Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS134575.roa
File:                     AS134575.roa (raw, json)
Hash identifier:          RUmDEE2oHg60qa/QVLRMjChmEAylQr54i5xZ84H8RIo=
Subject key identifier:   7D:6E:BC:09:ED:C2:80:7A:D2:97:DD:2A:48:96:A6:C7:7B:9E:D1:F6
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       72BB8ED77D0D935B4AAE9DF34F26FEB2DBEB8117
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS134575.roa
Signing time:             Wed 20 Nov 2024 21:30:36 +0000
ROA not before:           Wed 20 Nov 2024 21:25:36 +0000
ROA not after:            Wed 19 Nov 2025 21:30:36 +0000
asID:                     134575
IP address blocks:        2a0b:4340:a1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:bb:8e:d7:7d:0d:93:5b:4a:ae:9d:f3:4f:26:fe:b2:db:eb:81:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Nov 20 21:25:36 2024 GMT
            Not After : Nov 19 21:30:36 2025 GMT
        Subject: CN=7D6EBC09EDC2807AD297DD2A4896A6C77B9ED1F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:07:0b:de:bb:61:c3:18:89:28:3f:c4:30:8b:
                    ad:a8:01:ab:42:a2:fb:ee:ac:a2:9a:2a:15:9a:51:
                    fb:ff:f4:b6:99:8d:4a:e7:e1:31:6a:3b:0e:ae:a3:
                    bd:8f:83:6c:78:44:26:cb:5c:84:c5:d6:29:b9:d2:
                    8a:a2:33:5f:d2:52:3f:7c:1a:d7:cb:00:62:2e:aa:
                    17:3c:66:02:5d:b5:48:7f:6e:3c:02:35:14:96:d5:
                    6c:08:8f:ee:a9:63:9d:fb:20:94:12:04:b4:5a:2d:
                    46:17:55:03:d0:30:40:0e:32:a9:04:d6:f7:f3:b0:
                    ad:af:0a:94:c7:80:ec:c9:6c:e5:8c:80:5d:06:44:
                    19:01:08:c6:ae:5e:70:37:0b:79:b7:6c:3c:29:41:
                    e7:5a:e2:04:17:62:f4:08:d4:af:ce:77:09:ba:e5:
                    02:a3:9c:08:46:8d:37:5c:9a:c9:1e:11:60:ec:45:
                    ff:27:50:90:13:91:01:3c:1c:13:57:e7:f9:ca:35:
                    5e:fb:9a:09:bc:04:45:7d:a6:20:e9:af:05:92:5f:
                    b1:24:da:23:b1:71:1d:04:74:64:e7:59:9c:58:df:
                    ca:07:99:6a:b2:d1:ad:d6:e1:9b:9c:37:45:5c:84:
                    2c:63:5e:e7:b0:c9:bd:a8:aa:30:3c:b1:77:ed:b3:
                    ac:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:6E:BC:09:ED:C2:80:7A:D2:97:DD:2A:48:96:A6:C7:7B:9E:D1:F6
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS134575.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4340:a1::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:2d:0f:f9:54:9a:6c:71:a7:9d:a2:c5:1e:ab:22:5c:74:d2:
         7a:c9:f8:70:9a:44:b3:45:7b:3d:4f:9b:6c:c8:d3:d1:00:c2:
         32:ab:24:71:2f:71:20:39:9f:bf:2c:51:be:e8:7b:15:f6:b6:
         47:cd:4d:73:df:db:a7:e7:4e:57:e5:e7:1e:78:e9:f4:be:b1:
         bb:df:f6:f6:77:88:22:b3:9b:07:1f:75:b5:ac:26:40:5a:27:
         f0:e0:be:9d:af:97:a2:35:32:fb:e6:f9:53:7e:88:26:1f:03:
         28:93:66:65:84:bc:ab:eb:36:52:d5:92:0f:1e:18:07:a0:c0:
         35:f5:12:70:44:80:58:29:5b:09:1a:8a:bd:69:bf:5f:2d:e2:
         c1:98:1e:4c:25:0c:96:45:29:d9:53:b5:b0:e6:bc:eb:08:c5:
         21:ad:80:de:8b:b5:1b:b8:88:69:b3:6b:d1:5d:a0:f0:0b:13:
         b1:68:2c:cd:8b:b7:94:6e:30:4a:e0:0c:e5:73:3b:fb:78:2b:
         54:d7:1d:ea:1b:c5:64:e5:dc:da:3f:f3:52:ed:00:37:ff:39:
         59:5c:29:fa:5a:d5:3e:9a:34:f1:95:31:d3:df:0e:06:78:2e:
         06:cb:01:64:4c:d8:06:f6:b1:ed:38:7e:25:47:40:39:7f:3c:
         eb:27:ff:88
-----BEGIN CERTIFICATE-----
MIIEnzCCA4egAwIBAgIUcruO130Nk1tKrp3zTyb+stvrgRcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDExMjAyMTI1MzZaFw0yNTExMTkyMTMwMzZaMDMxMTAvBgNV
BAMTKDdENkVCQzA5RURDMjgwN0FEMjk3REQyQTQ4OTZBNkM3N0I5RUQxRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlBwveu2HDGIkoP8Qwi62oAatC
ovvurKKaKhWaUfv/9LaZjUrn4TFqOw6uo72Pg2x4RCbLXITF1im50oqiM1/SUj98
GtfLAGIuqhc8ZgJdtUh/bjwCNRSW1WwIj+6pY537IJQSBLRaLUYXVQPQMEAOMqkE
1vfzsK2vCpTHgOzJbOWMgF0GRBkBCMauXnA3C3m3bDwpQeda4gQXYvQI1K/Odwm6
5QKjnAhGjTdcmskeEWDsRf8nUJATkQE8HBNX5/nKNV77mgm8BEV9piDprwWSX7Ek
2iOxcR0EdGTnWZxY38oHmWqy0a3W4ZucN0VchCxjXuewyb2oqjA8sXfts6x5AgMB
AAGjggGpMIIBpTAdBgNVHQ4EFgQUfW68Ce3CgHrSl90qSJamx3ue0fYwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMxMzQ1NzUucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqC0NAAKEw
DQYJKoZIhvcNAQELBQADggEBAKotD/lUmmxxp52ixR6rIlx00nrJ+HCaRLNFez1P
m2zI09EAwjKrJHEvcSA5n78sUb7oexX2tkfNTXPf26fnTlfl5x546fS+sbvf9vZ3
iCKzmwcfdbWsJkBaJ/Dgvp2vl6I1Mvvm+VN+iCYfAyiTZmWEvKvrNlLVkg8eGAeg
wDX1EnBEgFgpWwkair1pv18t4sGYHkwlDJZFKdlTtbDmvOsIxSGtgN6LtRu4iGmz
a9FdoPALE7FoLM2Lt5RuMErgDOVzO/t4K1TXHeobxWTl3No/81LtADf/OVlcKfpa
1T6aNPGVMdPfDgZ4LgbLAWRM2Ab2se04fiVHQDl/POsn/4g=
-----END CERTIFICATE-----