Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS48386.roa
File:                     AS48386.roa (raw, json)
Hash identifier:          uOAkk9kIsezsD7tP1yDLO1zhMqxdtKH5cgy4Zn/Ik0Y=
Subject key identifier:   18:74:7F:F2:5E:3B:79:89:45:C3:CB:E9:65:14:2D:D3:C9:55:14:7F
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       56D6D3CA9978609A2F145BFBEA8D84C3F1F79D56
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS48386.roa
Signing time:             Wed 20 Nov 2024 21:30:37 +0000
ROA not before:           Wed 20 Nov 2024 21:25:37 +0000
ROA not after:            Wed 19 Nov 2025 21:30:37 +0000
asID:                     48386
IP address blocks:        194.156.155.0/24 maxlen: 24
                          2a0d:5642:113::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:d6:d3:ca:99:78:60:9a:2f:14:5b:fb:ea:8d:84:c3:f1:f7:9d:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Nov 20 21:25:37 2024 GMT
            Not After : Nov 19 21:30:37 2025 GMT
        Subject: CN=18747FF25E3B798945C3CBE965142DD3C955147F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b5:e9:cb:7b:04:03:9f:3c:1e:dd:a5:63:0a:
                    f6:6f:e5:9d:de:39:c7:af:3f:75:18:20:c2:24:e9:
                    b1:f5:f6:27:e5:46:c9:af:b3:71:32:86:59:80:6c:
                    f2:0d:5d:c7:ec:a2:40:d9:5c:8f:c9:bf:ea:cd:ef:
                    a4:b3:ef:31:cd:1b:3a:7c:80:62:49:41:82:3f:9c:
                    5f:a2:21:3b:02:50:2b:f5:90:0e:9b:01:56:f9:41:
                    6a:14:77:22:b1:5d:a2:b8:3e:b6:e9:09:25:ea:d7:
                    11:89:a6:3b:91:34:56:02:c3:17:a7:13:15:f3:b5:
                    05:72:2a:f1:d7:db:3d:b7:0f:ea:08:ec:1f:f3:02:
                    78:a4:6b:12:c0:5a:68:90:36:ad:2f:90:1a:f5:1b:
                    9e:5a:74:11:e8:0b:77:f6:21:49:f3:ca:c0:87:4e:
                    c4:91:68:7d:40:99:dc:8e:ca:3b:f0:88:cf:4a:a8:
                    48:d6:22:1b:37:ec:5d:a3:cb:92:91:68:18:75:ba:
                    fb:0e:f9:48:54:1c:17:44:e5:24:f2:6f:02:29:32:
                    d8:09:8b:4b:c5:52:4d:f3:cd:bc:47:e9:ea:a8:20:
                    b0:e6:b4:bb:52:cf:2e:da:02:f5:ca:bb:29:ac:8a:
                    6d:46:ea:2c:c9:4b:e7:8e:6e:02:69:04:02:ed:aa:
                    05:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:74:7F:F2:5E:3B:79:89:45:C3:CB:E9:65:14:2D:D3:C9:55:14:7F
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS48386.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.155.0/24
                IPv6:
                  2a0d:5642:113::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:16:d0:e7:80:75:89:c0:d8:67:0a:6f:e7:6e:06:c4:c0:ae:
         a6:f0:86:89:46:c3:85:75:5e:10:5c:c5:1b:d5:85:c6:37:cf:
         75:15:e4:af:30:c3:6e:c3:cd:fc:0c:5b:50:3e:02:2f:f0:57:
         94:46:7f:3d:a4:27:14:02:42:53:df:82:64:ca:4f:6a:e0:c2:
         de:d3:63:c9:73:50:fa:fe:44:bd:bf:f4:52:db:dd:32:21:62:
         b7:68:57:7f:05:e8:e2:1e:5f:db:67:8c:cf:81:04:b7:c5:ec:
         ee:58:bb:58:63:47:60:98:57:09:a0:4a:17:c5:16:8d:1c:5b:
         15:91:67:c2:6d:c1:9f:bb:e7:0f:cb:39:7a:17:37:a8:fe:c4:
         10:e4:2c:18:ed:a1:c2:0d:36:84:41:7c:e0:76:ed:d6:a2:02:
         8a:a7:a4:8a:4b:56:4e:48:bd:f4:d0:32:43:01:e0:c8:dd:25:
         8e:74:1a:b0:a7:aa:20:41:e8:c6:16:e1:1f:be:8d:ba:2c:7a:
         7b:55:9e:f0:28:d5:ba:dc:be:7f:72:4a:a5:a5:7e:be:08:9f:
         a5:10:ec:cb:f9:97:05:b6:1c:de:bb:e6:3c:c5:25:e4:9f:45:
         c3:94:b0:ab:f0:1c:1f:9c:4d:ba:50:1d:71:f4:cd:97:33:10:
         32:b7:61:09
-----BEGIN CERTIFICATE-----
MIIErDCCA5SgAwIBAgIUVtbTypl4YJovFFv76o2Ew/H3nVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDExMjAyMTI1MzdaFw0yNTExMTkyMTMwMzdaMDMxMTAvBgNV
BAMTKDE4NzQ3RkYyNUUzQjc5ODk0NUMzQ0JFOTY1MTQyREQzQzk1NTE0N0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwtenLewQDnzwe3aVjCvZv5Z3e
OcevP3UYIMIk6bH19iflRsmvs3EyhlmAbPINXcfsokDZXI/Jv+rN76Sz7zHNGzp8
gGJJQYI/nF+iITsCUCv1kA6bAVb5QWoUdyKxXaK4PrbpCSXq1xGJpjuRNFYCwxen
ExXztQVyKvHX2z23D+oI7B/zAnikaxLAWmiQNq0vkBr1G55adBHoC3f2IUnzysCH
TsSRaH1AmdyOyjvwiM9KqEjWIhs37F2jy5KRaBh1uvsO+UhUHBdE5STybwIpMtgJ
i0vFUk3zzbxH6eqoILDmtLtSzy7aAvXKuymsim1G6izJS+eObgJpBALtqgUdAgMB
AAGjggG2MIIBsjAdBgNVHQ4EFgQUGHR/8l47eYlFw8vpZRQt08lVFH8wHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEsGCCsGAQUFBwELBD8wPTA7BggrBgEFBQcwC4YvcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVM0ODM4Ni5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAMKcmzAPBAIA
AjAJAwcAKg1WQgETMA0GCSqGSIb3DQEBCwUAA4IBAQBNFtDngHWJwNhnCm/nbgbE
wK6m8IaJRsOFdV4QXMUb1YXGN891FeSvMMNuw838DFtQPgIv8FeURn89pCcUAkJT
34Jkyk9q4MLe02PJc1D6/kS9v/RS290yIWK3aFd/BejiHl/bZ4zPgQS3xezuWLtY
Y0dgmFcJoEoXxRaNHFsVkWfCbcGfu+cPyzl6Fzeo/sQQ5CwY7aHCDTaEQXzgdu3W
ogKKp6SKS1ZOSL300DJDAeDI3SWOdBqwp6ogQejGFuEfvo26LHp7VZ7wKNW63L5/
ckqlpX6+CJ+lEOzL+ZcFthzeu+Y8xSXkn0XDlLCr8BwfnE26UB1x9M2XMxAyt2EJ
-----END CERTIFICATE-----