Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS134098.roa
File:                     AS134098.roa (raw, json)
Hash identifier:          cmv6lLnVDzHLFzZUS45TUwJvjVSYKll0W+PlJ5T2fAQ=
Subject key identifier:   09:52:7A:B9:6D:D8:A6:81:AC:F1:C6:99:0F:30:59:EC:C6:5A:B8:FF
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       6AFA272EB28D29059FE605B9522D9BF872119CC1
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS134098.roa
Signing time:             Wed 20 Dec 2023 21:30:09 +0000
ROA not before:           Wed 20 Dec 2023 21:25:09 +0000
ROA not after:            Wed 18 Dec 2024 21:30:09 +0000
asID:                     134098
IP address blocks:        2a0b:4340:520::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:fa:27:2e:b2:8d:29:05:9f:e6:05:b9:52:2d:9b:f8:72:11:9c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Dec 20 21:25:09 2023 GMT
            Not After : Dec 18 21:30:09 2024 GMT
        Subject: CN=09527AB96DD8A681ACF1C6990F3059ECC65AB8FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:18:52:30:6e:c6:4d:b5:5c:89:22:02:a1:e9:
                    ab:fe:f0:2c:6c:31:87:3c:83:ec:e3:fb:ba:4a:ba:
                    ea:cd:fd:49:23:b0:a7:68:91:b2:29:0d:72:7d:21:
                    23:7a:76:42:0d:06:77:38:2e:f1:4b:94:28:57:37:
                    90:55:57:e1:92:d9:f9:cd:aa:14:6f:ed:ec:7c:66:
                    82:e5:a4:2d:66:1b:4d:ec:75:0b:4e:fa:b2:3d:c8:
                    2e:cb:68:a6:a5:71:cb:55:fc:7e:e2:6e:96:28:3e:
                    6e:d6:e1:03:9d:59:5d:36:3e:a8:56:56:c3:5a:2e:
                    b5:8d:10:99:d0:37:85:79:90:59:20:10:e1:94:02:
                    46:59:c0:e7:10:48:6e:1b:f3:d1:82:19:d3:d4:5d:
                    2f:98:95:68:d6:0c:00:7a:64:f2:a6:42:ce:3f:3a:
                    c0:86:5c:8d:9f:ee:ae:34:2b:9d:f1:84:40:2b:8c:
                    01:e7:f4:82:44:bd:21:cd:64:fb:4b:57:ce:e4:f1:
                    bb:72:32:62:95:aa:80:ee:75:9a:d2:b9:5d:d7:30:
                    36:40:c6:1c:73:6a:b1:6d:ec:13:46:ca:48:f0:4d:
                    b0:b1:39:ce:6b:80:e0:84:10:5d:42:02:a0:58:f9:
                    d9:07:07:ce:21:8f:4b:51:d8:37:45:cc:e2:77:25:
                    1d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:52:7A:B9:6D:D8:A6:81:AC:F1:C6:99:0F:30:59:EC:C6:5A:B8:FF
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS134098.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4340:520::/44

    Signature Algorithm: sha256WithRSAEncryption
         29:ba:e0:ae:63:f7:d1:ae:6a:59:88:84:f1:d5:bc:b2:ba:f6:
         37:93:ec:ca:cd:27:e7:9b:e3:26:dd:f6:47:26:a9:25:d7:45:
         05:68:e6:32:cf:f8:f5:70:60:0c:48:29:68:65:4e:a5:2c:b5:
         3c:93:b1:87:bc:9c:14:13:78:94:a7:b0:27:4b:89:d2:c7:6d:
         ce:52:d5:64:48:49:8e:37:53:9d:c8:6b:9c:49:58:ad:77:d4:
         e1:3e:25:a7:76:54:ff:fc:6e:26:d8:72:65:0e:c1:d9:8c:76:
         c3:37:cc:18:5f:d6:7d:40:f6:6b:d4:bc:ac:f8:9b:10:95:63:
         e7:fb:ba:70:79:2b:d9:19:9c:0c:a7:bc:6d:43:bd:6c:62:64:
         02:b3:32:23:0e:06:f0:5f:52:46:7f:77:ae:58:3a:09:6b:40:
         32:4d:10:96:72:0a:dd:df:dd:89:6a:bb:3b:2b:16:bb:64:85:
         31:54:40:86:c8:da:81:a1:fa:05:13:11:af:f2:47:ea:85:34:
         84:1a:87:a7:dd:05:9d:2b:fd:32:69:1b:36:7a:d7:b2:a9:4f:
         7b:5f:17:26:25:11:69:8b:2b:e4:53:31:94:3a:75:3e:2d:a6:
         06:34:a0:fe:8c:40:1d:05:47:a0:c6:da:8b:f1:dc:b7:ba:64:
         dc:d2:02:b5
-----BEGIN CERTIFICATE-----
MIIEnzCCA4egAwIBAgIUavonLrKNKQWf5gW5Ui2b+HIRnMEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yMzEyMjAyMTI1MDlaFw0yNDEyMTgyMTMwMDlaMDMxMTAvBgNV
BAMTKDA5NTI3QUI5NkREOEE2ODFBQ0YxQzY5OTBGMzA1OUVDQzY1QUI4RkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYGFIwbsZNtVyJIgKh6av+8Cxs
MYc8g+zj+7pKuurN/UkjsKdokbIpDXJ9ISN6dkINBnc4LvFLlChXN5BVV+GS2fnN
qhRv7ex8ZoLlpC1mG03sdQtO+rI9yC7LaKalcctV/H7ibpYoPm7W4QOdWV02PqhW
VsNaLrWNEJnQN4V5kFkgEOGUAkZZwOcQSG4b89GCGdPUXS+YlWjWDAB6ZPKmQs4/
OsCGXI2f7q40K53xhEArjAHn9IJEvSHNZPtLV87k8btyMmKVqoDudZrSuV3XMDZA
xhxzarFt7BNGykjwTbCxOc5rgOCEEF1CAqBY+dkHB84hj0tR2DdFzOJ3JR1vAgMB
AAGjggGpMIIBpTAdBgNVHQ4EFgQUCVJ6uW3YpoGs8caZDzBZ7MZauP8wHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMxMzQwOTgucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqC0NABSAw
DQYJKoZIhvcNAQELBQADggEBACm64K5j99GualmIhPHVvLK69jeT7MrNJ+eb4ybd
9kcmqSXXRQVo5jLP+PVwYAxIKWhlTqUstTyTsYe8nBQTeJSnsCdLidLHbc5S1WRI
SY43U53Ia5xJWK131OE+Jad2VP/8bibYcmUOwdmMdsM3zBhf1n1A9mvUvKz4mxCV
Y+f7unB5K9kZnAynvG1DvWxiZAKzMiMOBvBfUkZ/d65YOglrQDJNEJZyCt3f3Ylq
uzsrFrtkhTFUQIbI2oGh+gUTEa/yR+qFNIQah6fdBZ0r/TJpGzZ617KpT3tfFyYl
EWmLK+RTMZQ6dT4tpgY0oP6MQB0FR6DG2ovx3Le6ZNzSArU=
-----END CERTIFICATE-----