Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/rak2_-SPN1vaCIcAyImgSPFa5eM.roa
File:                     rak2_-SPN1vaCIcAyImgSPFa5eM.roa (raw, json)
Hash identifier:          AuwFsCblRDw7P64eZFdGKMlPfz7f1u9Idvfotv5sdw4=
Subject key identifier:   AD:A9:36:FF:E4:8F:37:5B:DA:08:87:00:C8:89:A0:48:F1:5A:E5:E3
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D5B4352117A391E4954E056DA06E0D
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/rak2_-SPN1vaCIcAyImgSPFa5eM.roa
Signing time:             Wed 01 Jan 2025 07:47:43 +0000
ROA not before:           Wed 01 Jan 2025 07:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47818
IP address blocks:        194.2.42.0/24 maxlen: 24
                          217.109.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b4:35:21:17:a3:91:e4:95:4e:05:6d:a0:6e:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ada936ffe48f375bda088700c889a048f15ae5e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7d:0f:22:01:a0:f8:ec:c1:aa:8b:82:2b:8b:
                    b5:7b:59:ec:fd:02:4e:0c:ed:86:eb:6d:dd:08:0b:
                    8f:00:65:3b:bf:ba:fb:67:68:41:0f:e0:9f:c0:73:
                    05:42:e7:5d:9a:3f:77:3c:96:a4:1b:c0:05:c0:4d:
                    df:dd:ce:a0:ba:69:fd:ac:c7:d8:4a:0c:13:66:f9:
                    bd:9e:fe:1a:e4:5b:24:a6:f0:f4:da:cf:a3:2b:b7:
                    e1:d4:52:1d:cd:a0:76:2d:96:e4:a7:e2:5f:b1:50:
                    d8:7f:3f:29:57:85:8e:f0:f6:43:35:f7:fb:36:c1:
                    65:df:87:35:d0:18:80:69:48:40:24:0f:32:a5:99:
                    e1:f9:d2:da:47:c9:af:a9:8b:5b:8a:f4:7f:97:1b:
                    7a:df:7e:8b:ab:9d:88:fe:78:83:7b:46:10:9f:cd:
                    49:f4:e1:08:9d:d8:63:17:b0:38:87:f2:77:10:ec:
                    2d:4a:40:b3:c5:f7:62:2b:5c:56:f1:1b:64:32:f4:
                    97:bb:1f:e9:ba:7f:e1:71:7f:b6:79:32:f4:9d:a9:
                    8c:b6:f0:b6:ea:19:df:e3:55:60:6c:8f:e1:ee:7c:
                    71:8d:55:13:aa:d6:36:48:1b:fe:65:38:8e:b7:fc:
                    63:8c:b8:4b:44:ed:fd:2d:b2:1d:4d:7f:5c:4b:b8:
                    50:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:A9:36:FF:E4:8F:37:5B:DA:08:87:00:C8:89:A0:48:F1:5A:E5:E3
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/rak2_-SPN1vaCIcAyImgSPFa5eM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.2.42.0/24
                  217.109.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:71:c6:98:ed:41:58:84:ce:5b:d1:ae:cd:5b:32:5f:20:3b:
         62:dc:62:ab:41:14:a9:7d:6e:19:a6:12:81:db:83:51:c1:a1:
         74:b8:d0:71:bf:ec:30:47:98:22:34:ed:94:5c:f3:bd:d7:51:
         ad:ec:2b:c4:95:90:bb:9d:27:32:48:0e:ce:a1:13:b1:9c:94:
         6b:5e:4e:92:97:e4:33:a5:39:55:50:aa:19:bf:e7:cf:a1:3c:
         b2:71:64:46:3b:d1:62:69:15:85:70:f3:9f:eb:b7:24:3a:87:
         44:29:59:2e:08:01:2d:c0:07:b6:74:52:0b:67:bd:c1:04:f8:
         d4:09:bc:bf:2b:97:c4:bc:41:16:51:23:41:48:38:a0:90:ca:
         74:98:63:2d:9a:59:88:f5:f9:9d:e5:f2:50:16:58:b6:33:26:
         33:9a:0f:4d:e9:ce:e0:36:63:21:38:d0:e8:97:e1:49:a5:db:
         92:a4:a9:50:02:b4:66:51:f3:32:d8:a2:ed:c9:81:88:f5:e6:
         3b:d0:37:3f:70:38:d7:82:66:92:b8:df:60:14:17:6a:95:05:
         e7:3c:b7:77:a4:79:e0:11:91:41:70:af:45:13:c0:d3:0b:c7:
         32:46:8a:9b:b0:2c:29:69:68:05:02:f0:e6:12:ba:30:27:98:
         49:cc:de:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1bQ1IRejkeSVTgVtoG4NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGE5MzZmZmU0OGYzNzViZGEwODg3MDBjODg5YTA0OGYxNWFlNWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnn0PIgGg+OzBqouCK4u1e1ns/QJO
DO2G623dCAuPAGU7v7r7Z2hBD+CfwHMFQuddmj93PJakG8AFwE3f3c6gumn9rMfY
SgwTZvm9nv4a5FskpvD02s+jK7fh1FIdzaB2LZbkp+JfsVDYfz8pV4WO8PZDNff7
NsFl34c10BiAaUhAJA8ypZnh+dLaR8mvqYtbivR/lxt6336Lq52I/niDe0YQn81J
9OEIndhjF7A4h/J3EOwtSkCzxfdiK1xW8RtkMvSXux/pun/hcX+2eTL0namMtvC2
6hnf41VgbI/h7nxxjVUTqtY2SBv+ZTiOt/xjjLhLRO39LbIdTX9cS7hQ3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK2pNv/kjzdb2giHAMiJoEjxWuXjMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvcmFrMl8tU1BOMXZhQ0ljQXlJbWdTUEZhNWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwgIqAwQA
2W1sMA0GCSqGSIb3DQEBCwUAA4IBAQBwccaY7UFYhM5b0a7NWzJfIDti3GKrQRSp
fW4ZphKB24NRwaF0uNBxv+wwR5giNO2UXPO911Gt7CvElZC7nScySA7OoROxnJRr
Xk6Sl+QzpTlVUKoZv+fPoTyycWRGO9FiaRWFcPOf67ckOodEKVkuCAEtwAe2dFIL
Z73BBPjUCby/K5fEvEEWUSNBSDigkMp0mGMtmlmI9fmd5fJQFli2MyYzmg9N6c7g
NmMhONDol+FJpduSpKlQArRmUfMy2KLtyYGI9eY70Dc/cDjXgmaSuN9gFBdqlQXn
PLd3pHngEZFBcK9FE8DTC8cyRoqbsCwpaWgFAvDmErowJ5hJzN67
-----END CERTIFICATE-----