Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS997.roa
File:                     AS997.roa (raw, json)
Hash identifier:          PYhI/C7A5eFHMu2NR3iIjpn3v0yp1Ra017xB+/P3i1E=
Subject key identifier:   DD:27:19:05:C7:6C:65:7D:2C:9B:CA:3A:E2:16:CC:C9:E7:E0:F9:53
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       25D0D5C5C2E15D302F760DB796E110C8048C5315
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS997.roa
Signing time:             Fri 08 Mar 2024 08:15:07 +0000
ROA not before:           Fri 08 Mar 2024 08:10:07 +0000
ROA not after:            Fri 07 Mar 2025 08:15:07 +0000
asID:                     997
IP address blocks:        93.93.244.0/22 maxlen: 24
                          93.93.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:d0:d5:c5:c2:e1:5d:30:2f:76:0d:b7:96:e1:10:c8:04:8c:53:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Mar  8 08:10:07 2024 GMT
            Not After : Mar  7 08:15:07 2025 GMT
        Subject: CN=DD271905C76C657D2C9BCA3AE216CCC9E7E0F953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:73:4b:fb:d6:05:d8:45:27:04:5f:15:b0:09:
                    59:b8:c2:a8:6f:a4:01:58:e4:f1:1f:84:f0:ab:a6:
                    98:0a:d9:14:86:c1:5f:00:38:b1:5d:f5:aa:ce:e7:
                    e2:1c:ee:f2:eb:bc:b4:ee:85:c0:99:59:0c:0f:90:
                    41:48:2d:0f:b1:27:03:7d:9a:a6:ae:78:8e:e1:ae:
                    c4:6c:23:7b:bf:a5:92:0b:8e:96:75:02:ca:97:7c:
                    a1:13:ef:8d:42:c2:f3:f0:4b:e3:83:a1:78:1e:e4:
                    0a:17:51:6a:55:0a:80:52:76:55:03:d3:7f:e6:6d:
                    41:a9:68:bf:47:f5:e3:3b:f7:8d:9e:04:bf:a5:61:
                    a9:ac:74:1f:b8:6b:50:c7:48:88:8e:ad:e3:f7:7b:
                    f8:d4:76:d2:ce:1b:1c:49:a2:73:18:d4:10:70:2f:
                    a1:32:69:56:ed:b2:8f:b8:c7:21:76:b6:c9:b3:be:
                    f6:07:e8:23:c0:9e:db:27:8e:44:0d:5d:2c:2d:12:
                    2b:6c:93:77:96:38:66:93:6d:9e:40:28:41:ac:77:
                    64:5b:32:b2:c0:4f:45:1d:6d:66:ae:63:d3:a2:75:
                    d2:cb:0a:bb:27:9a:8b:65:e7:89:ed:d9:98:7a:22:
                    44:50:d8:26:a4:f7:8c:47:49:23:03:ff:22:83:84:
                    46:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:27:19:05:C7:6C:65:7D:2C:9B:CA:3A:E2:16:CC:C9:E7:E0:F9:53
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS997.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.93.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:92:b4:ee:e6:f5:3e:21:bf:eb:be:80:14:1d:74:3e:41:1c:
         2f:38:bd:f6:f8:db:da:55:75:ee:f6:02:6c:d5:8e:4f:d1:3a:
         41:56:9a:86:81:f1:f0:40:d8:1e:5e:fc:6e:1c:2c:fb:82:be:
         bc:e9:14:65:e1:7a:f0:35:1e:bb:12:c2:6d:57:1f:bd:6b:f7:
         da:ab:c5:df:50:a7:89:db:e6:e6:f1:24:48:c6:ca:a4:e1:50:
         fa:1c:38:fa:52:cf:95:69:89:d5:33:8d:e7:ee:06:93:d5:ed:
         ce:c2:07:9c:b3:1b:8e:5c:08:e1:8c:93:5d:41:07:89:41:ad:
         b4:e3:64:ab:33:6d:a3:fd:fc:44:f9:86:82:f8:64:a7:7e:b9:
         1c:57:b5:b1:70:2d:64:a1:67:1e:1f:8a:56:55:f0:8b:09:0f:
         64:12:da:0e:07:8e:22:0a:4e:ac:62:4a:93:e0:6f:f3:cb:ae:
         dd:8f:07:33:20:41:f3:fe:37:0d:47:00:29:99:38:e6:44:c8:
         c4:ff:14:f4:86:6c:36:ab:fd:0a:8a:77:5a:27:7a:84:99:d4:
         54:bc:f7:22:15:c8:69:98:12:2e:e7:9e:e5:74:74:e7:0f:c9:
         7f:e7:4b:7f:a0:32:f4:dc:29:ea:f4:be:65:2d:52:0a:26:9e:
         93:0c:f4:77
-----BEGIN CERTIFICATE-----
MIIEmTCCA4GgAwIBAgIUJdDVxcLhXTAvdg23luEQyASMUxUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDAzMDgwODEwMDdaFw0yNTAzMDcwODE1MDdaMDMxMTAvBgNV
BAMTKEREMjcxOTA1Qzc2QzY1N0QyQzlCQ0EzQUUyMTZDQ0M5RTdFMEY5NTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/c0v71gXYRScEXxWwCVm4wqhv
pAFY5PEfhPCrppgK2RSGwV8AOLFd9arO5+Ic7vLrvLTuhcCZWQwPkEFILQ+xJwN9
mqaueI7hrsRsI3u/pZILjpZ1AsqXfKET741CwvPwS+ODoXge5AoXUWpVCoBSdlUD
03/mbUGpaL9H9eM7942eBL+lYamsdB+4a1DHSIiOreP3e/jUdtLOGxxJonMY1BBw
L6EyaVbtso+4xyF2tsmzvvYH6CPAntsnjkQNXSwtEitsk3eWOGaTbZ5AKEGsd2Rb
MrLAT0UdbWauY9OiddLLCrsnmotl54nt2Zh6IkRQ2Cak94xHSSMD/yKDhEbrAgMB
AAGjggGjMIIBnzAdBgNVHQ4EFgQU3ScZBcdsZX0sm8o64hbMyefg+VMwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEkGCCsGAQUFBwELBD0wOzA5BggrBgEFBQcwC4YtcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVM5OTcucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJdXfQwDQYJKoZI
hvcNAQELBQADggEBAAeStO7m9T4hv+u+gBQddD5BHC84vfb429pVde72AmzVjk/R
OkFWmoaB8fBA2B5e/G4cLPuCvrzpFGXhevA1HrsSwm1XH71r99qrxd9Qp4nb5ubx
JEjGyqThUPocOPpSz5VpidUzjefuBpPV7c7CB5yzG45cCOGMk11BB4lBrbTjZKsz
baP9/ET5hoL4ZKd+uRxXtbFwLWShZx4filZV8IsJD2QS2g4HjiIKTqxiSpPgb/PL
rt2PBzMgQfP+Nw1HACmZOOZEyMT/FPSGbDar/QqKd1oneoSZ1FS89yIVyGmYEi7n
nuV0dOcPyX/nS3+gMvTcKer0vmUtUgomnpMM9Hc=