Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS44421.roa
File:                     AS44421.roa (raw, json)
Hash identifier:          0EXShUGbvWXzyN5HzcXmNnjn+PqtO5Iasjt2CT+L1nc=
Subject key identifier:   82:A8:BC:8A:DE:C3:1F:F6:F9:F8:4F:92:64:97:64:13:DC:81:52:9A
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       5562C14D944679E9BA889FA7CC95E206F7B2023D
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS44421.roa
Signing time:             Sun 23 Jun 2024 16:17:33 +0000
ROA not before:           Sun 23 Jun 2024 16:12:33 +0000
ROA not after:            Sun 22 Jun 2025 16:17:33 +0000
asID:                     44421
IP address blocks:        185.234.214.0/24 maxlen: 24
                          2a0b:4340:c0::/44 maxlen: 48
                          2a0d:2906::/31 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:62:c1:4d:94:46:79:e9:ba:88:9f:a7:cc:95:e2:06:f7:b2:02:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Jun 23 16:12:33 2024 GMT
            Not After : Jun 22 16:17:33 2025 GMT
        Subject: CN=82A8BC8ADEC31FF6F9F84F9264976413DC81529A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:70:2c:dc:f1:ac:a1:c7:15:c1:b9:df:0a:12:
                    a8:45:e3:2a:5f:89:af:d1:59:17:6c:88:af:e1:aa:
                    3d:cd:21:4f:0f:52:46:c5:83:15:15:64:6d:71:59:
                    37:99:3c:9a:de:5d:fb:8b:b1:e8:b5:da:2a:da:3d:
                    28:83:cd:6a:b4:79:54:c5:48:ee:46:6c:c0:c6:49:
                    14:47:30:dd:62:f5:78:7d:3c:e1:32:99:04:f7:d8:
                    29:02:e1:86:30:78:37:f0:e1:d3:c1:74:4c:f9:64:
                    b5:9e:22:29:9a:f3:07:9d:c9:85:48:04:8a:d0:06:
                    d9:e5:01:af:35:13:59:4d:06:b2:10:c7:a2:38:b6:
                    49:d6:c1:c9:ff:a5:41:c5:0b:e2:4f:63:d7:6a:72:
                    e0:94:f2:78:19:09:6a:b0:aa:aa:12:4a:89:33:a8:
                    52:dd:f1:4f:90:4f:dc:19:bb:74:22:d2:c3:f9:54:
                    c1:8e:43:ae:de:7b:9a:a6:21:d6:d2:6c:49:f7:ff:
                    28:d4:d6:e7:24:36:0d:9e:0e:8f:7c:ef:b5:7c:05:
                    1b:1f:07:19:78:8c:cb:82:fc:06:74:2b:c0:42:c5:
                    cf:1e:65:08:c1:88:f1:06:ea:81:f9:10:31:62:b2:
                    c5:23:ba:fe:64:b3:5e:62:43:ca:39:8f:3d:bc:93:
                    88:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:A8:BC:8A:DE:C3:1F:F6:F9:F8:4F:92:64:97:64:13:DC:81:52:9A
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS44421.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.214.0/24
                IPv6:
                  2a0b:4340:c0::/44
                  2a0d:2906::/31

    Signature Algorithm: sha256WithRSAEncryption
         7a:35:05:9f:c2:90:66:fb:55:c8:c0:dd:fc:dd:fb:de:d9:ab:
         42:fa:2d:ed:e6:db:a8:20:f1:2d:7b:3e:96:9e:a3:88:79:ff:
         53:83:1a:aa:63:74:71:8a:1b:57:9e:bb:aa:48:c9:cf:e2:c4:
         43:e2:c2:9a:d1:98:57:f9:1b:ba:58:1e:a0:6b:99:03:99:af:
         0b:c1:20:db:03:35:8c:c2:a2:b5:09:b0:0f:e9:a0:d8:14:45:
         5a:88:72:22:b4:6e:18:29:18:87:c6:3d:4c:68:6a:2f:ac:15:
         e4:08:8e:1c:99:bf:03:ce:f8:4e:70:dd:5a:e2:80:b7:04:6a:
         5d:d8:57:5b:95:5b:c1:7b:7d:f5:af:f3:bc:4a:56:b3:d9:0f:
         1f:ee:14:82:26:33:e6:79:f4:38:88:c4:cf:83:cc:41:91:8b:
         6f:85:8d:3a:5a:66:dd:2d:3e:a7:1b:9e:1f:0f:59:b4:94:e3:
         d5:15:fb:41:bd:69:d9:26:33:a8:89:06:60:ac:4d:dc:75:d4:
         fe:06:6a:3e:fd:e3:ae:85:18:bd:eb:1d:7c:57:14:fe:07:fe:
         42:e4:f1:ce:ba:49:fc:57:d3:65:de:26:b8:d5:92:d7:3a:0b:
         92:72:59:f0:1f:bd:65:c8:b0:d4:d8:68:8b:00:91:d2:d3:dd:
         5f:82:72:31
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIUVWLBTZRGeem6iJ+nzJXiBveyAj0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDA2MjMxNjEyMzNaFw0yNTA2MjIxNjE3MzNaMDMxMTAvBgNV
BAMTKDgyQThCQzhBREVDMzFGRjZGOUY4NEY5MjY0OTc2NDEzREM4MTUyOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYcCzc8ayhxxXBud8KEqhF4ypf
ia/RWRdsiK/hqj3NIU8PUkbFgxUVZG1xWTeZPJreXfuLsei12iraPSiDzWq0eVTF
SO5GbMDGSRRHMN1i9Xh9POEymQT32CkC4YYweDfw4dPBdEz5ZLWeIima8wedyYVI
BIrQBtnlAa81E1lNBrIQx6I4tknWwcn/pUHFC+JPY9dqcuCU8ngZCWqwqqoSSokz
qFLd8U+QT9wZu3Qi0sP5VMGOQ67ee5qmIdbSbEn3/yjU1uckNg2eDo9877V8BRsf
Bxl4jMuC/AZ0K8BCxc8eZQjBiPEG6oH5EDFissUjuv5ks15iQ8o5jz28k4jRAgMB
AAGjggG9MIIBuTAdBgNVHQ4EFgQUgqi8it7DH/b5+E+SZJdkE9yBUpowHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEsGCCsGAQUFBwELBD8wPTA7BggrBgEFBQcwC4YvcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVM0NDQyMS5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjA3BggrBgEFBQcBBwEB/wQoMCYwDAQCAAEwBgMEALnq1jAWBAIA
AjAQAwcEKgtDQADAAwUBKg0pBjANBgkqhkiG9w0BAQsFAAOCAQEAejUFn8KQZvtV
yMDd/N373tmrQvot7ebbqCDxLXs+lp6jiHn/U4MaqmN0cYobV567qkjJz+LEQ+LC
mtGYV/kbulgeoGuZA5mvC8Eg2wM1jMKitQmwD+mg2BRFWohyIrRuGCkYh8Y9TGhq
L6wV5AiOHJm/A874TnDdWuKAtwRqXdhXW5VbwXt99a/zvEpWs9kPH+4UgiYz5nn0
OIjEz4PMQZGLb4WNOlpm3S0+pxueHw9ZtJTj1RX7Qb1p2SYzqIkGYKxN3HXU/gZq
Pv3jroUYvesdfFcU/gf+QuTxzrpJ/FfTZd4muNWS1zoLknJZ8B+9Zciw1NhoiwCR
0tPdX4JyMQ==
-----END CERTIFICATE-----