Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS138668.roa
File:                     AS138668.roa (raw, json)
Hash identifier:          nR7XOQg3QXX42C4N4N9JaTUJJ7OCRaehp15DaguDZE4=
Subject key identifier:   0E:FE:26:DC:76:3C:9D:15:19:C0:37:40:99:E8:FA:8F:0E:FB:E5:16
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       01064F3347015830DB29E120CE2973483E041FA8
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS138668.roa
Signing time:             Wed 20 Dec 2023 21:30:08 +0000
ROA not before:           Wed 20 Dec 2023 21:25:08 +0000
ROA not after:            Wed 18 Dec 2024 21:30:08 +0000
asID:                     138668
IP address blocks:        2a0d:2901::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:06:4f:33:47:01:58:30:db:29:e1:20:ce:29:73:48:3e:04:1f:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Dec 20 21:25:08 2023 GMT
            Not After : Dec 18 21:30:08 2024 GMT
        Subject: CN=0EFE26DC763C9D1519C0374099E8FA8F0EFBE516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b5:c6:d0:be:3c:36:b5:ac:ad:d4:c9:72:bc:
                    34:42:2e:85:da:ab:c3:68:80:4c:a6:e4:37:01:a3:
                    0a:9c:f9:f3:6a:b1:9d:00:54:28:f6:96:d0:34:f7:
                    89:6d:ef:53:f1:01:e4:de:cc:0b:f6:8f:40:60:ba:
                    f9:da:ba:b8:db:c6:01:9d:b3:59:a7:b9:59:53:d2:
                    8c:43:43:70:83:e6:78:e4:5f:4c:7c:26:6e:92:96:
                    35:50:84:0d:b3:07:8c:a4:aa:b5:cd:ba:9f:d0:88:
                    5b:49:ff:74:69:e5:08:3a:be:d0:6d:3e:75:a0:79:
                    ad:c5:24:d5:4a:e3:da:05:7c:fa:61:df:aa:30:6e:
                    ef:62:b6:b7:0e:10:49:d9:f4:ba:38:d2:6f:c9:71:
                    49:9f:fb:3c:1a:a6:3f:7f:5d:90:99:76:6b:8c:bd:
                    fe:51:e1:51:9a:de:16:58:36:dc:01:f5:08:e3:b6:
                    70:7d:c3:b9:68:98:e2:a5:55:fc:f3:d8:0f:d3:c9:
                    10:d8:07:44:1e:67:21:36:1d:f9:b8:bd:d4:29:5f:
                    61:75:38:ef:9c:b9:f4:1f:4b:19:b6:f4:95:9e:29:
                    b0:3c:bf:a1:fe:ef:4e:74:59:7b:05:4c:f2:3f:ab:
                    b1:cf:8d:8e:a2:48:1f:97:8d:08:ec:29:c0:51:26:
                    17:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:FE:26:DC:76:3C:9D:15:19:C0:37:40:99:E8:FA:8F:0E:FB:E5:16
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS138668.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2901::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:12:f9:05:cc:19:dd:8e:48:78:c5:c5:1f:c6:14:cb:98:56:
         77:6c:a3:d5:27:dc:c4:13:7d:43:6e:fa:f5:49:96:56:ec:c3:
         50:ad:2e:9c:14:8b:c2:6c:12:27:02:95:f1:cd:5d:0e:80:f5:
         3c:0f:36:30:bc:b5:4f:c6:c2:91:49:22:6d:70:10:e1:e9:08:
         aa:c6:a3:aa:76:1e:32:ec:22:8d:17:2f:af:8b:2c:b3:34:0f:
         b9:78:04:ba:36:ee:4f:91:d5:49:d4:09:0c:8b:4a:d5:94:61:
         c2:98:b2:8f:58:4d:d2:bd:23:42:1e:d0:c4:1d:5f:0a:44:be:
         8d:8b:1c:a2:4b:f8:96:4f:7f:a0:ec:0c:81:21:ed:1c:da:b5:
         a7:9f:a5:e0:d3:92:55:21:bf:d1:db:e3:99:82:bc:9e:c7:d7:
         85:6b:68:37:2b:73:30:e0:fd:4e:d0:ec:be:a6:d4:66:2a:8a:
         e5:ef:86:7c:e4:07:0d:f7:d7:2c:2d:00:08:2d:34:40:d4:2b:
         35:8f:92:8a:14:39:4a:fd:c7:d6:d0:63:c3:07:7c:f6:e7:dd:
         58:a5:4f:cc:38:70:bc:03:3b:81:fa:1b:30:01:dd:fc:e9:d0:
         85:1f:c0:81:89:83:90:37:0e:3a:76:7c:fe:2c:5e:c1:2f:87:
         f9:7e:7e:e5
-----BEGIN CERTIFICATE-----
MIIEnTCCA4WgAwIBAgIUAQZPM0cBWDDbKeEgzilzSD4EH6gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yMzEyMjAyMTI1MDhaFw0yNDEyMTgyMTMwMDhaMDMxMTAvBgNV
BAMTKDBFRkUyNkRDNzYzQzlEMTUxOUMwMzc0MDk5RThGQThGMEVGQkU1MTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBtcbQvjw2tayt1MlyvDRCLoXa
q8NogEym5DcBowqc+fNqsZ0AVCj2ltA094lt71PxAeTezAv2j0BguvnaurjbxgGd
s1mnuVlT0oxDQ3CD5njkX0x8Jm6SljVQhA2zB4ykqrXNup/QiFtJ/3Rp5Qg6vtBt
PnWgea3FJNVK49oFfPph36owbu9itrcOEEnZ9Lo40m/JcUmf+zwapj9/XZCZdmuM
vf5R4VGa3hZYNtwB9QjjtnB9w7lomOKlVfzz2A/TyRDYB0QeZyE2Hfm4vdQpX2F1
OO+cufQfSxm29JWeKbA8v6H+7050WXsFTPI/q7HPjY6iSB+XjQjsKcBRJhedAgMB
AAGjggGnMIIBozAdBgNVHQ4EFgQUDv4m3HY8nRUZwDdAmej6jw775RYwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMxMzg2Njgucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqDSkBMA0G
CSqGSIb3DQEBCwUAA4IBAQAiEvkFzBndjkh4xcUfxhTLmFZ3bKPVJ9zEE31Dbvr1
SZZW7MNQrS6cFIvCbBInApXxzV0OgPU8DzYwvLVPxsKRSSJtcBDh6QiqxqOqdh4y
7CKNFy+viyyzNA+5eAS6Nu5PkdVJ1AkMi0rVlGHCmLKPWE3SvSNCHtDEHV8KRL6N
ixyiS/iWT3+g7AyBIe0c2rWnn6Xg05JVIb/R2+OZgryex9eFa2g3K3Mw4P1O0Oy+
ptRmKorl74Z85AcN99csLQAILTRA1Cs1j5KKFDlK/cfW0GPDB3z2591YpU/MOHC8
AzuB+hswAd386dCFH8CBiYOQNw46dnz+LF7BL4f5fn7l
-----END CERTIFICATE-----