Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS204185.roa
File:                     AS204185.roa (raw, json)
Hash identifier:          +A5IX7EacBF/3agECHhyC9QB0zqPDxiUGMR5gTLu27U=
Subject key identifier:   F3:F4:CD:E5:AB:98:2C:42:F5:09:19:E8:25:6F:B9:00:61:6F:E4:91
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       46CA1BFAD276497351D5F60BC297FF5D5494384E
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS204185.roa
Signing time:             Wed 20 Nov 2024 21:30:32 +0000
ROA not before:           Wed 20 Nov 2024 21:25:32 +0000
ROA not after:            Wed 19 Nov 2025 21:30:32 +0000
asID:                     204185
IP address blocks:        2a0b:4340:400::/40 maxlen: 48
                          2a0d:2902:caf0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:ca:1b:fa:d2:76:49:73:51:d5:f6:0b:c2:97:ff:5d:54:94:38:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Nov 20 21:25:32 2024 GMT
            Not After : Nov 19 21:30:32 2025 GMT
        Subject: CN=F3F4CDE5AB982C42F50919E8256FB900616FE491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2c:e8:81:35:b5:78:f6:4b:37:4a:8d:0d:d9:
                    f2:75:14:36:f9:6c:10:1b:30:d3:b4:f9:31:65:7f:
                    8b:70:53:97:0c:66:e5:77:84:07:79:50:db:39:91:
                    34:0d:39:d2:6a:bc:94:d6:1f:79:33:67:21:81:38:
                    02:31:ba:22:dd:3e:1b:36:9e:95:c5:45:4a:3f:40:
                    b7:02:0e:0d:4d:28:19:cb:69:88:a2:b3:5b:60:9d:
                    6b:1d:b7:75:ba:ea:0d:b0:98:5d:8e:bb:45:41:00:
                    dd:84:be:d0:76:b0:68:28:22:78:97:4f:46:94:80:
                    31:12:75:5f:bd:7e:72:df:98:15:4d:74:ba:51:6d:
                    18:fa:61:a0:a4:11:1c:82:cb:bd:ff:9a:a2:00:53:
                    76:0d:18:25:1e:b4:b3:1e:fb:42:46:14:3f:7c:35:
                    c4:27:3a:83:f8:a3:c9:61:10:04:85:a8:42:1c:13:
                    42:90:d5:f4:8a:c6:b8:8f:42:61:41:e7:68:46:52:
                    d9:20:65:b0:ee:3c:1e:9b:d0:83:c4:0c:6c:7d:51:
                    6a:e9:10:7e:a6:d0:f6:03:56:33:53:34:ee:ce:c9:
                    b2:b7:b6:f5:6c:41:98:91:b7:9b:71:0c:bb:a6:69:
                    c7:bb:e1:1e:99:5c:32:d0:3e:d0:15:15:d1:ae:f6:
                    4b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:F4:CD:E5:AB:98:2C:42:F5:09:19:E8:25:6F:B9:00:61:6F:E4:91
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS204185.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4340:400::/40
                  2a0d:2902:caf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a2:04:c7:1f:25:59:d4:ab:cb:cb:b4:9c:1e:99:ff:42:25:19:
         25:e2:a3:d7:e5:11:fe:ff:10:38:1e:f5:8b:e4:1b:7a:b4:8a:
         15:49:e9:5c:42:ae:1b:c5:dc:3d:3e:f0:3e:b6:9f:14:aa:88:
         5a:75:e9:67:d5:ab:ae:2f:48:3f:0a:e8:6c:df:d3:5e:04:38:
         dc:86:ef:2a:cf:e3:b6:c9:f5:1e:f6:26:31:e1:88:9e:c4:85:
         54:cc:93:c3:d5:91:ff:95:4c:09:50:01:02:bb:4e:56:86:89:
         10:5f:94:6a:2d:ee:2c:56:2d:76:f2:ea:b0:1a:e0:97:76:73:
         d1:9f:9a:06:e4:00:85:2a:07:ee:3f:5c:02:6d:fb:84:5c:97:
         0f:85:bf:25:b9:2e:f6:3c:01:48:fe:08:6c:47:04:3e:bb:9f:
         a3:02:89:80:90:9d:3d:43:25:ba:18:29:0f:de:88:61:3b:9f:
         cc:f9:2d:61:be:13:f3:ef:41:ce:c8:94:c9:ef:d4:30:db:46:
         49:6f:98:74:4f:ff:13:16:37:f0:8f:1f:db:bf:55:65:84:ef:
         e3:ab:a7:bb:3d:11:3e:e9:3d:4b:1a:41:44:5b:ec:0f:b7:25:
         ee:6d:1e:b8:95:e4:2a:65:80:0f:55:ec:ce:89:1a:cd:08:ba:
         67:dd:3b:31
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIURsob+tJ2SXNR1fYLwpf/XVSUOE4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDExMjAyMTI1MzJaFw0yNTExMTkyMTMwMzJaMDMxMTAvBgNV
BAMTKEYzRjRDREU1QUI5ODJDNDJGNTA5MTlFODI1NkZCOTAwNjE2RkU0OTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWLOiBNbV49ks3So0N2fJ1FDb5
bBAbMNO0+TFlf4twU5cMZuV3hAd5UNs5kTQNOdJqvJTWH3kzZyGBOAIxuiLdPhs2
npXFRUo/QLcCDg1NKBnLaYiis1tgnWsdt3W66g2wmF2Ou0VBAN2EvtB2sGgoIniX
T0aUgDESdV+9fnLfmBVNdLpRbRj6YaCkERyCy73/mqIAU3YNGCUetLMe+0JGFD98
NcQnOoP4o8lhEASFqEIcE0KQ1fSKxriPQmFB52hGUtkgZbDuPB6b0IPEDGx9UWrp
EH6m0PYDVjNTNO7OybK3tvVsQZiRt5txDLumace74R6ZXDLQPtAVFdGu9kstAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQU8/TN5auYLEL1CRnoJW+5AGFv5JEwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMyMDQxODUucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwKgYIKwYBBQUHAQcBAf8EGzAZMBcEAgACMBEDBgAqC0NABAMH
BCoNKQLK8DANBgkqhkiG9w0BAQsFAAOCAQEAogTHHyVZ1KvLy7ScHpn/QiUZJeKj
1+UR/v8QOB71i+QberSKFUnpXEKuG8XcPT7wPrafFKqIWnXpZ9Wrri9IPwrobN/T
XgQ43IbvKs/jtsn1HvYmMeGInsSFVMyTw9WR/5VMCVABArtOVoaJEF+Uai3uLFYt
dvLqsBrgl3Zz0Z+aBuQAhSoH7j9cAm37hFyXD4W/Jbku9jwBSP4IbEcEPrufowKJ
gJCdPUMluhgpD96IYTufzPktYb4T8+9BzsiUye/UMNtGSW+YdE//ExY38I8f279V
ZYTv46unuz0RPuk9SxpBRFvsD7cl7m0euJXkKmWAD1XszokazQi6Z907MQ==
-----END CERTIFICATE-----