Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS48386.roa
File:                     AS48386.roa (raw, json)
Hash identifier:          e5bJU1eLeW8ciEO9mMpZ5QbvF5hGsxlIeJ9fSuprLdY=
Subject key identifier:   F4:FF:93:D2:77:03:25:E8:D6:71:10:6A:B8:52:52:67:06:18:59:95
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       15C11254CB15E1FCDC8D3277AE87D0C56E94ED88
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS48386.roa
Signing time:             Wed 20 Dec 2023 21:30:06 +0000
ROA not before:           Wed 20 Dec 2023 21:25:06 +0000
ROA not after:            Wed 18 Dec 2024 21:30:06 +0000
asID:                     48386
IP address blocks:        194.156.155.0/24 maxlen: 24
                          2a0d:5642:113::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:c1:12:54:cb:15:e1:fc:dc:8d:32:77:ae:87:d0:c5:6e:94:ed:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Dec 20 21:25:06 2023 GMT
            Not After : Dec 18 21:30:06 2024 GMT
        Subject: CN=F4FF93D2770325E8D671106AB852526706185995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:aa:9e:ce:51:71:a7:53:15:71:e8:3c:4b:57:
                    a6:ff:7b:72:15:07:b8:80:6e:db:b2:8f:4c:80:95:
                    5d:cf:14:1a:a8:22:51:17:3b:0c:b9:86:5f:21:f8:
                    e8:d6:0b:fc:cb:68:fb:fd:d6:55:92:30:cb:d5:c2:
                    03:36:4d:a7:85:14:e8:32:04:0b:e3:e0:51:84:9d:
                    6d:2d:af:2f:3b:f5:90:f3:b0:00:d4:e4:92:57:05:
                    d8:aa:eb:15:2a:b0:0b:44:68:70:26:ef:c9:e9:cc:
                    6c:8c:e8:c3:00:31:4f:31:b3:80:ce:d0:aa:ae:bd:
                    64:7c:2d:e8:28:b5:12:ec:27:9d:90:0d:ed:b7:e8:
                    f5:b2:a0:11:cf:77:ef:26:f1:c5:26:65:e3:48:09:
                    b0:e4:11:4c:da:a1:6b:12:7c:0c:20:d6:77:96:64:
                    8f:31:f7:b8:fb:d8:52:14:e4:43:24:27:a8:6a:96:
                    3c:14:fa:e5:8f:d7:de:0c:d6:4a:6f:8c:53:77:b9:
                    bc:3b:53:9c:b0:fb:9e:ad:f4:26:e1:80:54:10:ab:
                    89:d2:5d:da:02:2d:0a:65:b2:74:b3:2f:f7:e5:3d:
                    dd:af:50:07:62:af:91:ce:20:1c:1a:ea:15:50:1a:
                    25:dd:9b:28:d6:8c:7d:4f:87:a8:2b:50:9b:25:a3:
                    b5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:FF:93:D2:77:03:25:E8:D6:71:10:6A:B8:52:52:67:06:18:59:95
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS48386.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.155.0/24
                IPv6:
                  2a0d:5642:113::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:55:57:ca:86:31:7a:41:67:aa:8b:28:98:af:15:96:38:c2:
         11:e4:8b:ee:46:9f:a5:3a:c8:9f:b0:1e:f6:15:33:d6:dc:1d:
         25:1c:bf:ca:f6:63:3c:9d:de:54:2e:72:97:7d:73:54:70:b9:
         9a:c0:4d:ec:f5:92:92:bd:5e:2e:1a:9e:8c:e5:be:4c:0c:1f:
         34:8e:84:f1:40:3d:5b:fd:16:eb:dc:10:04:05:13:a7:51:e4:
         f0:e1:ef:5b:ef:06:7e:c2:d0:59:5d:d3:11:8f:5e:84:fa:10:
         dd:b6:21:e2:d0:59:7a:c5:34:86:ab:21:4e:01:54:86:d2:94:
         32:ba:59:fc:a3:64:63:95:b4:6b:47:cb:e6:f9:97:ff:04:37:
         d3:47:34:55:ec:0e:ab:cf:84:3a:d7:19:77:29:ca:2c:a0:cc:
         26:c1:15:2c:52:9b:7b:19:4a:02:b3:9d:c8:49:5a:50:ea:b7:
         f8:cf:38:27:58:aa:81:b9:52:81:c7:83:8e:fc:e5:39:e1:65:
         a8:cb:82:74:e7:3e:9d:9b:d4:16:11:54:a1:1b:ee:5a:c8:59:
         fb:4b:a6:c7:a8:d7:cf:8b:b4:72:fa:a4:52:58:1a:af:38:e5:
         72:ed:72:d1:60:78:f2:ab:c9:0a:3c:2b:4a:6d:6c:3e:bf:07:
         e9:77:68:83
-----BEGIN CERTIFICATE-----
MIIErDCCA5SgAwIBAgIUFcESVMsV4fzcjTJ3rofQxW6U7YgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yMzEyMjAyMTI1MDZaFw0yNDEyMTgyMTMwMDZaMDMxMTAvBgNV
BAMTKEY0RkY5M0QyNzcwMzI1RThENjcxMTA2QUI4NTI1MjY3MDYxODU5OTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJqp7OUXGnUxVx6DxLV6b/e3IV
B7iAbtuyj0yAlV3PFBqoIlEXOwy5hl8h+OjWC/zLaPv91lWSMMvVwgM2TaeFFOgy
BAvj4FGEnW0try879ZDzsADU5JJXBdiq6xUqsAtEaHAm78npzGyM6MMAMU8xs4DO
0KquvWR8LegotRLsJ52QDe236PWyoBHPd+8m8cUmZeNICbDkEUzaoWsSfAwg1neW
ZI8x97j72FIU5EMkJ6hqljwU+uWP194M1kpvjFN3ubw7U5yw+56t9CbhgFQQq4nS
XdoCLQplsnSzL/flPd2vUAdir5HOIBwa6hVQGiXdmyjWjH1Ph6grUJslo7WVAgMB
AAGjggG2MIIBsjAdBgNVHQ4EFgQU9P+T0ncDJejWcRBquFJSZwYYWZUwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEsGCCsGAQUFBwELBD8wPTA7BggrBgEFBQcwC4YvcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVM0ODM4Ni5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAMKcmzAPBAIA
AjAJAwcAKg1WQgETMA0GCSqGSIb3DQEBCwUAA4IBAQDCVVfKhjF6QWeqiyiYrxWW
OMIR5IvuRp+lOsifsB72FTPW3B0lHL/K9mM8nd5ULnKXfXNUcLmawE3s9ZKSvV4u
Gp6M5b5MDB80joTxQD1b/Rbr3BAEBROnUeTw4e9b7wZ+wtBZXdMRj16E+hDdtiHi
0Fl6xTSGqyFOAVSG0pQyuln8o2RjlbRrR8vm+Zf/BDfTRzRV7A6rz4Q61xl3Kcos
oMwmwRUsUpt7GUoCs53ISVpQ6rf4zzgnWKqBuVKBx4OO/OU54WWoy4J05z6dm9QW
EVShG+5ayFn7S6bHqNfPi7Ry+qRSWBqvOOVy7XLRYHjyq8kKPCtKbWw+vwfpd2iD
-----END CERTIFICATE-----