Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS204185.roa
File:                     AS204185.roa (raw, json)
Hash identifier:          +ueEVUAdnvQOvzyA6SmEOKKpfY7fnobYdBa/uNO+jCY=
Subject key identifier:   62:5A:52:6C:FC:FD:CF:4C:F1:29:DE:08:A0:C6:DF:E7:2E:42:50:3B
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       5CC46977B9E093743C54686C482C6E51359A0BA3
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS204185.roa
Signing time:             Wed 20 Dec 2023 21:30:08 +0000
ROA not before:           Wed 20 Dec 2023 21:25:08 +0000
ROA not after:            Wed 18 Dec 2024 21:30:08 +0000
asID:                     204185
IP address blocks:        2a0b:4340:400::/40 maxlen: 48
                          2a0d:2902:caf0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:c4:69:77:b9:e0:93:74:3c:54:68:6c:48:2c:6e:51:35:9a:0b:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Dec 20 21:25:08 2023 GMT
            Not After : Dec 18 21:30:08 2024 GMT
        Subject: CN=625A526CFCFDCF4CF129DE08A0C6DFE72E42503B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:8e:ef:c9:38:3d:53:78:75:4c:64:2e:43:9d:
                    f3:3f:15:bb:33:61:08:f3:c6:d8:a0:c2:9b:7c:e7:
                    1a:79:6d:79:fb:2c:61:79:06:5a:15:c0:af:a8:7d:
                    67:d3:92:bb:2e:f8:20:97:5f:e2:dc:4a:f4:0e:b5:
                    f9:71:23:96:1a:e6:ba:79:40:7f:a8:e2:38:a4:e7:
                    2a:b6:f9:7e:5e:d9:96:a7:6e:e1:14:a5:4f:c3:df:
                    a5:e1:41:e1:cd:f8:36:d9:0f:78:51:b9:ce:e9:85:
                    63:47:e8:52:74:2d:5a:3c:09:37:c2:f2:13:35:a6:
                    03:7d:b4:d0:36:5b:3a:1d:97:bf:7c:7c:85:05:e4:
                    50:5e:1f:b0:2a:51:bb:ad:d8:5d:c9:50:35:33:f4:
                    4d:12:79:04:30:a6:89:74:62:a7:7a:64:6b:b6:76:
                    4e:8a:7a:20:f1:6c:76:f4:32:08:2c:cf:e7:58:9d:
                    7e:94:c8:b7:2f:60:92:c9:4d:e4:c5:9b:95:e2:94:
                    ad:35:50:00:78:72:13:4a:98:22:2b:c8:d9:0e:c2:
                    3b:93:67:6a:c4:df:69:4c:95:c3:74:00:32:9c:3a:
                    e5:29:34:e3:da:d2:f8:56:ea:9f:fe:6a:5e:45:60:
                    0e:ac:c4:b0:73:c6:17:26:c7:2a:44:6d:ac:97:b8:
                    64:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:5A:52:6C:FC:FD:CF:4C:F1:29:DE:08:A0:C6:DF:E7:2E:42:50:3B
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS204185.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4340:400::/40
                  2a0d:2902:caf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0d:90:2d:4f:7e:11:b5:27:48:cd:5c:4c:56:fd:5e:97:db:66:
         72:c4:00:7e:69:20:4e:8d:cf:d4:51:91:48:e2:fd:1b:5a:37:
         d2:85:3a:c7:1a:66:c3:e3:04:df:e2:cb:b3:21:41:d7:93:28:
         71:cc:7f:f0:10:5c:a9:5d:e4:1e:fd:ab:1c:82:b7:86:a0:cc:
         21:3b:44:5b:68:60:db:b4:8c:eb:18:f4:50:ba:2b:2c:90:8e:
         12:42:f3:df:85:73:f0:95:8f:02:27:34:87:2d:b2:d1:de:5c:
         73:3f:a6:e9:22:45:f3:fe:4c:f4:34:15:25:4a:05:40:bd:63:
         dc:f0:f6:c5:35:ca:e8:cf:f2:b9:f0:e8:b2:ff:11:df:6d:be:
         0f:b8:9d:44:d4:1e:cb:aa:d4:7b:e2:fa:26:b7:8d:cd:a1:0a:
         1e:6a:08:ed:56:78:c1:49:51:6d:9b:48:bd:73:5b:eb:d0:40:
         83:28:5f:b6:82:a9:9a:24:3a:9d:44:18:1f:7e:62:f9:a3:48:
         9e:49:b3:02:33:dc:40:14:b4:49:32:21:28:de:df:0c:35:7d:
         6d:e1:78:52:3b:02:ab:ab:1e:a7:94:58:f0:61:69:8d:68:c7:
         85:21:34:16:5a:90:5d:98:0e:f2:31:9e:fe:5a:f2:66:a4:42:
         79:e7:9f:84
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIUXMRpd7ngk3Q8VGhsSCxuUTWaC6MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yMzEyMjAyMTI1MDhaFw0yNDEyMTgyMTMwMDhaMDMxMTAvBgNV
BAMTKDYyNUE1MjZDRkNGRENGNENGMTI5REUwOEEwQzZERkU3MkU0MjUwM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoju/JOD1TeHVMZC5DnfM/Fbsz
YQjzxtigwpt85xp5bXn7LGF5BloVwK+ofWfTkrsu+CCXX+LcSvQOtflxI5Ya5rp5
QH+o4jik5yq2+X5e2ZanbuEUpU/D36XhQeHN+DbZD3hRuc7phWNH6FJ0LVo8CTfC
8hM1pgN9tNA2Wzodl798fIUF5FBeH7AqUbut2F3JUDUz9E0SeQQwpol0Yqd6ZGu2
dk6KeiDxbHb0Mggsz+dYnX6UyLcvYJLJTeTFm5XilK01UAB4chNKmCIryNkOwjuT
Z2rE32lMlcN0ADKcOuUpNOPa0vhW6p/+al5FYA6sxLBzxhcmxypEbayXuGSZAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQUYlpSbPz9z0zxKd4IoMbf5y5CUDswHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMyMDQxODUucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwKgYIKwYBBQUHAQcBAf8EGzAZMBcEAgACMBEDBgAqC0NABAMH
BCoNKQLK8DANBgkqhkiG9w0BAQsFAAOCAQEADZAtT34RtSdIzVxMVv1el9tmcsQA
fmkgTo3P1FGRSOL9G1o30oU6xxpmw+ME3+LLsyFB15Moccx/8BBcqV3kHv2rHIK3
hqDMITtEW2hg27SM6xj0ULorLJCOEkLz34Vz8JWPAic0hy2y0d5ccz+m6SJF8/5M
9DQVJUoFQL1j3PD2xTXK6M/yufDosv8R322+D7idRNQey6rUe+L6JreNzaEKHmoI
7VZ4wUlRbZtIvXNb69BAgyhftoKpmiQ6nUQYH35i+aNInkmzAjPcQBS0STIhKN7f
DDV9beF4UjsCq6sep5RY8GFpjWjHhSE0FlqQXZgO8jGe/lryZqRCeeefhA==
-----END CERTIFICATE-----