Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS42926.roa
File:                     AS42926.roa (raw, json)
Hash identifier:          BDL5sdJOoIFA/o6ff2cw0+apCIrK2lvXliVkfMOytSA=
Subject key identifier:   8A:45:70:D6:33:21:08:80:2E:08:AC:D1:D7:19:34:DB:D6:77:83:C9
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       63B0E8AEC17E58009157E7C51E01E6F52E13CECD
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS42926.roa
Signing time:             Sat 28 Feb 2026 21:20:33 +0000
ROA not before:           Sat 28 Feb 2026 21:15:33 +0000
ROA not after:            Sat 27 Feb 2027 21:20:33 +0000
asID:                     42926
IP address blocks:        2a0f:85c1:8f3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:b0:e8:ae:c1:7e:58:00:91:57:e7:c5:1e:01:e6:f5:2e:13:ce:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 28 21:15:33 2026 GMT
            Not After : Feb 27 21:20:33 2027 GMT
        Subject: CN=8A4570D6332108802E08ACD1D71934DBD67783C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:11:36:85:3c:4a:b6:41:c0:4b:43:59:14:08:
                    04:cc:6c:1d:b4:19:6c:1f:a5:1d:57:ba:fb:0c:41:
                    56:2b:12:51:95:81:b6:f3:e3:cc:dc:40:b0:a7:d1:
                    3a:ef:83:9e:e9:79:d5:e7:b0:0b:00:5f:04:bd:e3:
                    3a:5a:ba:c5:70:ce:79:76:40:35:30:92:3c:84:3a:
                    27:2b:59:9a:2e:17:8a:87:62:43:29:be:2c:b2:4f:
                    8f:6d:58:c4:80:33:40:65:b0:55:0d:1b:12:54:4f:
                    da:7f:32:54:cb:2d:c0:2e:51:77:09:ae:e5:fd:fb:
                    3c:52:1f:c8:20:df:c9:aa:6f:d4:5f:fe:a3:a4:e9:
                    00:77:8c:c3:04:0d:4d:07:e7:4a:9a:ac:3f:e4:a9:
                    c3:65:46:c2:54:32:d5:b3:92:24:c5:19:a8:72:ab:
                    b4:84:4e:7f:90:db:e8:f8:66:ea:45:05:15:fe:2b:
                    d7:35:4b:3a:a5:8d:fe:80:a4:83:4d:4e:2b:6b:50:
                    c4:98:4f:c8:d3:f3:06:f5:6f:53:53:57:ad:7f:94:
                    26:cd:bf:5a:f1:7e:9a:a9:ab:19:e4:68:00:da:2c:
                    db:51:6d:13:b6:67:8c:ba:22:f1:06:33:0d:4c:ee:
                    27:8b:86:b7:ab:8a:f6:3a:6b:15:c0:ad:10:d3:3d:
                    68:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:45:70:D6:33:21:08:80:2E:08:AC:D1:D7:19:34:DB:D6:77:83:C9
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS42926.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8f3::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:c7:23:26:1e:41:aa:67:85:d3:78:89:84:97:b5:fa:28:0e:
         fd:84:a4:04:e1:7c:8b:f5:f0:98:4d:2f:2e:a5:31:30:85:44:
         20:04:7f:8f:d5:5a:1b:e0:fa:c9:c0:e8:29:94:40:91:ef:90:
         45:1e:d5:19:ce:eb:ed:46:90:02:eb:aa:d5:39:d1:4a:36:08:
         2b:c1:4d:43:b5:38:7a:1f:16:61:44:42:a3:8b:35:96:89:6f:
         11:2a:b7:7c:e2:61:20:e5:fa:37:eb:e7:29:e0:38:2a:63:dd:
         16:08:e9:c6:92:9e:83:25:cc:3d:f8:ee:58:72:c7:9d:6c:6d:
         93:db:a1:46:dc:b1:ad:9d:bd:62:af:e4:2e:27:b9:01:f7:5c:
         b1:ee:77:8a:30:32:91:03:68:62:fe:d2:cf:13:3d:1d:8c:2b:
         0b:78:5e:1e:ce:47:ae:bf:69:5d:59:24:aa:5f:fc:50:5f:3d:
         a8:cd:04:be:3a:e5:54:00:74:6d:3d:2d:34:a0:78:d3:dd:3e:
         57:1a:d2:01:14:7b:ed:08:92:8b:f6:69:fb:4c:9c:ff:73:8a:
         be:94:96:03:18:22:9a:11:16:9b:72:c4:30:30:36:ea:62:26:
         1d:9c:c8:ea:0d:e8:d8:80:1f:06:4d:74:8b:6d:0e:c0:bf:91:
         e3:ec:ff:43
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUY7DorsF+WACRV+fFHgHm9S4Tzs0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMjgyMTE1MzNaFw0yNzAyMjcyMTIwMzNaMDMxMTAvBgNV
BAMTKDhBNDU3MEQ2MzMyMTA4ODAyRTA4QUNEMUQ3MTkzNERCRDY3NzgzQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEETaFPEq2QcBLQ1kUCATMbB20
GWwfpR1XuvsMQVYrElGVgbbz48zcQLCn0Trvg57pedXnsAsAXwS94zpausVwznl2
QDUwkjyEOicrWZouF4qHYkMpviyyT49tWMSAM0BlsFUNGxJUT9p/MlTLLcAuUXcJ
ruX9+zxSH8gg38mqb9Rf/qOk6QB3jMMEDU0H50qarD/kqcNlRsJUMtWzkiTFGahy
q7SETn+Q2+j4ZupFBRX+K9c1Szqljf6ApINNTitrUMSYT8jT8wb1b1NTV61/lCbN
v1rxfpqpqxnkaADaLNtRbRO2Z4y6IvEGMw1M7ieLhrerivY6axXArRDTPWgfAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUikVw1jMhCIAuCKzR1xk029Z3g8kwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTNDI5MjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
CPMwDQYJKoZIhvcNAQELBQADggEBAATHIyYeQapnhdN4iYSXtfooDv2EpAThfIv1
8JhNLy6lMTCFRCAEf4/VWhvg+snA6CmUQJHvkEUe1RnO6+1GkALrqtU50Uo2CCvB
TUO1OHofFmFEQqOLNZaJbxEqt3ziYSDl+jfr5yngOCpj3RYI6caSnoMlzD347lhy
x51sbZPboUbcsa2dvWKv5C4nuQH3XLHud4owMpEDaGL+0s8TPR2MKwt4Xh7OR66/
aV1ZJKpf/FBfPajNBL465VQAdG09LTSgeNPdPlca0gEUe+0Ikov2aftMnP9zir6U
lgMYIpoRFptyxDAwNupiJh2cyOoN6NiAHwZNdIttDsC/kePs/0M=
-----END CERTIFICATE-----