Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS23961.roa
File:                     AS23961.roa (raw, json)
Hash identifier:          a6NVyWKx5nvRRqtTtAtFcQl9wAlZ0rHzQf3ziOoNLxE=
Subject key identifier:   33:0A:48:06:16:FE:8D:72:0B:BD:55:E5:BA:AE:01:14:D1:39:FB:62
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       31A2527A825A22885E14163CD978D3868CED4136
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS23961.roa
Signing time:             Thu 04 Jan 2024 10:57:46 +0000
ROA not before:           Thu 04 Jan 2024 10:52:46 +0000
ROA not after:            Thu 02 Jan 2025 10:57:46 +0000
asID:                     23961
IP address blocks:        45.11.104.0/23 maxlen: 24
                          45.150.242.0/23 maxlen: 24
                          188.244.96.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:a2:52:7a:82:5a:22:88:5e:14:16:3c:d9:78:d3:86:8c:ed:41:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Jan  4 10:52:46 2024 GMT
            Not After : Jan  2 10:57:46 2025 GMT
        Subject: CN=330A480616FE8D720BBD55E5BAAE0114D139FB62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:04:2a:c8:28:b5:08:ee:8d:17:2b:f8:e0:19:
                    4d:cb:2f:75:e0:12:4e:96:63:12:9e:f2:6b:cf:bc:
                    95:44:14:5d:7d:1b:12:9e:c0:d2:c3:5c:2a:55:80:
                    b6:db:66:75:1b:61:2c:96:07:8d:ce:21:40:87:13:
                    3a:32:1a:09:65:9d:93:52:d4:52:65:49:5a:70:27:
                    3e:82:c8:be:52:79:5e:52:d0:3b:a9:b2:a3:95:f5:
                    27:4a:4f:a8:60:97:d5:f5:27:0f:75:75:3a:91:24:
                    59:84:98:9b:4a:fc:9e:c7:9f:49:a8:c0:7d:82:76:
                    6b:f8:62:4d:ce:28:66:f3:a2:7b:44:41:cc:40:44:
                    95:d7:5d:4e:84:77:9a:86:6b:21:77:fb:7c:dc:6d:
                    b5:36:d2:fe:b6:38:8f:56:9b:ca:8a:2a:f7:b4:51:
                    a1:3d:ed:ec:3c:89:95:fe:41:ee:74:94:af:6d:d3:
                    52:71:81:15:e6:42:25:21:34:86:3d:74:3b:61:59:
                    5d:07:d6:38:0f:1b:15:1f:62:92:4b:cc:24:b8:2d:
                    45:68:93:98:0e:d6:d4:35:09:23:7f:40:8d:80:72:
                    13:71:01:31:13:42:b7:4f:bc:0d:89:e8:40:49:da:
                    3c:fe:0f:ad:37:d6:7b:b8:4b:bb:03:e9:98:9f:59:
                    ca:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:0A:48:06:16:FE:8D:72:0B:BD:55:E5:BA:AE:01:14:D1:39:FB:62
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS23961.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.104.0/23
                  45.150.242.0/23
                  188.244.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:ea:05:91:09:47:c7:1f:6f:ba:41:ed:c6:94:7b:49:a7:b0:
         fa:ac:71:cd:58:43:7c:ac:4f:30:07:1a:24:56:3d:5f:89:2a:
         65:a3:d6:8e:17:0b:2a:7d:86:cd:0e:36:cf:2f:53:9c:28:65:
         56:cb:9a:45:d5:8b:18:e5:cc:8a:bf:2e:9b:b6:a6:67:64:eb:
         10:5f:5b:8a:1a:47:8f:ff:55:90:62:7c:24:01:73:13:96:bc:
         2f:90:f3:f2:fd:b7:4f:21:48:e1:48:71:ad:6f:60:23:20:b8:
         67:0f:29:70:f8:18:40:47:94:e0:b3:00:c8:98:42:9a:19:88:
         c5:47:1d:54:32:a4:c4:28:56:8b:80:42:94:a5:d0:99:24:cb:
         6c:92:c5:dd:47:c7:74:db:21:2d:71:d6:b0:c0:ff:b3:c1:a7:
         25:80:37:aa:f0:1d:65:50:3e:1e:8b:b9:9f:3b:2b:4a:f4:86:
         c1:e9:08:db:04:08:af:83:e8:c8:2a:92:fb:9d:45:f5:34:ee:
         db:b8:71:45:b9:32:58:b1:93:09:1d:7c:c8:8f:bc:b1:c3:a3:
         ac:aa:65:64:3f:73:98:2a:e7:5a:5e:25:90:65:ce:18:e8:87:
         a7:cd:e1:ee:7b:0d:36:65:5c:b6:95:91:63:42:a8:12:d2:65:
         48:31:17:8f
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIUMaJSeoJaIoheFBY82XjThoztQTYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDAxMDQxMDUyNDZaFw0yNTAxMDIxMDU3NDZaMDMxMTAvBgNV
BAMTKDMzMEE0ODA2MTZGRThENzIwQkJENTVFNUJBQUUwMTE0RDEzOUZCNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgBCrIKLUI7o0XK/jgGU3LL3Xg
Ek6WYxKe8mvPvJVEFF19GxKewNLDXCpVgLbbZnUbYSyWB43OIUCHEzoyGgllnZNS
1FJlSVpwJz6CyL5SeV5S0DupsqOV9SdKT6hgl9X1Jw91dTqRJFmEmJtK/J7Hn0mo
wH2Cdmv4Yk3OKGbzontEQcxARJXXXU6Ed5qGayF3+3zcbbU20v62OI9Wm8qKKve0
UaE97ew8iZX+Qe50lK9t01JxgRXmQiUhNIY9dDthWV0H1jgPGxUfYpJLzCS4LUVo
k5gO1tQ1CSN/QI2AchNxATETQrdPvA2J6EBJ2jz+D6031nu4S7sD6ZifWco5AgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQUMwpIBhb+jXILvVXluq4BFNE5+2IwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEsGCCsGAQUFBwELBD8wPTA7BggrBgEFBQcwC4YvcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMyMzk2MS5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAS0LaAMEAS2W
8gMEAbz0YDANBgkqhkiG9w0BAQsFAAOCAQEAGOoFkQlHxx9vukHtxpR7Saew+qxx
zVhDfKxPMAcaJFY9X4kqZaPWjhcLKn2GzQ42zy9TnChlVsuaRdWLGOXMir8um7am
Z2TrEF9bihpHj/9VkGJ8JAFzE5a8L5Dz8v23TyFI4UhxrW9gIyC4Zw8pcPgYQEeU
4LMAyJhCmhmIxUcdVDKkxChWi4BClKXQmSTLbJLF3UfHdNshLXHWsMD/s8GnJYA3
qvAdZVA+Hou5nzsrSvSGwekI2wQIr4PoyCqS+51F9TTu27hxRbkyWLGTCR18yI+8
scOjrKplZD9zmCrnWl4lkGXOGOiHp83h7nsNNmVctpWRY0KoEtJlSDEXjw==
-----END CERTIFICATE-----