Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS205152.roa
File:                     AS205152.roa (raw, json)
Hash identifier:          GyhLG7jjjw30S6S43l2cKGyQCQh89yZYE5bCE60qbsA=
Subject key identifier:   57:B4:E6:13:D9:3B:15:58:24:7E:D6:1D:FD:95:3B:87:18:01:11:9C
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       31C7D01EA035C7C17A3FF0FDF92433FD0BD1AB40
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS205152.roa
Signing time:             Wed 20 Nov 2024 21:30:28 +0000
ROA not before:           Wed 20 Nov 2024 21:25:28 +0000
ROA not after:            Wed 19 Nov 2025 21:30:28 +0000
asID:                     205152
IP address blocks:        2a0b:4340:1300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:c7:d0:1e:a0:35:c7:c1:7a:3f:f0:fd:f9:24:33:fd:0b:d1:ab:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Nov 20 21:25:28 2024 GMT
            Not After : Nov 19 21:30:28 2025 GMT
        Subject: CN=57B4E613D93B1558247ED61DFD953B871801119C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a8:96:44:9a:cc:dc:dc:54:e8:ce:bf:2f:85:
                    45:40:0a:02:40:75:dd:d5:98:7f:a4:e0:b4:68:c5:
                    43:d8:19:c6:71:86:56:40:32:fa:a3:b2:b8:34:70:
                    45:ac:74:d5:5b:51:cb:17:6b:89:81:e7:b7:6a:7e:
                    7b:f7:43:f7:31:f2:3c:e4:c0:92:df:ae:cd:2d:48:
                    30:a8:1d:16:dd:e7:4b:23:03:63:b0:95:ff:24:63:
                    43:c4:61:b8:2b:03:2f:99:36:cc:1b:5b:fc:5f:90:
                    b5:47:30:76:64:a0:c4:9a:72:fb:df:27:72:89:5e:
                    41:1e:d9:75:7a:c1:5e:ca:87:90:92:15:3c:59:0c:
                    c8:af:55:d3:2b:e0:77:3c:7d:64:c1:90:74:ad:12:
                    76:14:d5:56:d2:f7:37:ad:fd:e3:64:1a:cf:96:e2:
                    78:17:89:8a:04:24:1a:02:13:02:54:04:a3:a3:af:
                    06:07:83:0d:8c:39:f9:72:68:cb:99:d0:01:4c:43:
                    e1:98:00:ba:02:db:aa:92:df:cd:86:55:05:70:91:
                    74:94:06:14:f6:92:9a:d9:93:2b:e2:f6:e6:42:f8:
                    e7:ff:f2:ab:bd:34:82:e7:39:02:ea:58:1d:0e:7d:
                    9b:68:38:dd:5f:a5:a4:44:fe:45:31:29:fa:a5:96:
                    e2:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:B4:E6:13:D9:3B:15:58:24:7E:D6:1D:FD:95:3B:87:18:01:11:9C
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS205152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4340:1300::/40

    Signature Algorithm: sha256WithRSAEncryption
         ac:66:13:ac:0f:20:02:98:fb:10:1c:28:0b:86:5b:b4:f6:a4:
         bd:f2:c9:02:fd:26:e9:b6:95:02:20:95:ea:32:ed:21:cf:6b:
         86:d7:ef:07:a6:a0:d4:69:18:a0:15:9c:09:88:a2:f9:c8:30:
         f1:37:a8:80:20:54:3f:27:cf:d3:bb:b9:15:d0:d3:7e:31:e3:
         1d:0a:90:0d:1e:2d:90:a3:8c:47:c1:21:a4:07:15:47:25:d9:
         0d:24:9f:26:79:37:9a:60:cb:79:d1:40:4e:95:c9:0d:4d:a4:
         ee:73:7f:e8:21:86:0f:b7:a0:ba:7f:41:a8:95:dc:48:4b:2d:
         a5:94:a0:44:cf:1c:0c:d2:81:f6:d5:fa:9c:db:ca:77:93:a4:
         0d:0e:00:d2:ff:ac:9f:6f:4f:cf:1d:80:fe:ad:eb:ea:7f:b4:
         86:1b:fb:a8:cf:09:4a:47:5c:ca:ca:10:9c:69:d6:7c:a9:34:
         c8:da:22:03:6d:27:8f:9d:b3:40:b4:94:70:7f:d5:f8:3e:a2:
         f6:f9:83:ae:b2:d9:27:b3:20:b1:78:66:e6:16:f0:aa:03:2f:
         5b:7e:f2:34:6f:a6:97:ef:c3:25:e0:0b:bc:16:63:8d:92:e7:
         8c:47:88:1d:c3:76:59:63:56:d1:56:3e:66:fd:4a:b4:2e:a7:
         a4:14:aa:1c
-----BEGIN CERTIFICATE-----
MIIEnjCCA4agAwIBAgIUMcfQHqA1x8F6P/D9+SQz/QvRq0AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDExMjAyMTI1MjhaFw0yNTExMTkyMTMwMjhaMDMxMTAvBgNV
BAMTKDU3QjRFNjEzRDkzQjE1NTgyNDdFRDYxREZEOTUzQjg3MTgwMTExOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEqJZEmszc3FTozr8vhUVACgJA
dd3VmH+k4LRoxUPYGcZxhlZAMvqjsrg0cEWsdNVbUcsXa4mB57dqfnv3Q/cx8jzk
wJLfrs0tSDCoHRbd50sjA2Owlf8kY0PEYbgrAy+ZNswbW/xfkLVHMHZkoMSacvvf
J3KJXkEe2XV6wV7Kh5CSFTxZDMivVdMr4Hc8fWTBkHStEnYU1VbS9zet/eNkGs+W
4ngXiYoEJBoCEwJUBKOjrwYHgw2MOflyaMuZ0AFMQ+GYALoC26qS382GVQVwkXSU
BhT2kprZkyvi9uZC+Of/8qu9NILnOQLqWB0OfZtoON1fpaRE/kUxKfqlluLvAgMB
AAGjggGoMIIBpDAdBgNVHQ4EFgQUV7TmE9k7FVgkftYd/ZU7hxgBEZwwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMyMDUxNTIucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqC0NAEzAN
BgkqhkiG9w0BAQsFAAOCAQEArGYTrA8gApj7EBwoC4ZbtPakvfLJAv0m6baVAiCV
6jLtIc9rhtfvB6ag1GkYoBWcCYii+cgw8TeogCBUPyfP07u5FdDTfjHjHQqQDR4t
kKOMR8EhpAcVRyXZDSSfJnk3mmDLedFATpXJDU2k7nN/6CGGD7egun9BqJXcSEst
pZSgRM8cDNKB9tX6nNvKd5OkDQ4A0v+sn29Pzx2A/q3r6n+0hhv7qM8JSkdcysoQ
nGnWfKk0yNoiA20nj52zQLSUcH/V+D6i9vmDrrLZJ7MgsXhm5hbwqgMvW37yNG+m
l+/DJeALvBZjjZLnjEeIHcN2WWNW0VY+Zv1KtC6npBSqHA==
-----END CERTIFICATE-----