Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS204185.roa
File:                     AS204185.roa (raw, json)
Hash identifier:          Z+jdkqmCUcKIj3YAHrxNCxuBTpT2Pdku6gGk+XiuEQo=
Subject key identifier:   BF:47:6D:20:CD:52:51:BD:86:6C:34:D2:A0:F6:A9:78:17:54:F7:6A
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       25B1F9E5AC65211B8E62411FA9381081CF6883A0
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS204185.roa
Signing time:             Wed 22 Oct 2025 21:31:24 +0000
ROA not before:           Wed 22 Oct 2025 21:26:24 +0000
ROA not after:            Wed 21 Oct 2026 21:31:24 +0000
asID:                     204185
IP address blocks:        2a0b:4340:400::/40 maxlen: 48
                          2a0d:2902:caf0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 08:25:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:b1:f9:e5:ac:65:21:1b:8e:62:41:1f:a9:38:10:81:cf:68:83:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Oct 22 21:26:24 2025 GMT
            Not After : Oct 21 21:31:24 2026 GMT
        Subject: CN=BF476D20CD5251BD866C34D2A0F6A9781754F76A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:05:01:47:81:db:43:b8:5d:bc:fe:fc:a8:f7:
                    c7:47:84:f2:07:6b:b1:c1:03:af:d1:5b:24:2e:de:
                    73:4e:ad:b4:32:79:06:99:51:02:a2:c1:8b:1b:6c:
                    63:d9:e9:12:2f:04:74:f3:ef:86:b1:db:02:4d:94:
                    5a:75:b9:8c:bc:f0:cc:7a:2c:5d:8c:c5:e5:17:c9:
                    8c:ac:96:7e:75:a7:80:21:b8:6e:ba:aa:68:36:9c:
                    cc:24:5a:a9:06:9f:ab:ad:38:99:72:2c:48:23:1f:
                    9d:12:5b:1c:77:82:ee:29:9a:f5:68:59:8c:0a:60:
                    84:47:0d:08:6a:d9:69:fb:b6:c4:3e:7e:9c:72:58:
                    dc:e8:0a:2f:27:63:13:c2:13:7d:64:b0:0b:b6:da:
                    7c:f0:65:8b:1b:65:33:c9:92:70:4f:5d:40:de:15:
                    c9:57:ae:e8:d8:68:be:d5:2f:d8:3c:46:2f:ab:15:
                    d0:aa:a2:d1:aa:b1:a3:80:61:67:f7:10:89:03:73:
                    ea:59:93:ba:e2:36:46:33:55:7c:58:8e:bb:db:2a:
                    24:a7:8f:1b:88:ee:a8:5b:46:34:31:f1:d5:8b:6b:
                    a7:db:83:2d:8e:18:8e:19:1e:29:ec:6a:df:7f:ec:
                    8a:46:c9:76:ef:20:ae:ed:37:42:15:11:13:0c:2b:
                    99:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:47:6D:20:CD:52:51:BD:86:6C:34:D2:A0:F6:A9:78:17:54:F7:6A
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS204185.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4340:400::/40
                  2a0d:2902:caf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5f:c1:0d:3d:fc:67:0d:3f:cb:14:a3:3f:89:ce:dd:e1:e8:82:
         20:60:49:b7:6c:10:5d:b8:fb:53:a8:e0:1c:5c:65:ef:42:23:
         0a:db:cd:ea:95:74:39:60:dc:b9:86:53:94:c5:1d:fb:f5:cb:
         da:5e:2a:f1:e9:55:e1:2f:be:1d:53:e8:7d:de:02:bb:5b:10:
         69:0a:4a:92:13:8d:81:84:c8:b1:f8:01:92:b2:62:6f:95:50:
         e2:c6:3d:51:2f:a6:6d:3c:29:df:cf:c5:3e:66:89:36:19:93:
         27:cb:88:47:22:11:39:e7:2e:ce:c6:fc:75:b2:da:05:72:72:
         56:bc:66:d4:cc:2f:e2:73:3c:9d:91:da:84:4f:97:c3:9f:24:
         df:6f:52:50:d1:6c:c8:81:90:9e:8e:fe:9f:e5:f1:3b:66:ff:
         d5:c8:18:10:dd:ef:ea:62:89:1c:38:0c:f8:e5:fe:65:94:a7:
         bc:06:e7:e1:38:0e:4d:35:a3:ce:da:1c:9b:fa:7a:6c:47:50:
         d9:1d:c0:26:75:ff:01:cd:ef:55:58:34:58:e6:66:da:66:bb:
         71:23:16:5f:d4:63:d9:d9:66:da:bc:3d:68:d8:9f:63:6e:94:
         7f:a5:a4:16:de:70:9a:31:e4:77:32:f6:b7:01:03:0b:38:9e:
         9a:99:0d:a7
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIUJbH55axlIRuOYkEfqTgQgc9og6AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNTEwMjIyMTI2MjRaFw0yNjEwMjEyMTMxMjRaMDMxMTAvBgNV
BAMTKEJGNDc2RDIwQ0Q1MjUxQkQ4NjZDMzREMkEwRjZBOTc4MTc1NEY3NkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZBQFHgdtDuF28/vyo98dHhPIH
a7HBA6/RWyQu3nNOrbQyeQaZUQKiwYsbbGPZ6RIvBHTz74ax2wJNlFp1uYy88Mx6
LF2MxeUXyYysln51p4AhuG66qmg2nMwkWqkGn6utOJlyLEgjH50SWxx3gu4pmvVo
WYwKYIRHDQhq2Wn7tsQ+fpxyWNzoCi8nYxPCE31ksAu22nzwZYsbZTPJknBPXUDe
FclXrujYaL7VL9g8Ri+rFdCqotGqsaOAYWf3EIkDc+pZk7riNkYzVXxYjrvbKiSn
jxuI7qhbRjQx8dWLa6fbgy2OGI4ZHinsat9/7IpGyXbvIK7tN0IVERMMK5mlAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQUv0dtIM1SUb2GbDTSoPapeBdU92owHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMyMDQxODUucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwKgYIKwYBBQUHAQcBAf8EGzAZMBcEAgACMBEDBgAqC0NABAMH
BCoNKQLK8DANBgkqhkiG9w0BAQsFAAOCAQEAX8ENPfxnDT/LFKM/ic7d4eiCIGBJ
t2wQXbj7U6jgHFxl70IjCtvN6pV0OWDcuYZTlMUd+/XL2l4q8elV4S++HVPofd4C
u1sQaQpKkhONgYTIsfgBkrJib5VQ4sY9US+mbTwp38/FPmaJNhmTJ8uIRyIROecu
zsb8dbLaBXJyVrxm1Mwv4nM8nZHahE+Xw58k329SUNFsyIGQno7+n+XxO2b/1cgY
EN3v6mKJHDgM+OX+ZZSnvAbn4TgOTTWjztocm/p6bEdQ2R3AJnX/Ac3vVVg0WOZm
2ma7cSMWX9Rj2dlm2rw9aNifY26Uf6WkFt5wmjHkdzL2twEDCziempkNpw==
-----END CERTIFICATE-----