Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42881.roa
File:                     AS42881.roa (raw, json)
Hash identifier:          pFzroZda1oaCjNqcDjSIQzzOgPxAEAt90HN+Eniw5A4=
Subject key identifier:   3B:B6:D1:68:CF:F3:73:CA:6D:FE:E7:9B:3E:AB:6C:95:D0:E1:52:8A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       668A4D59144C0FAFEE371BDA28D186AA0DC3E7A7
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42881.roa
Signing time:             Wed 11 Jun 2025 07:25:44 +0000
ROA not before:           Wed 11 Jun 2025 07:20:44 +0000
ROA not after:            Wed 10 Jun 2026 07:25:44 +0000
asID:                     42881
IP address blocks:        2a06:2b83::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:8a:4d:59:14:4c:0f:af:ee:37:1b:da:28:d1:86:aa:0d:c3:e7:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 11 07:20:44 2025 GMT
            Not After : Jun 10 07:25:44 2026 GMT
        Subject: CN=3BB6D168CFF373CA6DFEE79B3EAB6C95D0E1528A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e3:80:2f:73:29:ce:b9:29:5c:db:09:e7:ae:
                    c8:fa:86:30:a2:7e:0a:6c:56:61:f0:7f:fe:c8:c8:
                    c4:73:6f:11:b3:33:f7:77:62:49:04:3a:10:18:a8:
                    aa:d5:be:0e:92:9a:66:d2:63:9e:56:cc:ea:12:d5:
                    76:48:df:2b:44:28:7c:84:ac:37:ae:32:5c:97:d7:
                    9a:84:a4:bc:6e:2e:47:43:f2:a5:68:5c:c6:15:7d:
                    68:6c:a7:05:dc:89:2d:87:14:7d:8a:63:2d:73:24:
                    ee:20:2f:f0:3b:6f:7b:af:09:5d:30:a4:ca:a1:09:
                    73:a6:48:cb:85:e3:6e:ea:7f:79:a7:ce:27:ce:d3:
                    24:0e:40:1f:b1:53:54:b1:2d:75:f4:e3:18:8d:15:
                    7a:e5:9e:f9:5b:15:ba:6a:6e:2f:d3:c1:6c:7d:bd:
                    e7:88:4d:69:2c:85:57:24:16:2e:1d:a8:7a:b1:1d:
                    ff:32:12:aa:31:05:2a:9b:04:f5:85:44:76:12:29:
                    45:cf:8f:79:47:83:44:37:fe:39:0c:a3:00:76:66:
                    47:56:3b:4b:5b:2f:7f:eb:5b:a7:fa:86:46:f3:dd:
                    17:32:22:0f:05:c2:b1:7a:7b:08:d4:56:31:61:2b:
                    98:39:dc:ba:20:2a:06:6a:db:e8:9e:f7:cb:a9:31:
                    01:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:B6:D1:68:CF:F3:73:CA:6D:FE:E7:9B:3E:AB:6C:95:D0:E1:52:8A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS42881.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:2b83::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:e8:f7:cd:db:4f:85:50:56:90:38:5d:c7:eb:cd:e2:e7:47:
         7c:4d:63:93:34:09:d8:82:70:fd:53:cf:22:db:06:f0:71:b3:
         35:32:67:08:23:07:ea:aa:d5:ca:c2:ca:a7:a5:aa:2e:78:d3:
         51:92:e8:6f:a9:c3:b8:ee:c2:1d:c0:02:3c:90:01:d3:4c:32:
         ae:63:7e:dc:90:1f:ab:7c:ec:80:90:8f:54:d8:5c:92:2e:c8:
         45:b7:69:48:2f:90:33:51:69:70:f0:27:f4:4c:52:e5:ed:98:
         57:9f:b9:06:cf:b6:5a:70:f7:6c:db:32:20:08:7a:2d:98:dd:
         68:65:da:75:2a:e3:5d:d4:b4:d2:73:87:ff:5d:ec:16:0f:89:
         93:cd:97:e4:4f:f4:33:72:74:4e:52:83:a1:c2:fa:8b:e6:92:
         81:0d:df:d7:03:31:f8:bd:aa:af:bc:94:5f:b5:4d:74:69:d7:
         a6:d7:a6:20:1d:e6:8a:6e:b3:a0:1a:1b:76:56:63:d7:a5:49:
         1e:2e:17:4d:be:85:22:9a:00:21:6d:56:b5:7a:76:19:7b:a4:
         c0:a0:26:c1:e8:13:84:31:79:3b:b1:49:99:34:c6:32:f2:44:
         43:d2:d9:10:2e:b8:37:0f:6c:21:86:38:37:4b:41:82:53:9d:
         20:af:29:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZopNWRRMD6/uNxvaKNGGqg3D56cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTEwNzIwNDRaFw0yNjA2MTAwNzI1NDRaMDMxMTAvBgNV
BAMTKDNCQjZEMTY4Q0ZGMzczQ0E2REZFRTc5QjNFQUI2Qzk1RDBFMTUyOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCM44AvcynOuSlc2wnnrsj6hjCi
fgpsVmHwf/7IyMRzbxGzM/d3YkkEOhAYqKrVvg6SmmbSY55WzOoS1XZI3ytEKHyE
rDeuMlyX15qEpLxuLkdD8qVoXMYVfWhspwXciS2HFH2KYy1zJO4gL/A7b3uvCV0w
pMqhCXOmSMuF427qf3mnzifO0yQOQB+xU1SxLXX04xiNFXrlnvlbFbpqbi/TwWx9
veeITWkshVckFi4dqHqxHf8yEqoxBSqbBPWFRHYSKUXPj3lHg0Q3/jkMowB2ZkdW
O0tbL3/rW6f6hkbz3RcyIg8FwrF6ewjUVjFhK5g53LogKgZq2+ie98upMQGvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUO7bRaM/zc8pt/uebPqtsldDhUoowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDI4ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqBiuD
MA0GCSqGSIb3DQEBCwUAA4IBAQAU6PfN20+FUFaQOF3H683i50d8TWOTNAnYgnD9
U88i2wbwcbM1MmcIIwfqqtXKwsqnpaoueNNRkuhvqcO47sIdwAI8kAHTTDKuY37c
kB+rfOyAkI9U2FySLshFt2lIL5AzUWlw8Cf0TFLl7ZhXn7kGz7ZacPds2zIgCHot
mN1oZdp1KuNd1LTSc4f/XewWD4mTzZfkT/QzcnROUoOhwvqL5pKBDd/XAzH4vaqv
vJRftU10adem16YgHeaKbrOgGht2VmPXpUkeLhdNvoUimgAhbVa1enYZe6TAoCbB
6BOEMXk7sUmZNMYy8kRD0tkQLrg3D2whhjg3S0GCU50gryke
-----END CERTIFICATE-----