Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS44421.roa
File:                     AS44421.roa (raw, json)
Hash identifier:          mKk5Liga5tzKBtvpTMcIGWVpSfZGx7NR524eFTu7oB8=
Subject key identifier:   43:CE:7C:F3:BC:2C:68:26:EA:70:DC:7A:B9:7F:68:02:14:F6:F8:FC
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       37C9F8D0155ECE02D7EAB22B0818588C94C64252
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS44421.roa
Signing time:             Sun 25 May 2025 16:30:56 +0000
ROA not before:           Sun 25 May 2025 16:25:56 +0000
ROA not after:            Sun 24 May 2026 16:30:56 +0000
asID:                     44421
IP address blocks:        185.234.214.0/24 maxlen: 24
                          2a0b:4340:c0::/44 maxlen: 48
                          2a0d:2906::/31 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 18:20:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:c9:f8:d0:15:5e:ce:02:d7:ea:b2:2b:08:18:58:8c:94:c6:42:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: May 25 16:25:56 2025 GMT
            Not After : May 24 16:30:56 2026 GMT
        Subject: CN=43CE7CF3BC2C6826EA70DC7AB97F680214F6F8FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:53:d6:af:8e:fe:d3:9a:ce:4f:fd:07:c7:02:
                    a6:c1:f1:aa:d9:a1:aa:3d:85:3f:cb:dc:77:c2:08:
                    8a:36:7c:de:c1:3b:1f:b2:1e:fd:a3:be:72:6b:08:
                    79:5f:13:e4:20:a4:33:78:7a:20:9a:f9:b4:c3:a2:
                    04:a2:3c:04:fb:7f:86:de:02:e3:be:52:d7:b3:02:
                    31:83:42:f6:0b:00:ee:7e:47:66:e7:6e:aa:7d:60:
                    1e:ac:0c:f8:e7:c2:c0:56:4e:b8:98:8e:4a:58:f0:
                    4c:08:49:93:2e:6e:36:81:87:bf:3c:48:a1:4c:9f:
                    3f:4e:15:c9:89:b9:26:00:80:69:65:5d:1b:dc:8e:
                    e4:15:b1:e4:a9:ea:49:3b:26:5f:80:27:07:4b:87:
                    6d:5d:0f:7c:1c:b3:36:dd:90:da:08:04:65:8a:39:
                    5e:31:10:e9:61:a9:87:68:d4:ac:a5:1b:ab:72:ab:
                    f6:c2:6a:03:9f:8c:0d:cd:1e:30:29:20:84:14:39:
                    f5:9b:35:1e:0b:12:32:b9:63:94:39:cc:81:07:c8:
                    6d:a4:78:bc:36:e0:f6:1e:81:2b:cd:bb:ce:46:7b:
                    22:09:b5:dc:f5:25:a1:03:da:bc:c7:96:73:02:b3:
                    35:6f:39:93:e4:3d:c5:37:b4:9e:05:a1:41:b2:8a:
                    c9:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:CE:7C:F3:BC:2C:68:26:EA:70:DC:7A:B9:7F:68:02:14:F6:F8:FC
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS44421.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.214.0/24
                IPv6:
                  2a0b:4340:c0::/44
                  2a0d:2906::/31

    Signature Algorithm: sha256WithRSAEncryption
         4b:9a:5c:55:82:c4:61:7b:93:6f:d3:37:ce:99:cc:d6:38:95:
         c8:54:a3:4d:10:9b:29:77:c4:0d:e6:dc:21:0f:d5:b7:5d:28:
         b9:bf:03:ab:09:23:8c:c3:17:67:27:6c:62:41:53:50:40:9b:
         6d:2f:d0:64:f7:eb:11:ea:32:8a:95:c3:f6:74:53:8b:79:f4:
         3a:93:48:8d:ba:53:3a:9d:e4:04:e0:3c:fc:1f:fe:d1:80:64:
         7a:d7:0b:a0:80:81:16:85:a4:89:0d:d5:7a:aa:35:3a:0f:7b:
         93:01:6c:05:74:97:7d:13:04:44:2b:43:ac:2c:30:47:1a:03:
         fd:1d:e6:c8:b1:8b:8e:2e:32:4f:9a:b4:6e:58:2d:59:79:93:
         fa:03:21:46:60:50:90:3b:9b:bf:fc:fc:e0:df:98:67:29:23:
         a7:1e:57:40:7b:4b:fa:2d:0d:a8:46:fd:1a:92:7f:2f:e0:a6:
         00:51:b7:f4:1f:70:21:2c:38:94:78:ef:d6:6b:ec:72:1d:d1:
         d2:31:cb:fe:ac:b7:e1:ed:1c:87:ec:73:2e:a5:11:e4:8f:2c:
         fe:e8:9d:74:f9:49:f9:96:ff:bb:e5:58:9e:2f:d0:7a:62:3d:
         88:24:3d:a4:c4:46:f0:0a:fd:e1:08:0d:a8:03:fe:ed:6a:0c:
         e5:77:f2:74
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIUN8n40BVezgLX6rIrCBhYjJTGQlIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNTA1MjUxNjI1NTZaFw0yNjA1MjQxNjMwNTZaMDMxMTAvBgNV
BAMTKDQzQ0U3Q0YzQkMyQzY4MjZFQTcwREM3QUI5N0Y2ODAyMTRGNkY4RkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5U9avjv7Tms5P/QfHAqbB8arZ
oao9hT/L3HfCCIo2fN7BOx+yHv2jvnJrCHlfE+QgpDN4eiCa+bTDogSiPAT7f4be
AuO+UtezAjGDQvYLAO5+R2bnbqp9YB6sDPjnwsBWTriYjkpY8EwISZMubjaBh788
SKFMnz9OFcmJuSYAgGllXRvcjuQVseSp6kk7Jl+AJwdLh21dD3wcszbdkNoIBGWK
OV4xEOlhqYdo1KylG6tyq/bCagOfjA3NHjApIIQUOfWbNR4LEjK5Y5Q5zIEHyG2k
eLw24PYegSvNu85GeyIJtdz1JaED2rzHlnMCszVvOZPkPcU3tJ4FoUGyisnxAgMB
AAGjggG9MIIBuTAdBgNVHQ4EFgQUQ85887wsaCbqcNx6uX9oAhT2+PwwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEsGCCsGAQUFBwELBD8wPTA7BggrBgEFBQcwC4YvcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVM0NDQyMS5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjA3BggrBgEFBQcBBwEB/wQoMCYwDAQCAAEwBgMEALnq1jAWBAIA
AjAQAwcEKgtDQADAAwUBKg0pBjANBgkqhkiG9w0BAQsFAAOCAQEAS5pcVYLEYXuT
b9M3zpnM1jiVyFSjTRCbKXfEDebcIQ/Vt10oub8DqwkjjMMXZydsYkFTUECbbS/Q
ZPfrEeoyipXD9nRTi3n0OpNIjbpTOp3kBOA8/B/+0YBketcLoICBFoWkiQ3Veqo1
Og97kwFsBXSXfRMERCtDrCwwRxoD/R3myLGLji4yT5q0blgtWXmT+gMhRmBQkDub
v/z84N+YZykjpx5XQHtL+i0NqEb9GpJ/L+CmAFG39B9wISw4lHjv1mvsch3R0jHL
/qy34e0ch+xzLqUR5I8s/uiddPlJ+Zb/u+VYni/QemI9iCQ9pMRG8Ar94QgNqAP+
7WoM5XfydA==
-----END CERTIFICATE-----