Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS134098.roa
File:                     AS134098.roa (raw, json)
Hash identifier:          KOsZawpKdGIWFoh4yh3MsIuIU1BN5CC29mnX3TyzkcE=
Subject key identifier:   18:37:95:0A:A8:7D:79:93:34:6C:6E:E4:DF:C4:AC:D1:81:38:90:39
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       09E6E2DAE69D6A13BB5AA8CB91508B3F89A08813
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS134098.roa
Signing time:             Wed 20 Nov 2024 21:30:34 +0000
ROA not before:           Wed 20 Nov 2024 21:25:34 +0000
ROA not after:            Wed 19 Nov 2025 21:30:34 +0000
asID:                     134098
IP address blocks:        2a0b:4340:520::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:e6:e2:da:e6:9d:6a:13:bb:5a:a8:cb:91:50:8b:3f:89:a0:88:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Nov 20 21:25:34 2024 GMT
            Not After : Nov 19 21:30:34 2025 GMT
        Subject: CN=1837950AA87D7993346C6EE4DFC4ACD181389039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:3c:c3:34:5e:af:5c:9a:2f:4f:64:01:fb:52:
                    58:4c:8a:cc:39:ed:e9:6c:16:26:96:bf:8a:32:cd:
                    c0:a6:8d:9c:e6:21:00:ca:29:ea:e3:ab:a2:27:d7:
                    e2:19:cd:64:64:77:49:f3:d5:cb:3d:c5:c9:25:25:
                    5f:9e:84:b5:85:4a:9d:13:b3:75:f3:72:7e:21:73:
                    d6:e9:67:a0:c8:40:2f:02:33:25:7e:0f:88:94:9d:
                    af:71:15:0e:2d:46:0d:08:e2:6a:33:57:3d:bd:78:
                    42:da:3d:66:00:07:c3:07:8e:c3:dd:f7:86:93:e8:
                    bd:22:56:30:75:f4:34:8d:96:6b:31:9c:8f:a6:22:
                    30:de:c9:e0:c7:91:d4:38:df:07:33:c8:9e:54:33:
                    b6:fe:fb:53:c0:20:28:c9:a6:90:db:f9:cf:fb:8d:
                    a3:74:95:56:81:ce:28:87:12:db:2c:7a:27:7a:b5:
                    b0:4a:00:26:1d:a1:19:15:db:60:54:db:de:f8:30:
                    7f:84:45:6e:8b:c2:76:9d:6c:81:8c:a1:51:27:17:
                    a8:cb:17:57:69:b5:03:5b:6c:42:50:b5:cf:7b:79:
                    87:64:88:f3:e2:fd:01:8a:8e:44:ef:53:6c:27:d7:
                    fe:79:e1:e5:8d:b5:d1:9c:e1:cd:a8:23:7d:b8:db:
                    31:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:37:95:0A:A8:7D:79:93:34:6C:6E:E4:DF:C4:AC:D1:81:38:90:39
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS134098.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4340:520::/44

    Signature Algorithm: sha256WithRSAEncryption
         31:ae:a6:3c:32:e9:ac:8f:ca:e6:b0:6b:72:87:0b:0c:5b:d5:
         06:7a:8b:f1:91:19:99:6d:00:32:c4:32:21:1b:f4:a7:5c:6a:
         b6:e6:1f:f3:33:fb:f4:1a:94:1d:2d:5c:9b:30:1b:b9:83:f5:
         59:31:7d:a2:93:a1:92:f7:79:10:c8:6e:fe:77:78:03:41:af:
         2c:90:f4:43:5e:8d:81:d7:d6:8a:5a:1d:d5:62:b5:bd:a1:ec:
         fc:17:ea:51:b1:83:cd:db:66:92:c3:7b:d7:9b:f5:b9:64:b7:
         b4:8d:85:fe:30:19:24:51:21:b5:89:96:0c:ac:fd:5c:5e:3a:
         de:c4:74:5c:23:c8:3d:fe:28:00:21:a0:9b:6b:cc:8c:21:e0:
         c4:a0:c9:17:36:3c:4e:06:02:07:72:50:d4:cd:34:39:03:55:
         dc:ef:b6:9c:03:5a:28:02:47:fe:4e:04:f6:b1:f1:6d:60:04:
         98:46:00:35:fa:99:fd:15:72:7b:fd:ed:8e:40:1a:d9:f9:a1:
         e0:f1:3c:e8:93:7c:dd:2b:59:90:0f:fc:06:85:ff:41:5f:30:
         4d:37:8e:72:55:cc:81:c5:e6:0f:51:0d:f5:5c:b7:79:46:aa:
         b4:c9:c9:24:61:e5:d2:bb:ef:23:b8:e5:7f:15:89:69:ee:66:
         43:21:cf:98
-----BEGIN CERTIFICATE-----
MIIEnzCCA4egAwIBAgIUCebi2uadahO7WqjLkVCLP4mgiBMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDExMjAyMTI1MzRaFw0yNTExMTkyMTMwMzRaMDMxMTAvBgNV
BAMTKDE4Mzc5NTBBQTg3RDc5OTMzNDZDNkVFNERGQzRBQ0QxODEzODkwMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrPMM0Xq9cmi9PZAH7UlhMisw5
7elsFiaWv4oyzcCmjZzmIQDKKerjq6In1+IZzWRkd0nz1cs9xcklJV+ehLWFSp0T
s3Xzcn4hc9bpZ6DIQC8CMyV+D4iUna9xFQ4tRg0I4mozVz29eELaPWYAB8MHjsPd
94aT6L0iVjB19DSNlmsxnI+mIjDeyeDHkdQ43wczyJ5UM7b++1PAICjJppDb+c/7
jaN0lVaBziiHEtsseid6tbBKACYdoRkV22BU2974MH+ERW6LwnadbIGMoVEnF6jL
F1dptQNbbEJQtc97eYdkiPPi/QGKjkTvU2wn1/554eWNtdGc4c2oI3242zGrAgMB
AAGjggGpMIIBpTAdBgNVHQ4EFgQUGDeVCqh9eZM0bG7k38Ss0YE4kDkwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMxMzQwOTgucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqC0NABSAw
DQYJKoZIhvcNAQELBQADggEBADGupjwy6ayPyuawa3KHCwxb1QZ6i/GRGZltADLE
MiEb9KdcarbmH/Mz+/QalB0tXJswG7mD9VkxfaKToZL3eRDIbv53eANBryyQ9ENe
jYHX1opaHdVitb2h7PwX6lGxg83bZpLDe9eb9blkt7SNhf4wGSRRIbWJlgys/Vxe
Ot7EdFwjyD3+KAAhoJtrzIwh4MSgyRc2PE4GAgdyUNTNNDkDVdzvtpwDWigCR/5O
BPax8W1gBJhGADX6mf0Vcnv97Y5AGtn5oeDxPOiTfN0rWZAP/AaF/0FfME03jnJV
zIHF5g9RDfVct3lGqrTJySRh5dK77yO45X8ViWnuZkMhz5g=
-----END CERTIFICATE-----