Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS42708.roa
File:                     AS42708.roa (raw, json)
Hash identifier:          eL7KTjqChxawHFKpJzRDbRjacwGBScM/K+qWl5APFv4=
Subject key identifier:   6A:F4:F0:D9:BA:AB:C8:D2:54:1B:9B:50:8A:5C:E2:D4:58:27:E6:70
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0A7717873716B858D1048624174855DA87DDD644
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS42708.roa
Signing time:             Tue 28 Apr 2026 11:03:50 +0000
ROA not before:           Tue 28 Apr 2026 10:58:50 +0000
ROA not after:            Tue 27 Apr 2027 11:03:50 +0000
asID:                     42708
IP address blocks:        178.83.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:77:17:87:37:16:b8:58:d1:04:86:24:17:48:55:da:87:dd:d6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 28 10:58:50 2026 GMT
            Not After : Apr 27 11:03:50 2027 GMT
        Subject: CN=6AF4F0D9BAABC8D2541B9B508A5CE2D45827E670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3f:10:e8:8b:d8:50:f0:90:6e:11:29:a8:72:
                    8d:03:98:d6:96:dd:b1:1c:2e:35:02:6f:b4:2a:10:
                    3b:76:da:f3:06:b4:6a:e5:dc:7d:f5:15:8a:19:a7:
                    67:68:5e:0e:92:e8:c8:02:83:aa:63:91:6a:db:ca:
                    05:77:df:bf:ae:33:07:b8:75:dc:f3:f9:ab:4c:ff:
                    41:72:62:03:12:83:de:3e:a6:c2:c1:0b:5f:e1:7e:
                    70:d8:8e:7c:be:aa:25:7d:05:7d:ce:ac:4e:bf:13:
                    ad:41:b5:3d:c4:2a:08:64:99:61:31:5f:08:43:f1:
                    4f:e3:86:fc:d3:27:9a:b4:9f:10:ae:a8:30:17:4b:
                    3f:0d:9a:a1:b7:33:f4:4e:8a:56:a0:56:97:a5:57:
                    98:9b:0b:d4:fd:ea:c8:6b:63:11:19:b2:17:8c:ea:
                    69:c4:73:19:22:b7:65:ec:f0:cd:a3:59:57:c7:67:
                    23:c7:4a:24:3b:8d:e7:d7:5a:fc:9d:b2:cc:38:08:
                    87:af:d6:f3:6b:8c:4d:6a:22:f6:e4:a7:12:d6:73:
                    67:19:4a:80:5d:68:05:61:ed:10:d5:c6:96:c2:60:
                    67:de:cc:f4:59:9d:d9:78:c0:66:99:81:41:78:ca:
                    02:bb:01:b0:f5:c7:c6:12:07:0b:3f:e6:d5:52:0f:
                    03:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:F4:F0:D9:BA:AB:C8:D2:54:1B:9B:50:8A:5C:E2:D4:58:27:E6:70
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS42708.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:f9:b8:a7:65:78:a1:40:19:a1:b6:35:27:c6:28:00:e9:64:
         9f:d3:b1:7c:a3:8e:8e:50:72:49:eb:a0:07:f9:6a:24:5f:61:
         4f:70:6a:40:0d:ba:b4:40:96:b8:ea:e7:1f:22:01:a0:2d:f2:
         de:cc:31:2e:3b:dc:49:d1:43:ab:d0:df:08:27:c0:9f:93:ac:
         06:80:dd:71:25:60:74:ab:30:e5:42:22:59:a5:0b:67:46:28:
         9a:34:e9:5b:c6:17:5f:b8:11:f8:33:94:bd:89:24:ae:87:8c:
         21:2b:1f:b5:21:51:4c:fb:f9:c3:ee:02:74:2f:23:26:25:a4:
         c3:8d:71:61:7d:2b:19:0b:b6:9e:24:aa:03:10:ff:d5:67:84:
         fc:1f:b3:14:6d:64:46:81:20:79:54:ed:42:84:4e:3b:78:68:
         3c:ec:35:a9:69:d9:8f:ec:c8:d4:ac:5f:d9:49:60:b6:7a:71:
         c1:51:fb:c0:8a:a7:2d:04:21:3e:53:73:67:a7:6c:8d:b8:73:
         59:c8:be:d6:60:5f:b1:e7:f5:43:e9:b4:f3:22:e2:36:c8:71:
         3a:63:55:b7:90:13:61:56:ff:18:69:4f:ec:fc:d5:8b:4b:a5:
         10:d1:87:b6:d2:5f:4b:7a:99:1a:71:fe:3c:f5:bc:26:53:17:
         73:e9:22:ee
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCncXhzcWuFjRBIYkF0hV2ofd1kQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjgxMDU4NTBaFw0yNzA0MjcxMTAzNTBaMDMxMTAvBgNV
BAMTKDZBRjRGMEQ5QkFBQkM4RDI1NDFCOUI1MDhBNUNFMkQ0NTgyN0U2NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEPxDoi9hQ8JBuESmoco0DmNaW
3bEcLjUCb7QqEDt22vMGtGrl3H31FYoZp2doXg6S6MgCg6pjkWrbygV337+uMwe4
ddzz+atM/0FyYgMSg94+psLBC1/hfnDYjny+qiV9BX3OrE6/E61BtT3EKghkmWEx
XwhD8U/jhvzTJ5q0nxCuqDAXSz8NmqG3M/ROilagVpelV5ibC9T96shrYxEZsheM
6mnEcxkit2Xs8M2jWVfHZyPHSiQ7jefXWvydssw4CIev1vNrjE1qIvbkpxLWc2cZ
SoBdaAVh7RDVxpbCYGfezPRZndl4wGaZgUF4ygK7AbD1x8YSBws/5tVSDwOdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUavTw2bqryNJUG5tQilzi1Fgn5nAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDI3MDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACyUx8w
DQYJKoZIhvcNAQELBQADggEBAHD5uKdleKFAGaG2NSfGKADpZJ/TsXyjjo5Qcknr
oAf5aiRfYU9wakANurRAlrjq5x8iAaAt8t7MMS473EnRQ6vQ3wgnwJ+TrAaA3XEl
YHSrMOVCIlmlC2dGKJo06VvGF1+4EfgzlL2JJK6HjCErH7UhUUz7+cPuAnQvIyYl
pMONcWF9KxkLtp4kqgMQ/9VnhPwfsxRtZEaBIHlU7UKETjt4aDzsNalp2Y/syNSs
X9lJYLZ6ccFR+8CKpy0EIT5Tc2enbI24c1nIvtZgX7Hn9UPptPMi4jbIcTpjVbeQ
E2FW/xhpT+z81YtLpRDRh7bSX0t6mRpx/jz1vCZTF3PpIu4=
-----END CERTIFICATE-----