29:cd:25:09:ae:2b:e1:81:37:1d:20:74:e2:94:a2:
                    a1:09:a6:49:ae:2c:88:cd:31:2e:be:af:f7:fc:26:
                    70:a9:92:62:77:5d:fb:18:94:d6:cc:de:92:01:65:
                    49:13:88:a4:f1:66:b5:d9:f6:47:47:cf:fe:2e:4e:
                    1d:75:45:4c:25:f1:7a:45:d0:42:59:6b:fb:d9:4b:
                    a7:a1:3a:f0:42:84:42:e3:e0:cb:59:d7:02:8d:11:
                    88:b9:9d:f6:78:e2:b8:af:3c:c5:2d:7a:80:ed:b0:
                    52:a0:e1:ce:d4:15:03:a4:0e:1c:48:87:94:f4:e3:
                    93:e7:67:1a:3a:25:c6:0b:79:dc:fb:ed:c9:35:4e:
                    07:0c:a0:6e:7f:9c:d3:72:35:ac:d0:94:95:ce:e5:
                    34:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:FE:C5:4D:19:90:6B:4E:0A:9F:B0:89:D6:92:EA:3C:C5:4D:88:2A
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS26042.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.53.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:9f:e6:23:27:12:44:98:0c:b4:f4:bd:1c:9f:d9:53:2b:fa:
         1f:4d:c5:fb:4c:d3:38:c7:65:97:a7:d9:29:99:6b:be:09:d5:
         b8:e5:3a:20:dc:a0:8b:82:9d:44:b8:af:2e:76:e0:b6:16:ef:
         f8:c4:95:bd:af:e6:ec:bd:30:76:2c:5f:eb:d0:f8:c7:b1:69:
         eb:af:93:da:81:32:2c:8c:b8:ba:51:00:6d:ee:06:11:5a:de:
         2a:58:a0:54:67:7c:a1:97:c0:db:dd:9a:34:51:51:4e:be:0c:
         33:1d:ee:bd:bf:4b:eb:d8:f9:8e:4d:bf:f9:1e:e0:a8:39:62:
         97:b0:5f:0e:d4:b9:75:99:35:c7:e0:6c:cf:7f:23:c0:e9:38:
         c3:84:b2:f1:24:5b:ad:d4:e6:3e:11:f0:a4:64:b7:98:a6:c5:
         07:ce:96:85:01:b1:2b:0e:e0:ea:81:e7:b8:6c:fa:a6:72:34:
         f5:78:77:06:3c:a7:b5:f8:c1:72:b9:86:63:c8:9d:20:53:32:
         7f:fa:4e:e7:e1:e3:08:5c:a4:84:a7:eb:a9:3e:6d:20:88:e8:
         90:35:6c:cf:cf:8f:7d:49:d3:9c:35:36:b2:e3:ed:c7:ad:57:
         71:ca:7e:7b:d4:9f:05:a4:39:01:10:50:d0:be:28:23:63:e7:
         7b:34:ea:75
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUf+aVXK9RK4iq54XVGeJ2qJI2bY4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTA2MTEwMzMwMzhaFw0yNjA2MTAwMzM1MzhaMDMxMTAvBgNV
BAMTKDg1RkVDNTREMTk5MDZCNEUwQTlGQjA4OUQ2OTJFQTNDQzU0RDg4MkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYaFsK/K4zhelA1brNo7jXqqNd
F9gUFVFKX+7+tbgqDJZBm8xNpgBv1Gg2OahuVVcFNtqZ8pDWuvii/0yzWWldWnMy
XpsF4hDCELKKST6gHNpLGSeF8FRIXAxRlzvb0DpshjwVHE2fVynNJQmuK+GBNx0g
dOKUoqEJpkmuLIjNMS6+r/f8JnCpkmJ3XfsYlNbM3pIBZUkTiKTxZrXZ9kdHz/4u
Th11RUwl8XpF0EJZa/vZS6ehOvBChELj4MtZ1wKNEYi5nfZ44rivPMUteoDtsFKg
4c7UFQOkDhxIh5T045PnZxo6JcYLedz77ck1TgcMoG5/nNNyNazQlJXO5TS7AgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUhf7FTRmQa04Kn7CJ1pLqPMVNiCowHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjYwNDIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADONQEwDQYJKoZIhvcNAQELBQADggEBACOf5iMnEkSY
DLT0vRyf2VMr+h9NxftM0zjHZZen2SmZa74J1bjlOiDcoIuCnUS4ry524LYW7/jE
lb2v5uy9MHYsX+vQ+Mexaeuvk9qBMiyMuLpRAG3uBhFa3ipYoFRnfKGXwNvdmjRR
UU6+DDMd7r2/S+vY+Y5Nv/ke4Kg5YpewXw7UuXWZNcfgbM9/I8DpOMOEsvEkW63U
5j4R8KRkt5imxQfOloUBsSsO4OqB57hs+qZyNPV4dwY8p7X4wXK5hmPInSBTMn/6
Tufh4whcpISn66k+bSCI6JA1bM/Pj31J05w1NrLj7cetV3HKfnvUnwWkOQEQUNC+
KCNj53s06nU=
-----END CERTIFICATE-----