Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS131477.roa
File:                     AS131477.roa (raw, json)
Hash identifier:          RxHNDs6yDkaFTTOU+Qv5SIwE5EGq3dMyWCZlE/Nh4/4=
Subject key identifier:   D2:77:4E:AE:97:2E:0B:59:DC:0B:25:E1:C2:33:A9:C1:5F:1D:45:C4
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       6005767C788CA1ED9B4B13FDB2FAEBB131AAA2CF
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS131477.roa
Signing time:             Wed 20 Nov 2024 21:30:31 +0000
ROA not before:           Wed 20 Nov 2024 21:25:31 +0000
ROA not after:            Wed 19 Nov 2025 21:30:31 +0000
asID:                     131477
IP address blocks:        2a0b:4340:530::/44 maxlen: 48
                          2a0b:4340:540::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:05:76:7c:78:8c:a1:ed:9b:4b:13:fd:b2:fa:eb:b1:31:aa:a2:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Nov 20 21:25:31 2024 GMT
            Not After : Nov 19 21:30:31 2025 GMT
        Subject: CN=D2774EAE972E0B59DC0B25E1C233A9C15F1D45C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:dd:82:a1:f1:90:aa:25:c8:33:93:bd:ea:1b:
                    ff:7e:91:75:f4:b2:46:da:8d:32:5b:01:68:c5:33:
                    62:72:81:e6:b6:ce:2d:9d:be:15:86:7a:f6:9b:9a:
                    8f:16:a8:b8:e0:83:a6:1f:2b:13:f4:c8:9a:0e:92:
                    28:b6:b7:ec:bd:9f:9e:be:de:a2:eb:07:25:43:f9:
                    75:ab:17:24:59:ae:79:2c:49:18:0b:81:da:a8:e2:
                    f3:c7:6b:0f:20:52:2c:79:03:11:15:52:66:cd:2f:
                    26:60:10:4a:ff:31:94:91:c0:d2:06:2a:07:7b:e4:
                    7f:2f:99:53:c2:5e:ca:37:ec:cb:4c:b4:07:0e:e0:
                    ec:14:4f:3f:1a:d5:3b:64:11:12:82:cb:22:65:1d:
                    7e:1a:15:89:45:7e:6f:5f:1e:e1:20:c5:b1:6e:32:
                    1a:ab:3a:4a:11:93:53:5f:37:a0:a6:e5:c1:4f:6f:
                    9b:35:d1:4c:3f:1b:b3:05:89:56:64:e4:f4:e6:8c:
                    3f:d3:95:eb:9b:13:db:e7:2f:f3:2a:47:c2:fa:26:
                    c2:a3:57:8e:ed:5b:c0:70:a6:e5:25:27:88:cb:8c:
                    02:29:d4:11:bf:ed:89:6f:a1:c8:8c:99:30:7a:b4:
                    5c:12:f1:4a:d0:96:3a:8d:b2:17:af:9b:18:8c:af:
                    72:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:77:4E:AE:97:2E:0B:59:DC:0B:25:E1:C2:33:A9:C1:5F:1D:45:C4
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS131477.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4340:530::-2a0b:4340:54f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         4f:cf:a1:d3:01:ab:d1:ca:c8:5e:93:5a:45:f5:ab:dd:3f:b2:
         71:dc:30:62:70:8a:b0:01:b1:df:b8:b7:44:21:a8:76:59:14:
         f0:1e:30:4b:f4:8c:a3:10:48:0e:f8:a6:a3:f2:98:5b:11:7c:
         86:f1:2d:8c:ab:2e:87:06:f7:f5:fa:dc:38:35:76:1a:0e:57:
         01:d6:23:a5:b0:dc:6e:49:2d:46:07:74:8c:af:3f:89:f3:df:
         97:cb:62:39:68:8e:45:c6:c6:52:9d:48:46:82:d0:86:bb:fa:
         f0:86:3a:92:75:17:2b:e3:18:2d:b5:d2:3a:4b:3b:a2:6e:89:
         85:1c:07:9d:84:65:68:f2:b1:38:71:b6:c8:5a:ef:39:33:2e:
         e2:b2:26:c9:42:c0:9d:46:d6:dd:61:0b:9c:6d:3d:76:ba:1c:
         9d:80:8a:24:14:87:70:17:12:4a:5b:28:2a:66:c3:28:e9:74:
         08:80:cd:00:76:37:c7:92:d5:6b:6a:be:fd:c1:f5:f4:80:63:
         cf:2c:f1:bc:ed:05:5c:fb:b4:cd:60:73:c7:71:3f:dd:fa:9e:
         d3:cb:0d:60:c1:db:ef:01:9f:2c:32:f1:d4:0c:f5:de:6d:12:
         10:ce:a9:19:06:91:25:c0:e9:eb:f7:12:3f:95:8e:bf:54:ca:
         b8:84:fc:ff
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIUYAV2fHiMoe2bSxP9svrrsTGqos8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDExMjAyMTI1MzFaFw0yNTExMTkyMTMwMzFaMDMxMTAvBgNV
BAMTKEQyNzc0RUFFOTcyRTBCNTlEQzBCMjVFMUMyMzNBOUMxNUYxRDQ1QzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa3YKh8ZCqJcgzk73qG/9+kXX0
skbajTJbAWjFM2Jygea2zi2dvhWGevabmo8WqLjgg6YfKxP0yJoOkii2t+y9n56+
3qLrByVD+XWrFyRZrnksSRgLgdqo4vPHaw8gUix5AxEVUmbNLyZgEEr/MZSRwNIG
Kgd75H8vmVPCXso37MtMtAcO4OwUTz8a1TtkERKCyyJlHX4aFYlFfm9fHuEgxbFu
MhqrOkoRk1NfN6Cm5cFPb5s10Uw/G7MFiVZk5PTmjD/TleubE9vnL/MqR8L6JsKj
V47tW8BwpuUlJ4jLjAIp1BG/7YlvociMmTB6tFwS8UrQljqNshevmxiMr3JPAgMB
AAGjggG0MIIBsDAdBgNVHQ4EFgQU0ndOrpcuC1ncCyXhwjOpwV8dRcQwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMxMzE0Nzcucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwLQYIKwYBBQUHAQcBAf8EHjAcMBoEAgACMBQwEgMHBCoLQ0AF
MAMHBCoLQ0AFQDANBgkqhkiG9w0BAQsFAAOCAQEAT8+h0wGr0crIXpNaRfWr3T+y
cdwwYnCKsAGx37i3RCGodlkU8B4wS/SMoxBIDvimo/KYWxF8hvEtjKsuhwb39frc
ODV2Gg5XAdYjpbDcbkktRgd0jK8/ifPfl8tiOWiORcbGUp1IRoLQhrv68IY6knUX
K+MYLbXSOks7om6JhRwHnYRlaPKxOHG2yFrvOTMu4rImyULAnUbW3WELnG09droc
nYCKJBSHcBcSSlsoKmbDKOl0CIDNAHY3x5LVa2q+/cH19IBjzyzxvO0FXPu0zWBz
x3E/3fqe08sNYMHb7wGfLDLx1Az13m0SEM6pGQaRJcDp6/cSP5WOv1TKuIT8/w==
-----END CERTIFICATE-----