Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42708.roa
File:                     AS42708.roa (raw, json)
Hash identifier:          spdNtSeNYUZlgLdMuZXLcZz/0fSzDaoHiH/20vUnv4s=
Subject key identifier:   35:3D:FF:42:89:BC:E1:4C:5E:A6:E5:C3:73:86:7A:25:04:DC:0D:FF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       17F65A6D572EA93BED3DD2B72111927FB7BB2859
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42708.roa
Signing time:             Wed 26 Feb 2025 14:53:55 +0000
ROA not before:           Wed 26 Feb 2025 14:48:55 +0000
ROA not after:            Wed 25 Feb 2026 14:53:55 +0000
asID:                     42708
IP address blocks:        2a0b:506::/32 maxlen: 48
                          2a0b:507::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:f6:5a:6d:57:2e:a9:3b:ed:3d:d2:b7:21:11:92:7f:b7:bb:28:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 26 14:48:55 2025 GMT
            Not After : Feb 25 14:53:55 2026 GMT
        Subject: CN=353DFF4289BCE14C5EA6E5C373867A2504DC0DFF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8e:e2:77:f0:72:53:74:ae:c8:ae:a7:49:ab:
                    96:5d:4d:0c:3b:3a:a9:45:71:60:d5:da:0a:1b:37:
                    ce:b9:12:25:70:8d:94:2f:31:fd:88:fd:28:73:57:
                    12:b3:9b:e6:58:38:14:1f:5d:ab:55:cd:27:b7:f1:
                    70:b2:a0:85:9c:c2:22:c5:78:94:76:c3:78:8d:89:
                    87:13:42:34:2d:6d:b3:10:cb:02:60:5a:2b:e6:ea:
                    4b:bc:35:f4:5a:41:1c:9d:97:2e:69:5b:94:81:63:
                    0b:19:4d:d8:69:89:c1:bb:51:5a:3f:1d:72:46:bd:
                    8a:e2:98:d4:cf:70:2f:f9:88:31:aa:28:db:d9:2a:
                    d4:db:4e:27:b0:13:27:e1:5e:59:6f:eb:82:ae:e9:
                    2c:9f:36:63:8e:78:86:f4:b1:6a:cd:f7:6f:58:82:
                    2c:bb:64:25:60:6e:3e:dd:d3:e4:15:91:91:f7:2f:
                    59:87:78:69:70:e9:b3:50:36:d7:bf:8a:3f:89:f1:
                    c2:64:5d:87:93:52:14:1e:d9:87:72:73:7e:48:87:
                    7b:d0:7e:23:f2:e5:90:fc:95:68:1f:20:dc:5a:a6:
                    b9:2a:e7:66:fa:41:aa:28:17:08:40:51:c7:8b:c1:
                    5d:03:bb:41:28:7e:3a:2f:e9:32:c7:6b:4a:47:5c:
                    33:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:3D:FF:42:89:BC:E1:4C:5E:A6:E5:C3:73:86:7A:25:04:DC:0D:FF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42708.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:506::/31

    Signature Algorithm: sha256WithRSAEncryption
         b4:19:57:83:5d:d8:bf:cc:20:8a:6c:17:f3:ad:62:d1:8c:ee:
         f2:1b:52:e0:74:ce:34:5e:94:0e:86:1b:e6:cf:08:e4:c0:ee:
         e3:fa:f7:93:bd:6c:3b:7b:5e:a4:57:f1:be:e4:db:65:3f:f7:
         d5:e5:d0:04:bc:0e:5c:b1:09:fc:a4:1d:18:bb:a1:31:99:1a:
         06:06:f8:80:91:25:78:d4:59:e4:8e:28:98:ec:7c:76:be:1e:
         09:ef:a3:3e:46:38:8e:81:e5:72:e1:58:b0:83:70:77:d8:52:
         db:de:7b:02:27:21:3d:cf:69:31:bf:f3:b7:2c:46:12:8e:63:
         08:d1:3a:ed:6f:74:ca:db:ac:bc:c4:46:65:81:51:42:ee:6c:
         99:2a:8d:81:aa:6a:7f:53:a6:63:ae:25:a3:ff:4f:99:fe:61:
         29:8a:75:6d:22:d5:7b:e6:b5:d9:44:77:a0:ce:09:57:36:19:
         46:20:01:f5:f0:cb:fe:cc:18:8c:1c:39:82:c8:b9:0f:26:07:
         f8:12:ce:36:81:8d:5d:c6:8f:ae:5e:75:dd:3c:bc:0e:75:32:
         f5:b9:6f:d9:bd:3b:17:c8:16:59:74:52:c0:da:b9:77:20:ee:
         1c:95:2f:5a:89:19:ce:a5:09:99:5e:c6:61:a5:67:93:b6:4d:
         20:3d:ea:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUF/ZabVcuqTvtPdK3IRGSf7e7KFkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAyMjYxNDQ4NTVaFw0yNjAyMjUxNDUzNTVaMDMxMTAvBgNV
BAMTKDM1M0RGRjQyODlCQ0UxNEM1RUE2RTVDMzczODY3QTI1MDREQzBERkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUjuJ38HJTdK7IrqdJq5ZdTQw7
OqlFcWDV2gobN865EiVwjZQvMf2I/ShzVxKzm+ZYOBQfXatVzSe38XCyoIWcwiLF
eJR2w3iNiYcTQjQtbbMQywJgWivm6ku8NfRaQRydly5pW5SBYwsZTdhpicG7UVo/
HXJGvYrimNTPcC/5iDGqKNvZKtTbTiewEyfhXllv64Ku6SyfNmOOeIb0sWrN929Y
giy7ZCVgbj7d0+QVkZH3L1mHeGlw6bNQNte/ij+J8cJkXYeTUhQe2Ydyc35Ih3vQ
fiPy5ZD8lWgfINxaprkq52b6QaooFwhAUceLwV0Du0Eofjov6TLHa0pHXDO/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNT3/Qom84UxepuXDc4Z6JQTcDf8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDI3MDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQEqCwUG
MA0GCSqGSIb3DQEBCwUAA4IBAQC0GVeDXdi/zCCKbBfzrWLRjO7yG1LgdM40XpQO
hhvmzwjkwO7j+veTvWw7e16kV/G+5NtlP/fV5dAEvA5csQn8pB0Yu6ExmRoGBviA
kSV41FnkjiiY7Hx2vh4J76M+RjiOgeVy4Viwg3B32FLb3nsCJyE9z2kxv/O3LEYS
jmMI0Trtb3TK26y8xEZlgVFC7myZKo2Bqmp/U6ZjriWj/0+Z/mEpinVtItV75rXZ
RHegzglXNhlGIAH18Mv+zBiMHDmCyLkPJgf4Es42gY1dxo+uXnXdPLwOdTL1uW/Z
vTsXyBZZdFLA2rl3IO4clS9aiRnOpQmZXsZhpWeTtk0gPerp
-----END CERTIFICATE-----