Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS138668.roa
File:                     AS138668.roa (raw, json)
Hash identifier:          6R0r4UUuFswh5Y8qLht1CEdPtLVw1/6DOe/HM6DCDtw=
Subject key identifier:   97:02:C8:76:9F:67:84:1A:8A:D4:09:31:5C:BB:3F:35:10:AD:09:61
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       46341C50046A8D9BCD651578AE26044CC5E49A93
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS138668.roa
Signing time:             Wed 20 Nov 2024 21:30:30 +0000
ROA not before:           Wed 20 Nov 2024 21:25:30 +0000
ROA not after:            Wed 19 Nov 2025 21:30:30 +0000
asID:                     138668
IP address blocks:        2a0d:2901::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:34:1c:50:04:6a:8d:9b:cd:65:15:78:ae:26:04:4c:c5:e4:9a:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Nov 20 21:25:30 2024 GMT
            Not After : Nov 19 21:30:30 2025 GMT
        Subject: CN=9702C8769F67841A8AD409315CBB3F3510AD0961
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:cf:5e:e5:59:e0:af:ab:87:0c:46:29:92:1c:
                    be:9d:6c:be:4c:5a:75:b8:96:27:76:76:76:75:75:
                    3c:94:fb:74:45:40:e1:73:f7:9b:4f:f8:d2:d2:73:
                    5e:f1:dd:d2:41:b2:3d:77:52:97:34:43:d6:39:36:
                    32:6a:f8:78:21:9f:a1:6c:d1:af:a3:24:c0:80:73:
                    42:1d:2d:92:01:23:4b:b7:ba:d5:1c:3b:ef:5c:bf:
                    16:06:55:1f:9d:72:19:5f:d0:74:79:da:6f:0b:36:
                    87:06:98:f4:86:33:dd:98:7b:fa:80:53:c0:8d:3a:
                    67:99:19:48:fa:72:d6:20:71:46:a1:88:fa:be:5d:
                    f5:bf:73:3f:4b:4e:3b:c9:27:65:9d:22:eb:c5:b0:
                    9e:d9:a0:f9:f5:68:74:66:0f:90:de:be:3f:49:75:
                    f8:bc:d4:40:16:e0:50:c3:49:8a:97:bd:9b:2d:e4:
                    59:c2:28:45:8f:89:3a:53:08:da:7c:92:a6:71:00:
                    eb:eb:03:98:8d:e5:ed:72:f4:79:5d:4f:52:59:bd:
                    38:59:de:80:66:1f:32:5c:6b:99:e9:64:0d:d4:70:
                    c9:16:6c:56:00:6f:2d:f6:13:18:e1:df:34:5f:d1:
                    3f:ee:41:f7:d0:f1:4c:8d:ea:43:5b:b9:31:b6:2f:
                    58:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:02:C8:76:9F:67:84:1A:8A:D4:09:31:5C:BB:3F:35:10:AD:09:61
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS138668.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2901::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:17:ec:8c:50:a2:2e:62:57:db:93:fe:ad:5d:48:3b:57:6a:
         ac:85:4a:86:ab:92:b7:7f:57:65:dd:79:d1:89:81:d1:9c:92:
         1d:7d:af:ab:73:b0:ae:a1:78:9b:20:55:58:12:f2:ef:e9:06:
         20:fc:a5:5c:eb:ea:64:c3:2d:9d:aa:17:0a:0a:72:64:e8:1d:
         40:69:ab:78:d8:5f:1d:95:8e:7a:f6:8c:8f:ac:54:81:38:2c:
         24:9b:da:0b:2e:22:d6:49:e0:80:b5:54:be:47:9b:cd:6d:32:
         59:55:8d:cf:d1:8a:19:60:7e:53:a2:1f:43:c5:a6:f4:b2:7c:
         66:b8:eb:9b:20:b2:74:7d:0b:b6:b1:53:6b:4d:75:c0:1e:5c:
         87:cb:34:9e:50:43:fb:9f:bd:ba:67:e7:b7:c6:19:1e:6b:da:
         6f:da:02:72:70:a2:4b:1a:96:6b:4a:98:e8:80:1e:30:4e:79:
         7e:77:96:18:b0:04:e1:ca:34:9d:bd:66:4d:61:4f:db:74:b5:
         18:34:ab:41:96:a5:89:29:69:33:3d:39:19:ce:e2:15:14:05:
         85:5b:3c:7e:5f:4e:3a:29:89:6a:12:1d:49:7d:1d:0f:3b:14:
         a3:a3:c8:0b:d3:c5:23:57:72:e4:6f:44:d9:f7:26:89:3d:99:
         8c:3f:0c:55
-----BEGIN CERTIFICATE-----
MIIEnTCCA4WgAwIBAgIURjQcUARqjZvNZRV4riYETMXkmpMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDExMjAyMTI1MzBaFw0yNTExMTkyMTMwMzBaMDMxMTAvBgNV
BAMTKDk3MDJDODc2OUY2Nzg0MUE4QUQ0MDkzMTVDQkIzRjM1MTBBRDA5NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbz17lWeCvq4cMRimSHL6dbL5M
WnW4lid2dnZ1dTyU+3RFQOFz95tP+NLSc17x3dJBsj13Upc0Q9Y5NjJq+Hghn6Fs
0a+jJMCAc0IdLZIBI0u3utUcO+9cvxYGVR+dchlf0HR52m8LNocGmPSGM92Ye/qA
U8CNOmeZGUj6ctYgcUahiPq+XfW/cz9LTjvJJ2WdIuvFsJ7ZoPn1aHRmD5Devj9J
dfi81EAW4FDDSYqXvZst5FnCKEWPiTpTCNp8kqZxAOvrA5iN5e1y9HldT1JZvThZ
3oBmHzJca5npZA3UcMkWbFYAby32Exjh3zRf0T/uQffQ8UyN6kNbuTG2L1iBAgMB
AAGjggGnMIIBozAdBgNVHQ4EFgQUlwLIdp9nhBqK1AkxXLs/NRCtCWEwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMxMzg2Njgucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqDSkBMA0G
CSqGSIb3DQEBCwUAA4IBAQB0F+yMUKIuYlfbk/6tXUg7V2qshUqGq5K3f1dl3XnR
iYHRnJIdfa+rc7CuoXibIFVYEvLv6QYg/KVc6+pkwy2dqhcKCnJk6B1Aaat42F8d
lY569oyPrFSBOCwkm9oLLiLWSeCAtVS+R5vNbTJZVY3P0YoZYH5Toh9Dxab0snxm
uOubILJ0fQu2sVNrTXXAHlyHyzSeUEP7n726Z+e3xhkea9pv2gJycKJLGpZrSpjo
gB4wTnl+d5YYsAThyjSdvWZNYU/bdLUYNKtBlqWJKWkzPTkZzuIVFAWFWzx+X046
KYlqEh1JfR0POxSjo8gL08UjV3Lkb0TZ9yaJPZmMPwxV
-----END CERTIFICATE-----