Route Origin Authorization

$ rpki-client -vvf oto.wakuwaku.ne.jp/pki/h/1/3138352e3135352e37352e302f32342d3234203d3e20343031313131.roa
File:                     3138352e3135352e37352e302f32342d3234203d3e20343031313131.roa (raw, json)
Hash identifier:          uhXg7HiAH00dEF+qcgUt9njN9aF40ik90XQbAU9+1vA=
Subject key identifier:   A0:AC:6E:DB:49:C6:BA:E3:1E:5A:9C:51:AF:0C:3D:BA:07:CE:E1:67
Certificate issuer:       /CN=4c02f93c2587dc82366b50606fe4852e4f7a1abe
Certificate serial:       78F0705B1BCC6833B61D1DC5DDFE40F3A6615903
Authority key identifier: 4C:02:F9:3C:25:87:DC:82:36:6B:50:60:6F:E4:85:2E:4F:7A:1A:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TAL5PCWH3II2a1Bgb-SFLk96Gr4.cer
Subject info access:      rsync://oto.wakuwaku.ne.jp/pki/h/1/3138352e3135352e37352e302f32342d3234203d3e20343031313131.roa
Signing time:             Mon 25 Nov 2024 21:19:12 +0000
ROA not before:           Mon 25 Nov 2024 21:14:12 +0000
ROA not after:            Mon 24 Nov 2025 21:19:12 +0000
asID:                     401111
IP address blocks:        185.155.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://oto.wakuwaku.ne.jp/pki/h/1/4C02F93C2587DC82366B50606FE4852E4F7A1ABE.crl
                          rsync://oto.wakuwaku.ne.jp/pki/h/1/4C02F93C2587DC82366B50606FE4852E4F7A1ABE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TAL5PCWH3II2a1Bgb-SFLk96Gr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 22:23:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:f0:70:5b:1b:cc:68:33:b6:1d:1d:c5:dd:fe:40:f3:a6:61:59:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c02f93c2587dc82366b50606fe4852e4f7a1abe
        Validity
            Not Before: Nov 25 21:14:12 2024 GMT
            Not After : Nov 24 21:19:12 2025 GMT
        Subject: CN=A0AC6EDB49C6BAE31E5A9C51AF0C3DBA07CEE167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f0:64:f3:a3:84:9d:be:ca:18:67:84:1f:87:
                    79:1c:1b:7d:f7:4a:c1:dc:09:e7:ad:c2:39:ce:9d:
                    84:a1:b3:16:51:c2:fd:a3:6b:e1:dd:3c:a2:56:d1:
                    8e:b7:5a:ed:e2:f2:60:cf:23:6c:1f:52:e3:a6:0f:
                    96:db:f7:2c:62:6c:da:19:05:79:dd:3f:4b:e6:8e:
                    88:a1:20:6e:3a:ab:a1:8d:50:85:3e:9a:91:7d:fa:
                    ce:db:46:b0:b1:1c:23:6c:2e:6d:e6:b5:fe:a8:20:
                    3a:ca:fd:b2:56:0a:b8:df:e1:4f:7b:d2:69:49:e5:
                    52:85:f6:98:69:e2:09:f2:5b:4b:6a:d4:90:96:73:
                    87:e7:4b:52:23:ad:90:7a:ab:f2:58:22:3f:69:f1:
                    b1:b0:56:97:e7:28:1d:92:38:a6:67:fb:c4:ff:f1:
                    35:39:e2:2a:3f:5a:e2:12:64:88:36:8f:f7:45:7f:
                    ff:f3:17:0f:9c:47:4c:6d:01:ad:53:76:f2:6e:a8:
                    8c:3c:02:63:a5:1b:a6:34:6b:8e:be:55:3e:28:74:
                    39:2e:66:ae:42:ef:94:f7:7b:21:b6:07:9f:81:22:
                    9f:41:17:1c:ea:69:cf:2d:50:f8:87:5f:7d:11:62:
                    2e:41:3d:24:97:d0:8a:dd:82:53:d2:00:f7:ea:0d:
                    28:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:AC:6E:DB:49:C6:BA:E3:1E:5A:9C:51:AF:0C:3D:BA:07:CE:E1:67
            X509v3 Authority Key Identifier:
                keyid:4C:02:F9:3C:25:87:DC:82:36:6B:50:60:6F:E4:85:2E:4F:7A:1A:BE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://oto.wakuwaku.ne.jp/pki/h/1/4C02F93C2587DC82366B50606FE4852E4F7A1ABE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TAL5PCWH3II2a1Bgb-SFLk96Gr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://oto.wakuwaku.ne.jp/pki/h/1/3138352e3135352e37352e302f32342d3234203d3e20343031313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:c7:1c:af:0c:72:76:9d:12:2b:62:3f:10:f8:90:9d:ad:e4:
         32:60:ee:12:04:1c:4f:d0:d0:f1:95:d7:dc:89:86:af:af:46:
         1d:71:2c:87:f3:61:db:1c:f6:b9:1d:90:89:71:b3:1d:7e:57:
         1d:23:b4:c5:dd:c2:5b:4b:e8:04:0f:a0:b2:d4:88:ad:36:53:
         2d:60:42:51:09:3f:6b:59:49:54:fc:e4:e2:b4:42:69:35:ba:
         a0:36:8e:1f:48:7b:74:95:1d:b9:7e:ed:29:08:ef:3f:36:c2:
         a5:fd:20:71:3e:5d:52:f9:9b:b8:1f:72:52:8a:6f:16:c6:1c:
         4f:e6:5d:92:10:3f:f5:d2:b6:bf:64:c0:66:a4:08:fd:c6:7f:
         71:47:83:bd:b7:be:e4:2c:f2:be:71:a4:a7:4a:8f:83:ca:bd:
         69:4f:3f:b1:a7:fb:30:82:ad:ef:0c:2b:30:a4:e4:a2:af:f0:
         f7:6c:c4:60:2a:ca:9d:c1:e8:5b:d5:83:7c:ec:e1:94:be:01:
         49:64:40:a7:47:f9:db:66:b7:7d:d7:5a:07:89:d4:cd:fa:54:
         c8:c2:31:2b:ab:7b:7c:05:4f:c5:fd:f7:08:eb:8f:82:08:6c:
         52:7f:90:f3:c8:1c:f4:3b:72:14:1b:58:dc:cf:88:6d:3c:84:
         be:00:d5:95
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUePBwWxvMaDO2HR3F3f5A86ZhWQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMwMmY5M2MyNTg3ZGM4MjM2NmI1MDYwNmZlNDg1MmU0
ZjdhMWFiZTAeFw0yNDExMjUyMTE0MTJaFw0yNTExMjQyMTE5MTJaMDMxMTAvBgNV
BAMTKEEwQUM2RURCNDlDNkJBRTMxRTVBOUM1MUFGMEMzREJBMDdDRUUxNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi8GTzo4SdvsoYZ4Qfh3kcG333
SsHcCeetwjnOnYShsxZRwv2ja+HdPKJW0Y63Wu3i8mDPI2wfUuOmD5bb9yxibNoZ
BXndP0vmjoihIG46q6GNUIU+mpF9+s7bRrCxHCNsLm3mtf6oIDrK/bJWCrjf4U97
0mlJ5VKF9php4gnyW0tq1JCWc4fnS1IjrZB6q/JYIj9p8bGwVpfnKB2SOKZn+8T/
8TU54io/WuISZIg2j/dFf//zFw+cR0xtAa1TdvJuqIw8AmOlG6Y0a46+VT4odDku
Zq5C75T3eyG2B5+BIp9BFxzqac8tUPiHX30RYi5BPSSX0IrdglPSAPfqDSiLAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUoKxu20nGuuMeWpxRrww9ugfO4WcwHwYDVR0j
BBgwFoAUTAL5PCWH3II2a1Bgb+SFLk96Gr4wDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vb3RvLndha3V3YWt1Lm5lLmpwL3BraS9oLzEv
NEMwMkY5M0MyNTg3REM4MjM2NkI1MDYwNkZFNDg1MkU0RjdBMUFCRS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1RBTDVQQ1dIM0lJMmExQmdiLVNGTGs5NkdyNC5j
ZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL290by53YWt1
d2FrdS5uZS5qcC9wa2kvaC8xLzMxMzgzNTJlMzEzNTM1MmUzNzM1MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzMDMxMzEzMTMxLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZtLMA0GCSqG
SIb3DQEBCwUAA4IBAQCYxxyvDHJ2nRIrYj8Q+JCdreQyYO4SBBxP0NDxldfciYav
r0YdcSyH82HbHPa5HZCJcbMdflcdI7TF3cJbS+gED6Cy1IitNlMtYEJRCT9rWUlU
/OTitEJpNbqgNo4fSHt0lR25fu0pCO8/NsKl/SBxPl1S+Zu4H3JSim8WxhxP5l2S
ED/10ra/ZMBmpAj9xn9xR4O9t77kLPK+caSnSo+Dyr1pTz+xp/swgq3vDCswpOSi
r/D3bMRgKsqdwehb1YN87OGUvgFJZECnR/nbZrd911oHidTN+lTIwjErq3t8BU/F
/fcI64+CCGxSf5DzyBz0O3IUG1jcz4htPIS+ANWV
-----END CERTIFICATE-----