Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS205532.roa
File:                     AS205532.roa (raw, json)
Hash identifier:          gY5Dvw1HdIMVyufjpboa5nVlVSrxh3+H1o7fUqtsOMs=
Subject key identifier:   AD:45:ED:A9:AC:11:60:C1:97:E2:25:37:4F:31:4B:1D:C5:12:14:16
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       53830834D125FA38D980DD537A5FEC2A6F114970
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS205532.roa
Signing time:             Wed 20 Nov 2024 21:30:35 +0000
ROA not before:           Wed 20 Nov 2024 21:25:35 +0000
ROA not after:            Wed 19 Nov 2025 21:30:35 +0000
asID:                     205532
IP address blocks:        2a0b:4340:a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:83:08:34:d1:25:fa:38:d9:80:dd:53:7a:5f:ec:2a:6f:11:49:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Nov 20 21:25:35 2024 GMT
            Not After : Nov 19 21:30:35 2025 GMT
        Subject: CN=AD45EDA9AC1160C197E225374F314B1DC5121416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e0:af:4c:fa:7f:e3:c6:9a:0a:16:06:44:d2:
                    c1:23:27:a2:76:62:b2:dc:23:7d:41:92:dd:79:bb:
                    aa:7a:51:fa:e3:5d:3e:08:6d:5c:47:ab:20:e9:5f:
                    40:9c:8b:1a:a1:92:79:27:4a:1d:0e:f2:9c:a2:60:
                    60:07:a2:9a:84:00:37:35:22:e7:d4:08:c4:4b:76:
                    5e:5b:09:0b:2a:31:aa:34:67:78:fa:c9:bf:bc:d1:
                    56:25:ee:c1:16:3d:19:01:15:91:ea:e8:de:9a:2a:
                    6a:71:82:57:66:98:d5:61:ea:39:7f:16:88:5a:1e:
                    5b:bb:34:24:7b:4a:02:6a:d5:ad:e7:21:1b:c1:52:
                    12:75:73:6a:3e:6e:6a:a2:3e:a7:a4:3e:d2:06:31:
                    8a:77:9a:bf:44:39:db:e8:03:04:fe:e7:7b:69:82:
                    62:d8:ee:47:1c:0e:9e:85:1b:95:ff:76:a7:10:8f:
                    0c:84:4e:0e:4d:79:fa:bd:85:33:cf:31:aa:6a:d3:
                    05:42:32:f1:e6:43:62:1b:41:a1:31:40:45:72:5c:
                    b2:7d:52:54:36:2a:86:80:8f:b6:24:b3:f7:71:b1:
                    e2:a3:1a:7a:9e:d4:b4:28:b1:1a:8d:f4:af:55:99:
                    ff:d0:20:aa:83:c2:d6:6e:8f:8e:ba:36:90:46:6e:
                    7d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:45:ED:A9:AC:11:60:C1:97:E2:25:37:4F:31:4B:1D:C5:12:14:16
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS205532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4340:a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         2d:eb:6e:ab:17:3b:2b:8f:34:ff:32:e2:1d:df:82:9d:2c:b7:
         fb:98:0d:f2:17:60:e8:d9:3c:ff:30:31:a3:10:fd:25:f9:13:
         05:04:d9:4a:cb:83:02:f4:6f:ae:58:6f:d5:c5:01:03:f8:57:
         05:84:df:ad:ad:11:94:83:78:87:4f:38:54:7b:66:84:d4:e6:
         8c:5b:55:e3:40:12:38:8f:05:d3:10:ea:f7:f0:31:aa:0d:93:
         db:8f:39:f7:d6:93:f8:7c:13:ea:0d:51:ca:76:a3:94:59:5a:
         84:b0:cc:01:25:f5:c7:89:b5:89:45:21:1e:e0:90:59:dd:13:
         9b:99:fe:d2:a8:19:4b:c2:e4:a7:e2:60:ab:8a:03:b2:a6:f7:
         67:37:2e:2a:f8:08:a6:75:f1:a4:ca:5b:97:4c:c6:af:0a:b8:
         ef:23:b6:fb:eb:f1:2a:c5:97:fd:0e:a5:41:d4:ab:ae:21:a4:
         b2:e7:47:97:3d:23:89:b7:f4:ea:eb:ee:89:f7:58:28:7c:ce:
         0f:f1:90:e0:94:93:27:ef:31:8f:bd:6f:52:a7:ff:a3:db:4c:
         90:65:57:c7:43:78:5e:54:91:97:76:01:ea:a5:26:79:09:fc:
         a0:e2:4b:23:f3:fe:37:5e:8f:01:75:95:a2:17:d4:12:ac:08:
         24:11:ae:bb
-----BEGIN CERTIFICATE-----
MIIEnzCCA4egAwIBAgIUU4MINNEl+jjZgN1Tel/sKm8RSXAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDExMjAyMTI1MzVaFw0yNTExMTkyMTMwMzVaMDMxMTAvBgNV
BAMTKEFENDVFREE5QUMxMTYwQzE5N0UyMjUzNzRGMzE0QjFEQzUxMjE0MTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS4K9M+n/jxpoKFgZE0sEjJ6J2
YrLcI31Bkt15u6p6UfrjXT4IbVxHqyDpX0CcixqhknknSh0O8pyiYGAHopqEADc1
IufUCMRLdl5bCQsqMao0Z3j6yb+80VYl7sEWPRkBFZHq6N6aKmpxgldmmNVh6jl/
FohaHlu7NCR7SgJq1a3nIRvBUhJ1c2o+bmqiPqekPtIGMYp3mr9EOdvoAwT+53tp
gmLY7kccDp6FG5X/dqcQjwyETg5Nefq9hTPPMapq0wVCMvHmQ2IbQaExQEVyXLJ9
UlQ2KoaAj7Yks/dxseKjGnqe1LQosRqN9K9Vmf/QIKqDwtZuj466NpBGbn1VAgMB
AAGjggGpMIIBpTAdBgNVHQ4EFgQUrUXtqawRYMGX4iU3TzFLHcUSFBYwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMyMDU1MzIucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqC0NAAKAw
DQYJKoZIhvcNAQELBQADggEBAC3rbqsXOyuPNP8y4h3fgp0st/uYDfIXYOjZPP8w
MaMQ/SX5EwUE2UrLgwL0b65Yb9XFAQP4VwWE362tEZSDeIdPOFR7ZoTU5oxbVeNA
EjiPBdMQ6vfwMaoNk9uPOffWk/h8E+oNUcp2o5RZWoSwzAEl9ceJtYlFIR7gkFnd
E5uZ/tKoGUvC5KfiYKuKA7Km92c3Lir4CKZ18aTKW5dMxq8KuO8jtvvr8SrFl/0O
pUHUq64hpLLnR5c9I4m39Orr7on3WCh8zg/xkOCUkyfvMY+9b1Kn/6PbTJBlV8dD
eF5UkZd2AeqlJnkJ/KDiSyPz/jdejwF1laIX1BKsCCQRrrs=
-----END CERTIFICATE-----