Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS51928.roa
File:                     AS51928.roa (raw, json)
Hash identifier:          ARv2/hl1v7yL4Drh99iZ38XyaRTYsgU282Yz+0ysgvs=
Subject key identifier:   9D:2C:7B:B6:A5:8D:13:D9:AE:F3:E9:09:99:B7:FB:35:97:D1:35:30
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       40A32127C39CDDD32876D437A0EC310B71498E87
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS51928.roa
Signing time:             Wed 20 Dec 2023 21:30:06 +0000
ROA not before:           Wed 20 Dec 2023 21:25:06 +0000
ROA not after:            Wed 18 Dec 2024 21:30:06 +0000
asID:                     51928
IP address blocks:        185.234.212.0/24 maxlen: 24
                          2a0e:6904::/31 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:a3:21:27:c3:9c:dd:d3:28:76:d4:37:a0:ec:31:0b:71:49:8e:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Dec 20 21:25:06 2023 GMT
            Not After : Dec 18 21:30:06 2024 GMT
        Subject: CN=9D2C7BB6A58D13D9AEF3E90999B7FB3597D13530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:88:cf:ce:e7:cc:18:5c:61:70:bc:c7:24:3d:
                    a7:09:21:c2:98:09:0c:c5:f5:e1:60:44:bc:b9:e6:
                    bf:61:13:82:b8:a3:7d:17:6b:5c:15:2e:24:a8:a4:
                    44:51:78:ab:be:b8:4a:83:9f:f1:ce:6d:61:70:10:
                    06:3d:57:a1:9f:f8:48:16:1a:4a:3b:35:bd:7b:ee:
                    e8:7e:3f:f6:a0:76:60:10:dd:bc:7c:a4:c8:76:c3:
                    9f:00:a0:00:e2:0f:95:e5:25:01:c4:8d:e0:f2:0a:
                    59:56:40:50:46:a5:a5:97:dc:43:87:5d:d4:6e:cb:
                    3f:f5:79:a0:6a:3e:60:8f:5d:82:c7:45:02:e3:9d:
                    4e:ad:c7:7d:8f:fb:23:82:a1:4c:86:e0:85:df:9c:
                    b1:25:2c:5d:78:86:9c:63:96:65:db:8b:a6:61:5c:
                    47:65:43:14:1e:e2:9b:1b:10:67:e0:6f:d9:5a:45:
                    f7:de:39:21:d9:83:78:0b:65:6e:42:a4:9d:e8:cf:
                    19:cf:63:23:03:a2:d0:e6:29:8c:e7:1b:20:ef:72:
                    cf:78:b1:4f:cf:3a:c4:e6:1d:6a:bc:2b:81:fc:e0:
                    8b:4d:ca:a8:f3:29:ba:f2:72:98:8f:56:a5:01:de:
                    a9:96:9e:dc:fc:71:9e:3a:c0:37:6a:12:62:ea:0c:
                    ce:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:2C:7B:B6:A5:8D:13:D9:AE:F3:E9:09:99:B7:FB:35:97:D1:35:30
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS51928.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.212.0/24
                IPv6:
                  2a0e:6904::/31

    Signature Algorithm: sha256WithRSAEncryption
         80:6e:36:68:4b:08:c8:47:b8:65:5f:c4:4d:3b:6c:4b:c0:06:
         8a:b7:67:10:d3:0a:13:aa:eb:a6:d0:ed:32:18:6c:c0:99:aa:
         2c:10:f6:75:be:ef:11:5a:5d:0a:2c:52:1f:9f:85:3f:22:ac:
         b2:b5:df:5b:bc:ab:bb:19:eb:b9:4b:98:7b:e4:59:09:f2:e3:
         35:0f:38:7d:ec:0f:b6:15:05:56:9a:e1:b6:62:07:e0:58:90:
         c8:b6:c4:b2:c6:3b:c4:77:e0:b1:7b:92:eb:21:3f:89:e6:f5:
         7a:3f:5d:c3:3a:e4:78:4d:a4:8c:9a:38:8d:3b:4e:62:4c:68:
         37:0d:f7:23:ee:05:d1:b1:d3:f5:36:bf:4a:68:91:04:40:0a:
         4a:0c:c1:bc:fc:14:09:2a:84:a8:1a:ea:fc:1d:ed:c6:78:cb:
         66:c6:b9:17:fc:c1:3c:b0:e8:8c:ee:97:6f:5c:b3:f8:cf:3f:
         a0:27:ec:dd:58:55:58:7d:2a:4c:e0:24:29:9a:1b:d3:ef:b8:
         56:8f:88:78:fc:0c:c4:72:4a:35:34:ab:2c:c1:3d:3c:ac:08:
         4a:72:5b:67:dc:f7:a4:5f:05:1d:7e:8b:69:40:2f:7d:a5:eb:
         79:b7:f8:f8:27:27:63:91:f9:91:75:33:fa:96:cb:0b:d8:63:
         5b:c4:35:31
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIUQKMhJ8Oc3dModtQ3oOwxC3FJjocwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yMzEyMjAyMTI1MDZaFw0yNDEyMTgyMTMwMDZaMDMxMTAvBgNV
BAMTKDlEMkM3QkI2QTU4RDEzRDlBRUYzRTkwOTk5QjdGQjM1OTdEMTM1MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCziM/O58wYXGFwvMckPacJIcKY
CQzF9eFgRLy55r9hE4K4o30Xa1wVLiSopERReKu+uEqDn/HObWFwEAY9V6Gf+EgW
Gko7Nb177uh+P/agdmAQ3bx8pMh2w58AoADiD5XlJQHEjeDyCllWQFBGpaWX3EOH
XdRuyz/1eaBqPmCPXYLHRQLjnU6tx32P+yOCoUyG4IXfnLElLF14hpxjlmXbi6Zh
XEdlQxQe4psbEGfgb9laRffeOSHZg3gLZW5CpJ3ozxnPYyMDotDmKYznGyDvcs94
sU/POsTmHWq8K4H84ItNyqjzKbrycpiPVqUB3qmWntz8cZ46wDdqEmLqDM7lAgMB
AAGjggG0MIIBsDAdBgNVHQ4EFgQUnSx7tqWNE9mu8+kJmbf7NZfRNTAwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEsGCCsGAQUFBwELBD8wPTA7BggrBgEFBQcwC4YvcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVM1MTkyOC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEALnq1DANBAIA
AjAHAwUBKg5pBDANBgkqhkiG9w0BAQsFAAOCAQEAgG42aEsIyEe4ZV/ETTtsS8AG
irdnENMKE6rrptDtMhhswJmqLBD2db7vEVpdCixSH5+FPyKssrXfW7yruxnruUuY
e+RZCfLjNQ84fewPthUFVprhtmIH4FiQyLbEssY7xHfgsXuS6yE/ieb1ej9dwzrk
eE2kjJo4jTtOYkxoNw33I+4F0bHT9Ta/SmiRBEAKSgzBvPwUCSqEqBrq/B3txnjL
Zsa5F/zBPLDojO6Xb1yz+M8/oCfs3VhVWH0qTOAkKZob0++4Vo+IePwMxHJKNTSr
LME9PKwISnJbZ9z3pF8FHX6LaUAvfaXrebf4+CcnY5H5kXUz+pbLC9hjW8Q1MQ==
-----END CERTIFICATE-----