Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42708.roa
File:                     AS42708.roa (raw, json)
Hash identifier:          l9gmd19hUwo+67BAUlld7ZAE3jjZAsrkzCpLWGafkQQ=
Subject key identifier:   93:0A:D3:28:AC:91:B4:72:82:AC:D5:DC:D4:62:35:16:C0:F8:1A:CE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       69F2ED433B31618548C13411851AEF159928FD27
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42708.roa
Signing time:             Wed 27 Mar 2024 14:47:19 +0000
ROA not before:           Wed 27 Mar 2024 14:42:19 +0000
ROA not after:            Wed 26 Mar 2025 14:47:19 +0000
asID:                     42708
IP address blocks:        2a0b:506::/32 maxlen: 48
                          2a0b:507::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:f2:ed:43:3b:31:61:85:48:c1:34:11:85:1a:ef:15:99:28:fd:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 27 14:42:19 2024 GMT
            Not After : Mar 26 14:47:19 2025 GMT
        Subject: CN=930AD328AC91B47282ACD5DCD4623516C0F81ACE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:33:30:a6:7c:e0:6a:b5:46:ac:3a:68:0f:66:
                    da:57:0a:ba:86:33:59:93:ee:3c:16:eb:8b:50:9a:
                    31:e0:f0:52:15:e0:bf:ee:a0:0e:c1:4c:54:bf:6d:
                    eb:20:2e:28:ac:41:ba:ac:7f:05:e0:2d:70:25:98:
                    61:93:a7:68:78:c7:25:c4:9e:32:ab:59:ed:a7:10:
                    21:cd:0c:d7:35:74:4c:37:81:10:05:75:47:c4:e1:
                    f3:76:24:36:b2:ca:bd:f6:14:76:6d:fa:b0:d8:94:
                    e0:6f:5b:b5:e0:96:d8:e4:a4:16:06:03:a9:c2:4d:
                    c8:54:a1:c4:0a:11:be:c5:9e:f7:06:a7:5b:15:7b:
                    7f:88:59:3b:c7:f3:25:8c:8e:07:ef:a0:06:0e:55:
                    f9:36:9d:59:6c:91:c2:13:bb:3d:82:e3:49:0f:dd:
                    85:07:b9:de:4f:58:6b:a8:09:ec:ba:dc:9f:c8:b3:
                    a6:5a:ec:38:ce:09:07:23:4d:84:2a:1a:5d:02:26:
                    fa:7a:4e:69:a8:06:b6:eb:63:69:6c:85:cc:d1:f5:
                    90:24:0a:db:db:81:c0:4e:d6:7a:60:0a:52:3f:81:
                    cb:8a:e3:a8:62:2b:c9:92:c5:67:60:54:3e:6a:e9:
                    20:f5:92:e9:7e:3b:7f:0b:c5:28:2b:86:79:b7:f2:
                    08:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:0A:D3:28:AC:91:B4:72:82:AC:D5:DC:D4:62:35:16:C0:F8:1A:CE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42708.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:506::/31

    Signature Algorithm: sha256WithRSAEncryption
         a5:2d:50:af:10:03:c2:eb:2c:89:0f:ac:26:1c:e1:30:a1:d0:
         cf:c4:1a:44:65:d3:77:e7:41:4e:e2:e3:d8:87:e8:d3:ff:12:
         1a:b3:7f:6a:a2:b3:d8:41:3c:cf:f4:af:1a:2e:98:25:53:9c:
         e9:57:4b:86:36:74:cc:27:c0:2c:9a:dc:21:91:69:b0:38:27:
         d8:c6:0b:d1:a8:47:6d:13:84:46:45:92:2a:ea:30:de:0d:0d:
         f2:22:4f:3b:00:00:79:9c:ee:f4:58:c3:e1:81:95:d1:40:70:
         d8:e9:1f:ef:a6:79:f1:c6:c9:84:eb:50:85:78:a6:7a:27:bf:
         68:4d:3a:d5:2b:4c:1c:4f:67:27:5e:88:6f:c3:e6:b8:bd:9d:
         8a:3e:5f:4f:d2:62:f7:c7:66:9a:7a:e4:5c:7a:fa:a1:af:14:
         10:c1:40:e3:60:72:77:4b:14:40:62:46:8f:53:e7:09:db:ff:
         de:97:b4:b6:fd:f8:f6:10:c3:c4:fd:e0:c0:0a:e3:d2:d9:1c:
         81:33:fb:05:61:c2:24:a2:aa:58:20:7a:44:f2:3b:6f:72:29:
         19:d5:cc:bf:1b:48:e3:f3:44:75:bc:76:c7:40:a5:c2:f8:64:
         b3:62:4c:0c:d4:cc:e0:c8:3a:49:2d:80:3d:1a:85:3d:71:58:
         45:d2:5e:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUafLtQzsxYYVIwTQRhRrvFZko/ScwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMjcxNDQyMTlaFw0yNTAzMjYxNDQ3MTlaMDMxMTAvBgNV
BAMTKDkzMEFEMzI4QUM5MUI0NzI4MkFDRDVEQ0Q0NjIzNTE2QzBGODFBQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwMzCmfOBqtUasOmgPZtpXCrqG
M1mT7jwW64tQmjHg8FIV4L/uoA7BTFS/besgLiisQbqsfwXgLXAlmGGTp2h4xyXE
njKrWe2nECHNDNc1dEw3gRAFdUfE4fN2JDayyr32FHZt+rDYlOBvW7XgltjkpBYG
A6nCTchUocQKEb7FnvcGp1sVe3+IWTvH8yWMjgfvoAYOVfk2nVlskcITuz2C40kP
3YUHud5PWGuoCey63J/Is6Za7DjOCQcjTYQqGl0CJvp6TmmoBrbrY2lshczR9ZAk
CtvbgcBO1npgClI/gcuK46hiK8mSxWdgVD5q6SD1kul+O38LxSgrhnm38gg1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUkwrTKKyRtHKCrNXc1GI1FsD4Gs4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDI3MDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQEqCwUG
MA0GCSqGSIb3DQEBCwUAA4IBAQClLVCvEAPC6yyJD6wmHOEwodDPxBpEZdN350FO
4uPYh+jT/xIas39qorPYQTzP9K8aLpglU5zpV0uGNnTMJ8AsmtwhkWmwOCfYxgvR
qEdtE4RGRZIq6jDeDQ3yIk87AAB5nO70WMPhgZXRQHDY6R/vpnnxxsmE61CFeKZ6
J79oTTrVK0wcT2cnXohvw+a4vZ2KPl9P0mL3x2aaeuRcevqhrxQQwUDjYHJ3SxRA
YkaPU+cJ2//el7S2/fj2EMPE/eDACuPS2RyBM/sFYcIkoqpYIHpE8jtvcikZ1cy/
G0jj80R1vHbHQKXC+GSzYkwM1MzgyDpJLYA9GoU9cVhF0l7v
-----END CERTIFICATE-----