Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS205651.roa
File:                     AS205651.roa (raw, json)
Hash identifier:          hgixIfhHL1OGvw32pACBpkMJO74I679eItbnP5Ts/qM=
Subject key identifier:   AE:16:00:75:40:71:8A:00:16:2C:C5:D7:AA:99:18:AB:27:69:6D:D0
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       13E1CF21666255886970A0CC8833CA130BBB3D6F
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS205651.roa
Signing time:             Wed 20 Dec 2023 21:30:08 +0000
ROA not before:           Wed 20 Dec 2023 21:25:08 +0000
ROA not after:            Wed 18 Dec 2024 21:30:08 +0000
asID:                     205651
IP address blocks:        185.234.215.0/24 maxlen: 24
                          2a0b:4340:20::/44 maxlen: 48
                          2a0d:2904::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:e1:cf:21:66:62:55:88:69:70:a0:cc:88:33:ca:13:0b:bb:3d:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Dec 20 21:25:08 2023 GMT
            Not After : Dec 18 21:30:08 2024 GMT
        Subject: CN=AE16007540718A00162CC5D7AA9918AB27696DD0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:29:83:d8:07:ab:bc:6f:81:c0:be:ec:b3:1e:
                    6e:1a:c0:6e:24:f7:3c:b2:d1:2d:ae:06:83:44:5c:
                    b4:89:7b:87:0e:ad:70:30:51:1e:3d:ba:81:95:a2:
                    57:69:d8:5a:82:26:3e:33:76:0e:b5:ac:5f:08:ac:
                    eb:4d:d8:50:80:78:91:1c:ed:fd:12:87:56:25:93:
                    dd:a0:2c:a8:75:b2:e8:1c:c9:60:e6:76:b0:46:ce:
                    ac:27:6c:4e:28:50:fe:6e:56:f6:ec:50:82:4f:51:
                    b9:4f:0b:1a:2d:27:07:30:09:65:a8:5a:6d:21:98:
                    88:9d:52:b2:0d:12:0f:ed:36:73:ee:5e:03:44:96:
                    07:e7:67:b3:5a:be:d6:5e:e4:a7:07:a1:80:9a:52:
                    79:5e:0b:09:17:e8:d0:f6:6f:df:02:2f:aa:8c:74:
                    95:10:0e:ef:64:16:d8:c2:d7:52:67:c7:cf:07:73:
                    d7:3d:69:76:42:a1:83:27:ff:58:e2:15:32:08:1b:
                    4f:9d:61:1a:0a:e3:59:73:b4:69:5e:02:37:80:c8:
                    60:d7:37:89:f9:18:ef:fb:91:ba:f6:83:1b:02:4d:
                    d6:f1:a4:c1:ae:3d:74:ae:21:e2:f1:c4:a6:05:ca:
                    60:d8:74:b9:e9:c9:2a:57:4a:7f:ba:14:03:6d:b7:
                    1f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:16:00:75:40:71:8A:00:16:2C:C5:D7:AA:99:18:AB:27:69:6D:D0
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS205651.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.215.0/24
                IPv6:
                  2a0b:4340:20::/44
                  2a0d:2904::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:56:90:0f:e8:0b:76:82:8a:bc:32:84:99:69:19:e2:ad:65:
         60:b3:2a:a3:6c:fb:7a:c6:63:38:48:23:af:02:d8:9d:24:a6:
         9f:6b:e6:e4:e2:2d:28:2a:71:5f:0b:68:70:d1:7e:03:de:c4:
         96:02:d5:34:a9:38:a6:b2:42:b6:54:dc:e7:06:d2:b8:84:2c:
         06:ce:74:95:32:a1:9a:e1:ea:c4:69:fb:a8:5b:d0:d6:df:95:
         77:7b:de:98:c7:8f:16:dc:40:ff:f1:65:90:69:77:f7:89:d9:
         a1:53:7e:3f:18:3f:0d:c1:10:dc:97:0c:94:b6:af:20:2d:22:
         43:fe:cc:ac:ca:06:18:86:bc:ba:4b:2a:e8:11:07:d5:44:63:
         81:e6:26:d0:37:1c:5a:54:61:23:8b:b3:e2:2c:74:9c:24:98:
         70:bf:29:ab:fb:11:05:2f:5a:ad:db:f4:88:86:e3:74:96:e2:
         dd:a6:54:62:c9:6e:c2:a1:fd:8c:97:a7:97:de:b9:ca:94:2c:
         9f:fd:6a:3c:ff:42:0c:34:88:84:82:85:81:2e:62:fe:7a:82:
         19:71:04:02:83:3b:7e:1f:04:38:35:15:71:ad:38:af:e0:d7:
         6d:30:6b:be:ac:0c:98:6b:9d:c4:fb:82:77:e5:3e:b6:1f:d9:
         b2:3c:00:56
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIUE+HPIWZiVYhpcKDMiDPKEwu7PW8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yMzEyMjAyMTI1MDhaFw0yNDEyMTgyMTMwMDhaMDMxMTAvBgNV
BAMTKEFFMTYwMDc1NDA3MThBMDAxNjJDQzVEN0FBOTkxOEFCMjc2OTZERDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZKYPYB6u8b4HAvuyzHm4awG4k
9zyy0S2uBoNEXLSJe4cOrXAwUR49uoGVoldp2FqCJj4zdg61rF8IrOtN2FCAeJEc
7f0Sh1Ylk92gLKh1sugcyWDmdrBGzqwnbE4oUP5uVvbsUIJPUblPCxotJwcwCWWo
Wm0hmIidUrINEg/tNnPuXgNElgfnZ7NavtZe5KcHoYCaUnleCwkX6ND2b98CL6qM
dJUQDu9kFtjC11Jnx88Hc9c9aXZCoYMn/1jiFTIIG0+dYRoK41lztGleAjeAyGDX
N4n5GO/7kbr2gxsCTdbxpMGuPXSuIeLxxKYFymDYdLnpySpXSn+6FANttx8jAgMB
AAGjggG+MIIBujAdBgNVHQ4EFgQUrhYAdUBxigAWLMXXqpkYqydpbdAwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwC4YwcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMyMDU2NTEucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMAwEAgABMAYDBAC56tcwFgQC
AAIwEAMHBCoLQ0AAIAMFACoNKQQwDQYJKoZIhvcNAQELBQADggEBAJNWkA/oC3aC
irwyhJlpGeKtZWCzKqNs+3rGYzhII68C2J0kpp9r5uTiLSgqcV8LaHDRfgPexJYC
1TSpOKayQrZU3OcG0riELAbOdJUyoZrh6sRp+6hb0NbflXd73pjHjxbcQP/xZZBp
d/eJ2aFTfj8YPw3BENyXDJS2ryAtIkP+zKzKBhiGvLpLKugRB9VEY4HmJtA3HFpU
YSOLs+IsdJwkmHC/Kav7EQUvWq3b9IiG43SW4t2mVGLJbsKh/YyXp5feucqULJ/9
ajz/Qgw0iISChYEuYv56ghlxBAKDO34fBDg1FXGtOK/g120wa76sDJhrncT7gnfl
PrYf2bI8AFY=
-----END CERTIFICATE-----