Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS48386.roa
File:                     AS48386.roa (raw, json)
Hash identifier:          R31+pks3QJ7UxQLsAG32/aWE4+URK3BuNRhRmqowB88=
Subject key identifier:   99:91:0A:97:82:60:7D:0A:CC:CF:B9:F2:78:5D:3E:45:82:DB:C8:22
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       56D27897285A6FE88A981D8D79BDE952A9557DC4
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS48386.roa
Signing time:             Wed 22 Oct 2025 21:31:23 +0000
ROA not before:           Wed 22 Oct 2025 21:26:23 +0000
ROA not after:            Wed 21 Oct 2026 21:31:23 +0000
asID:                     48386
IP address blocks:        194.156.155.0/24 maxlen: 24
                          2a0d:5642:113::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Oct 2025 02:07:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:d2:78:97:28:5a:6f:e8:8a:98:1d:8d:79:bd:e9:52:a9:55:7d:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Oct 22 21:26:23 2025 GMT
            Not After : Oct 21 21:31:23 2026 GMT
        Subject: CN=99910A9782607D0ACCCFB9F2785D3E4582DBC822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:1d:cc:3d:7e:6e:53:d2:6a:90:22:e8:f4:65:
                    51:d7:ed:0a:46:4d:dd:40:f1:c8:08:3e:1b:e2:74:
                    d7:c4:b5:18:38:2e:94:1c:a6:b3:18:ec:bd:ba:0f:
                    b7:b5:01:94:e7:23:3d:90:f4:8d:4f:41:0f:39:6e:
                    88:0a:67:a0:a0:ce:44:4d:ba:4b:2a:0f:69:98:22:
                    eb:e3:35:98:d4:60:03:03:45:32:38:3d:11:03:4d:
                    89:51:8c:b1:84:3d:bd:99:e9:e2:22:4f:f5:c5:b9:
                    6f:16:c6:88:94:e5:d5:90:ee:96:69:bc:5d:72:14:
                    4f:6a:6b:03:b7:52:ba:be:84:4b:07:76:2f:2c:ff:
                    26:14:47:5b:aa:61:c6:ea:ba:75:51:ee:05:b7:80:
                    bf:33:9c:b9:a1:c2:ca:10:af:76:9e:71:80:bc:f2:
                    c5:55:22:b7:96:a7:84:04:ac:97:52:3a:0e:e8:90:
                    37:76:be:84:ec:d6:c3:23:81:ef:66:1e:10:54:1a:
                    d8:eb:7b:06:5d:fa:49:ee:d8:83:51:52:c8:68:bd:
                    84:03:f8:0c:d3:36:37:a7:ef:63:60:bf:ff:04:ca:
                    e6:b6:d4:a9:7a:91:03:e5:4f:d4:7e:68:6c:84:43:
                    c6:20:e9:90:ae:b9:17:42:d0:f2:39:ab:8c:49:e2:
                    f2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:91:0A:97:82:60:7D:0A:CC:CF:B9:F2:78:5D:3E:45:82:DB:C8:22
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS48386.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.155.0/24
                IPv6:
                  2a0d:5642:113::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:06:5a:85:54:5f:af:e2:d5:b9:c3:fc:a0:cd:dc:0b:2e:54:
         f4:2b:87:f2:db:77:55:9a:b7:c3:0c:6f:8e:c7:83:d2:0d:0a:
         3d:2d:33:34:d6:fe:3a:19:1d:dc:3f:da:16:a7:89:d1:69:31:
         2a:16:00:84:81:07:c7:7c:a2:34:69:a3:6d:d9:d5:bb:74:9a:
         6b:12:57:83:b2:f0:09:cb:67:9a:71:4c:c1:e4:17:d3:d9:41:
         ac:b2:94:43:fa:3a:7e:0e:3a:2d:eb:6a:ec:5d:45:df:07:8b:
         00:6f:59:80:b0:41:d1:c4:08:87:55:2f:0d:23:d4:2d:40:84:
         45:64:c8:c1:3f:53:91:83:26:7c:f2:aa:12:05:03:83:b1:a8:
         27:02:4f:b2:01:fa:16:03:91:65:8e:6a:fd:c4:5b:e0:45:7a:
         08:a9:40:e6:7e:e9:8e:1d:a7:55:43:81:82:5d:10:a4:1e:ce:
         33:19:b4:62:14:24:ac:b9:fd:f2:a3:e4:78:09:9b:6c:6c:9d:
         aa:79:8b:47:fa:d5:e6:dc:95:35:b5:8b:a5:10:69:b0:8d:91:
         97:48:6c:d1:c2:cd:71:69:28:2f:a0:68:65:4a:e2:f8:4e:19:
         d3:55:cc:5c:db:8a:6c:19:32:5b:99:e4:b2:02:07:9c:e9:ea:
         33:f9:0a:8b
-----BEGIN CERTIFICATE-----
MIIErDCCA5SgAwIBAgIUVtJ4lyhab+iKmB2Neb3pUqlVfcQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNTEwMjIyMTI2MjNaFw0yNjEwMjEyMTMxMjNaMDMxMTAvBgNV
BAMTKDk5OTEwQTk3ODI2MDdEMEFDQ0NGQjlGMjc4NUQzRTQ1ODJEQkM4MjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0Hcw9fm5T0mqQIuj0ZVHX7QpG
Td1A8cgIPhvidNfEtRg4LpQcprMY7L26D7e1AZTnIz2Q9I1PQQ85bogKZ6CgzkRN
uksqD2mYIuvjNZjUYAMDRTI4PREDTYlRjLGEPb2Z6eIiT/XFuW8WxoiU5dWQ7pZp
vF1yFE9qawO3Urq+hEsHdi8s/yYUR1uqYcbqunVR7gW3gL8znLmhwsoQr3aecYC8
8sVVIreWp4QErJdSOg7okDd2voTs1sMjge9mHhBUGtjrewZd+knu2INRUshovYQD
+AzTNjen72Ngv/8Eyua21Kl6kQPlT9R+aGyEQ8Yg6ZCuuRdC0PI5q4xJ4vIdAgMB
AAGjggG2MIIBsjAdBgNVHQ4EFgQUmZEKl4JgfQrMz7nyeF0+RYLbyCIwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEsGCCsGAQUFBwELBD8wPTA7BggrBgEFBQcwC4YvcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVM0ODM4Ni5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAMKcmzAPBAIA
AjAJAwcAKg1WQgETMA0GCSqGSIb3DQEBCwUAA4IBAQA7BlqFVF+v4tW5w/ygzdwL
LlT0K4fy23dVmrfDDG+Ox4PSDQo9LTM01v46GR3cP9oWp4nRaTEqFgCEgQfHfKI0
aaNt2dW7dJprEleDsvAJy2eacUzB5BfT2UGsspRD+jp+Djot62rsXUXfB4sAb1mA
sEHRxAiHVS8NI9QtQIRFZMjBP1ORgyZ88qoSBQODsagnAk+yAfoWA5Fljmr9xFvg
RXoIqUDmfumOHadVQ4GCXRCkHs4zGbRiFCSsuf3yo+R4CZtsbJ2qeYtH+tXm3JU1
tYulEGmwjZGXSGzRws1xaSgvoGhlSuL4ThnTVcxc24psGTJbmeSyAgec6eoz+QqL
-----END CERTIFICATE-----