Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS969.roa
File:                     AS969.roa (raw, json)
Hash identifier:          G3npuBywMKbYgZ7Sa1aQuN9zffX/90mfyjR8Gq2o8qQ=
Subject key identifier:   F2:71:B0:D0:03:BE:74:A0:91:0F:EB:FF:69:89:6F:74:08:33:63:FF
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       459B403AD41A310A29A854ED30257CC854D6BF1E
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS969.roa
Signing time:             Wed 22 Oct 2025 21:31:26 +0000
ROA not before:           Wed 22 Oct 2025 21:26:26 +0000
ROA not after:            Wed 21 Oct 2026 21:31:26 +0000
asID:                     969
IP address blocks:        45.11.107.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Oct 2025 02:07:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:9b:40:3a:d4:1a:31:0a:29:a8:54:ed:30:25:7c:c8:54:d6:bf:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Oct 22 21:26:26 2025 GMT
            Not After : Oct 21 21:31:26 2026 GMT
        Subject: CN=F271B0D003BE74A0910FEBFF69896F74083363FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:af:c8:0d:b2:3f:c9:4e:7f:1e:95:6a:51:20:
                    3d:b1:c0:1b:87:b2:66:56:14:dc:ec:08:a5:50:52:
                    07:c8:34:0d:b5:3e:3b:c4:0e:cc:15:f6:7c:b7:58:
                    dc:81:91:84:a2:60:dd:97:fc:7a:11:07:f3:e6:d0:
                    47:29:e2:7f:18:da:0c:da:98:b8:0a:a8:ea:94:35:
                    64:11:30:fb:7f:08:e6:74:5f:24:16:66:39:3f:56:
                    3f:2d:83:4c:da:d7:90:5b:5a:b6:ab:e3:a6:27:47:
                    b2:db:64:2a:e5:5a:1f:e6:91:3c:b5:26:77:52:c8:
                    af:4e:7e:5b:a5:8a:cd:3d:91:4f:89:df:60:2c:aa:
                    44:c7:c2:6e:a9:a9:0d:b7:6b:3e:09:e9:11:c6:59:
                    39:4e:33:c2:16:d7:e3:7d:7d:ba:e9:0d:44:48:f9:
                    5b:2d:ba:42:79:f0:92:a2:90:f0:0f:f4:c4:ad:55:
                    47:c4:30:f4:67:35:10:87:da:93:bb:aa:e6:2a:b7:
                    e2:22:10:c5:28:54:e3:b9:7b:29:cc:21:0a:13:cf:
                    73:24:ca:5f:d4:6d:43:1e:ea:98:54:c8:65:6f:f3:
                    3b:16:bd:dc:1a:e9:fa:11:8b:25:94:ee:31:24:b8:
                    3a:00:50:cc:1f:40:ab:f6:e3:0f:f0:24:a5:d0:06:
                    a5:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:71:B0:D0:03:BE:74:A0:91:0F:EB:FF:69:89:6F:74:08:33:63:FF
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS969.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:5a:c5:37:16:c1:d4:d0:fa:2b:42:be:d0:81:49:3e:0d:0d:
         e1:30:67:a3:6e:e5:79:81:13:03:d3:b6:6b:67:af:62:29:1b:
         b9:3e:1c:76:f3:58:71:06:a2:0b:a6:7c:4b:5f:bd:a7:c8:4b:
         b8:eb:e8:b2:18:53:90:85:90:ea:c8:66:ae:d7:c9:c8:de:d8:
         80:97:60:47:6f:df:e9:96:39:ad:f2:40:0b:4e:2e:a0:97:08:
         18:a0:82:96:eb:19:4c:8d:a2:6f:c1:fa:a9:fd:eb:23:d5:3d:
         35:88:91:77:77:72:cd:de:ad:6a:95:0d:1e:19:c4:43:1e:ea:
         53:20:35:14:d0:32:44:96:76:c1:de:53:38:a1:da:d7:dc:60:
         33:6d:0f:da:f2:a2:5d:07:e6:ff:6b:44:8f:92:b6:25:a7:c4:
         c1:be:a5:bb:a7:7e:7b:00:2c:1a:4b:a7:95:42:ae:24:c5:9b:
         2b:3d:28:05:49:de:69:f4:d9:d1:09:1c:93:91:fc:32:cc:3c:
         df:bb:b9:ce:57:5e:a2:f4:77:bc:44:76:2e:42:1b:fa:5b:1a:
         2c:5e:d2:9b:12:72:71:f8:29:18:ee:6b:b2:f5:ce:c0:b7:6a:
         54:35:c3:eb:59:07:ca:36:20:54:5f:e0:89:2c:47:1c:cf:ce:
         82:96:d9:a8
-----BEGIN CERTIFICATE-----
MIIEmTCCA4GgAwIBAgIURZtAOtQaMQopqFTtMCV8yFTWvx4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNTEwMjIyMTI2MjZaFw0yNjEwMjEyMTMxMjZaMDMxMTAvBgNV
BAMTKEYyNzFCMEQwMDNCRTc0QTA5MTBGRUJGRjY5ODk2Rjc0MDgzMzYzRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFr8gNsj/JTn8elWpRID2xwBuH
smZWFNzsCKVQUgfINA21PjvEDswV9ny3WNyBkYSiYN2X/HoRB/Pm0Ecp4n8Y2gza
mLgKqOqUNWQRMPt/COZ0XyQWZjk/Vj8tg0za15BbWrar46YnR7LbZCrlWh/mkTy1
JndSyK9Oflulis09kU+J32AsqkTHwm6pqQ23az4J6RHGWTlOM8IW1+N9fbrpDURI
+VstukJ58JKikPAP9MStVUfEMPRnNRCH2pO7quYqt+IiEMUoVOO5eynMIQoTz3Mk
yl/UbUMe6phUyGVv8zsWvdwa6foRiyWU7jEkuDoAUMwfQKv24w/wJKXQBqXpAgMB
AAGjggGjMIIBnzAdBgNVHQ4EFgQU8nGw0AO+dKCRD+v/aYlvdAgzY/8wHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEkGCCsGAQUFBwELBD0wOzA5BggrBgEFBQcwC4YtcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVM5Njkucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtC2swDQYJKoZI
hvcNAQELBQADggEBAEhaxTcWwdTQ+itCvtCBST4NDeEwZ6Nu5XmBEwPTtmtnr2Ip
G7k+HHbzWHEGogumfEtfvafIS7jr6LIYU5CFkOrIZq7Xycje2ICXYEdv3+mWOa3y
QAtOLqCXCBiggpbrGUyNom/B+qn96yPVPTWIkXd3cs3erWqVDR4ZxEMe6lMgNRTQ
MkSWdsHeUzih2tfcYDNtD9ryol0H5v9rRI+StiWnxMG+pbunfnsALBpLp5VCriTF
mys9KAVJ3mn02dEJHJOR/DLMPN+7uc5XXqL0d7xEdi5CG/pbGixe0psScnH4KRju
a7L1zsC3alQ1w+tZB8o2IFRf4IksRxzPzoKW2ag=
-----END CERTIFICATE-----