Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS969.roa
File:                     AS969.roa (raw, json)
Hash identifier:          iN+TBO7OR3LTSyN57rxVsbuK8DUDFZRRkxaRRoxdCQ8=
Subject key identifier:   14:EB:9F:A8:6E:31:2A:BA:65:DF:E6:1A:D1:9B:95:1B:BD:C4:B1:C9
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       47641D578AADE084692530024784F0FC8DF54881
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS969.roa
Signing time:             Wed 20 Nov 2024 21:30:33 +0000
ROA not before:           Wed 20 Nov 2024 21:25:33 +0000
ROA not after:            Wed 19 Nov 2025 21:30:33 +0000
asID:                     969
IP address blocks:        45.11.107.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:64:1d:57:8a:ad:e0:84:69:25:30:02:47:84:f0:fc:8d:f5:48:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Nov 20 21:25:33 2024 GMT
            Not After : Nov 19 21:30:33 2025 GMT
        Subject: CN=14EB9FA86E312ABA65DFE61AD19B951BBDC4B1C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4c:3a:41:0e:f0:05:34:28:7e:6e:21:f0:dc:
                    be:8d:9c:d1:18:ab:c9:b4:88:a9:d5:8d:2b:4e:02:
                    bc:1d:2a:25:52:9c:8b:48:36:c3:17:1e:60:30:f7:
                    ec:d5:dd:3a:a0:f5:80:cf:33:15:42:8b:63:5e:93:
                    a9:47:fa:b0:1d:4c:6d:09:38:fe:06:56:98:f5:77:
                    c1:b4:70:89:46:8f:77:e1:c5:d1:cc:3c:33:8d:60:
                    43:a0:bf:18:e7:3f:09:5a:8d:19:b1:e3:bf:ea:b2:
                    55:ea:d2:ec:58:10:f1:40:84:9b:98:0a:84:d6:16:
                    e7:b0:fa:c2:0e:06:4c:2b:85:85:22:4a:18:a3:22:
                    1e:9f:96:c4:7b:63:82:e8:8e:d5:bd:39:f0:31:11:
                    9c:d9:fe:52:a1:13:1a:e8:5f:a1:10:fb:b7:b2:0c:
                    3b:0a:b3:f1:da:42:bc:9b:3a:ab:97:0a:67:3a:b9:
                    79:8c:a9:2d:16:05:b6:1a:a3:8d:81:c9:25:c2:af:
                    3e:64:5f:88:26:e4:f3:64:f4:40:ea:da:f5:d2:1a:
                    9f:ef:86:4e:e3:14:d0:1c:93:06:ee:79:47:09:af:
                    ca:b4:f1:bb:e9:4a:44:31:f3:0e:02:23:91:fb:53:
                    11:f0:be:ba:bc:b3:00:d9:6b:dd:a8:f4:3a:96:b7:
                    2f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:EB:9F:A8:6E:31:2A:BA:65:DF:E6:1A:D1:9B:95:1B:BD:C4:B1:C9
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS969.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:c0:6f:3d:33:fb:f3:07:39:24:88:a9:72:9c:20:7b:cf:a1:
         da:c2:28:1c:e3:df:8c:2b:b7:b1:7f:d6:6d:30:66:6f:11:ec:
         9f:56:27:97:ad:f3:f7:c8:32:f4:26:ec:b3:50:e6:73:0e:af:
         b7:26:6c:ad:d6:dc:dd:ed:47:1e:28:4b:33:6a:54:a1:5a:17:
         ec:05:b0:25:00:45:80:d1:e6:ef:1b:e8:99:ef:7b:9d:81:28:
         f9:fd:63:85:5e:e7:01:a9:45:96:3f:ab:c5:81:64:f7:8b:38:
         36:31:35:c7:d4:2f:3b:27:07:c6:0b:1e:8d:6a:6a:69:f7:08:
         04:eb:71:28:bf:6a:9d:6e:61:fc:8c:bb:30:15:80:39:91:a5:
         d9:c1:27:3a:e5:6b:38:1b:1f:25:aa:9c:27:d1:ef:3b:fe:8d:
         b8:0e:78:04:e3:46:67:48:ab:c5:17:87:35:64:e8:72:3c:81:
         31:18:47:a3:8b:6a:83:18:1a:53:00:e7:a6:ba:b3:a4:3d:31:
         61:89:e0:1d:f7:ab:b4:20:93:e5:eb:7a:53:36:a7:76:02:c3:
         92:61:e4:3d:b1:33:a1:b2:a2:8b:d7:cd:62:75:d5:b9:cd:fb:
         1b:0b:b0:2d:c2:79:fa:a2:19:f3:82:22:cc:50:3c:1b:28:04:
         28:c7:81:48
-----BEGIN CERTIFICATE-----
MIIEmTCCA4GgAwIBAgIUR2QdV4qt4IRpJTACR4Tw/I31SIEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDExMjAyMTI1MzNaFw0yNTExMTkyMTMwMzNaMDMxMTAvBgNV
BAMTKDE0RUI5RkE4NkUzMTJBQkE2NURGRTYxQUQxOUI5NTFCQkRDNEIxQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMTDpBDvAFNCh+biHw3L6NnNEY
q8m0iKnVjStOArwdKiVSnItINsMXHmAw9+zV3Tqg9YDPMxVCi2Nek6lH+rAdTG0J
OP4GVpj1d8G0cIlGj3fhxdHMPDONYEOgvxjnPwlajRmx47/qslXq0uxYEPFAhJuY
CoTWFuew+sIOBkwrhYUiShijIh6flsR7Y4LojtW9OfAxEZzZ/lKhExroX6EQ+7ey
DDsKs/HaQrybOquXCmc6uXmMqS0WBbYao42BySXCrz5kX4gm5PNk9EDq2vXSGp/v
hk7jFNAckwbueUcJr8q08bvpSkQx8w4CI5H7UxHwvrq8swDZa92o9DqWty9DAgMB
AAGjggGjMIIBnzAdBgNVHQ4EFgQUFOufqG4xKrpl3+Ya0ZuVG73EsckwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEkGCCsGAQUFBwELBD0wOzA5BggrBgEFBQcwC4YtcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVM5Njkucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtC2swDQYJKoZI
hvcNAQELBQADggEBAGXAbz0z+/MHOSSIqXKcIHvPodrCKBzj34wrt7F/1m0wZm8R
7J9WJ5et8/fIMvQm7LNQ5nMOr7cmbK3W3N3tRx4oSzNqVKFaF+wFsCUARYDR5u8b
6Jnve52BKPn9Y4Ve5wGpRZY/q8WBZPeLODYxNcfULzsnB8YLHo1qamn3CATrcSi/
ap1uYfyMuzAVgDmRpdnBJzrlazgbHyWqnCfR7zv+jbgOeATjRmdIq8UXhzVk6HI8
gTEYR6OLaoMYGlMA56a6s6Q9MWGJ4B33q7Qgk+XrelM2p3YCw5Jh5D2xM6GyoovX
zWJ11bnN+xsLsC3CefqiGfOCIsxQPBsoBCjHgUg=
-----END CERTIFICATE-----