Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS138668.roa
File:                     AS138668.roa (raw, json)
Hash identifier:          egtR7OrcVv7Jq3fiNgJKeKinFrvft4aNgHRyFnrKCTU=
Subject key identifier:   77:5D:94:87:F3:7A:30:80:DB:AB:9B:21:0F:85:14:80:C4:B6:9E:D8
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       5EC18F0B4A259D4A868232FCB5C03E5751849DB8
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS138668.roa
Signing time:             Wed 22 Oct 2025 21:31:24 +0000
ROA not before:           Wed 22 Oct 2025 21:26:24 +0000
ROA not after:            Wed 21 Oct 2026 21:31:24 +0000
asID:                     138668
IP address blocks:        2a0d:2901::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Oct 2025 02:07:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:c1:8f:0b:4a:25:9d:4a:86:82:32:fc:b5:c0:3e:57:51:84:9d:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Oct 22 21:26:24 2025 GMT
            Not After : Oct 21 21:31:24 2026 GMT
        Subject: CN=775D9487F37A3080DBAB9B210F851480C4B69ED8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d0:03:1a:49:da:92:7e:6c:34:ab:d8:65:4f:
                    d0:1c:b9:28:be:da:c6:07:e6:c9:56:37:06:b9:7f:
                    1d:7e:20:de:02:bb:ca:a0:64:aa:0c:84:0c:08:01:
                    77:3d:47:db:b1:31:a9:35:c9:1d:d4:59:9f:53:be:
                    da:7e:59:38:93:13:46:52:0c:08:b3:fb:76:f5:ac:
                    c6:6f:f3:b2:30:7a:6b:8a:5d:b9:f8:f0:e0:ee:a3:
                    7a:29:3f:cb:e4:92:a1:69:8f:b9:68:82:e3:bb:6d:
                    ad:7c:b0:b8:5a:13:68:07:7f:d4:bf:65:7b:28:d2:
                    5b:7b:c8:6c:51:15:8c:07:24:23:fb:cd:3a:9b:cb:
                    06:67:ab:49:bf:65:2f:07:5c:68:c4:08:09:29:1e:
                    c7:df:73:c0:22:b6:60:75:d1:95:f3:5b:43:ec:f7:
                    30:59:7b:a5:94:15:b6:b0:77:e5:c4:0e:3c:de:9e:
                    c3:04:79:93:f1:30:98:dc:95:ac:6e:9a:2c:a4:46:
                    1c:62:7c:09:2e:8d:6b:94:74:3e:34:72:6c:68:2f:
                    74:62:9d:b4:4d:79:a3:62:8a:09:6b:a6:23:f7:7c:
                    f7:b6:ea:0e:b0:19:8e:68:22:5d:11:1c:cd:7f:97:
                    d0:8b:17:ec:5c:4c:0f:d5:42:41:a3:d6:b1:38:ab:
                    5e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:5D:94:87:F3:7A:30:80:DB:AB:9B:21:0F:85:14:80:C4:B6:9E:D8
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS138668.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2901::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:a6:23:09:f0:87:2b:c2:9f:e7:c7:de:d3:0c:89:56:a9:22:
         07:be:87:1e:31:8c:71:41:fb:10:2c:36:14:22:a0:a1:e4:26:
         81:dc:15:85:97:9b:6d:3a:38:c6:b9:c6:2e:45:9f:ca:4a:19:
         87:df:ee:09:82:e6:31:59:32:00:15:13:31:8b:32:44:b7:c5:
         16:63:86:3f:1a:e4:4f:2b:58:63:c1:df:3a:20:3e:55:f8:d6:
         15:8b:27:5b:5d:ec:c2:1f:e5:29:58:16:ce:a1:22:4e:9e:cc:
         27:97:c5:1f:22:e1:ec:76:21:92:4b:be:0b:ea:2c:35:b7:c3:
         90:24:dd:62:ae:e8:84:85:90:99:31:e0:d8:79:11:11:be:f3:
         66:f0:d6:b5:50:7e:2c:ca:b4:3a:cc:24:ad:9d:0b:2d:1f:22:
         0f:6a:bf:55:0e:48:46:94:5f:a7:4b:e5:15:45:c6:e5:e1:04:
         32:6e:65:9a:3e:31:86:0e:68:80:2e:ca:34:06:b0:71:21:c6:
         b9:ed:ec:d2:53:6b:da:a0:ad:06:8a:94:13:1f:54:b2:4b:4c:
         94:e8:b3:b2:9b:de:a3:d0:eb:20:e6:2b:ce:f5:ad:a6:72:0e:
         64:3c:70:ae:46:73:f3:87:54:a5:05:90:32:5e:f3:21:b9:06:
         0b:f4:16:f8
-----BEGIN CERTIFICATE-----
MIIEnTCCA4WgAwIBAgIUXsGPC0olnUqGgjL8tcA+V1GEnbgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNTEwMjIyMTI2MjRaFw0yNjEwMjEyMTMxMjRaMDMxMTAvBgNV
BAMTKDc3NUQ5NDg3RjM3QTMwODBEQkFCOUIyMTBGODUxNDgwQzRCNjlFRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo0AMaSdqSfmw0q9hlT9AcuSi+
2sYH5slWNwa5fx1+IN4Cu8qgZKoMhAwIAXc9R9uxMak1yR3UWZ9Tvtp+WTiTE0ZS
DAiz+3b1rMZv87IwemuKXbn48ODuo3opP8vkkqFpj7loguO7ba18sLhaE2gHf9S/
ZXso0lt7yGxRFYwHJCP7zTqbywZnq0m/ZS8HXGjECAkpHsffc8AitmB10ZXzW0Ps
9zBZe6WUFbawd+XEDjzensMEeZPxMJjclaxumiykRhxifAkujWuUdD40cmxoL3Ri
nbRNeaNiiglrpiP3fPe26g6wGY5oIl0RHM1/l9CLF+xcTA/VQkGj1rE4q16FAgMB
AAGjggGnMIIBozAdBgNVHQ4EFgQUd12Uh/N6MIDbq5shD4UUgMS2ntgwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMxMzg2Njgucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqDSkBMA0G
CSqGSIb3DQEBCwUAA4IBAQCWpiMJ8Icrwp/nx97TDIlWqSIHvoceMYxxQfsQLDYU
IqCh5CaB3BWFl5ttOjjGucYuRZ/KShmH3+4JguYxWTIAFRMxizJEt8UWY4Y/GuRP
K1hjwd86ID5V+NYViydbXezCH+UpWBbOoSJOnswnl8UfIuHsdiGSS74L6iw1t8OQ
JN1iruiEhZCZMeDYeRERvvNm8Na1UH4syrQ6zCStnQstHyIPar9VDkhGlF+nS+UV
Rcbl4QQybmWaPjGGDmiALso0BrBxIca57ezSU2vaoK0GipQTH1SyS0yU6LOym96j
0Osg5ivO9a2mcg5kPHCuRnPzh1SlBZAyXvMhuQYL9Bb4
-----END CERTIFICATE-----