Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS51928.roa
File:                     AS51928.roa (raw, json)
Hash identifier:          6B1FZH83ynkXd2jlIrlX7xAX5HiFo/SOv36BtFHLNdA=
Subject key identifier:   21:DD:CE:E5:86:7D:A4:C2:B9:17:70:CD:B8:1B:9E:50:67:E8:52:17
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       578535D99A39EC1ED3CB12B3C7E04DAE1784917C
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS51928.roa
Signing time:             Wed 22 Oct 2025 21:31:25 +0000
ROA not before:           Wed 22 Oct 2025 21:26:25 +0000
ROA not after:            Wed 21 Oct 2026 21:31:25 +0000
asID:                     51928
IP address blocks:        185.234.212.0/24 maxlen: 24
                          2a0e:6904::/31 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Oct 2025 02:07:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:85:35:d9:9a:39:ec:1e:d3:cb:12:b3:c7:e0:4d:ae:17:84:91:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Oct 22 21:26:25 2025 GMT
            Not After : Oct 21 21:31:25 2026 GMT
        Subject: CN=21DDCEE5867DA4C2B91770CDB81B9E5067E85217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3f:7e:53:0f:b4:5b:e7:ba:85:1b:35:d2:42:
                    43:48:87:7b:20:5d:44:6d:b3:ac:23:60:e8:06:31:
                    a2:c8:87:bf:fa:86:db:75:f1:c9:9e:6a:e0:be:90:
                    e6:66:05:e2:88:bc:e1:73:36:a8:70:8c:a1:64:fe:
                    1c:82:88:34:c1:9c:65:43:a3:64:43:f0:5e:b1:c0:
                    da:ed:1e:a9:da:de:e1:8a:f7:d4:b6:a4:c6:ba:c3:
                    ca:3f:4f:d1:59:e7:63:3f:3c:f8:a9:2b:4b:5d:ba:
                    15:07:22:2a:b3:13:3a:41:31:18:0a:e5:5c:cf:b8:
                    d8:2f:ca:a5:fd:53:f2:3f:e6:7f:02:de:de:0e:59:
                    32:3b:83:2a:03:e3:9e:a8:5c:e5:1c:f3:c0:7c:04:
                    90:e0:83:80:ca:97:13:dd:87:5c:64:f9:e7:e6:0c:
                    62:ad:05:1f:21:91:23:ca:6d:90:65:3b:92:6e:40:
                    c9:e3:8f:16:c7:5c:69:4e:1c:ce:e2:3e:58:89:54:
                    ed:1a:0f:f5:b9:b5:1a:a2:d1:ff:1f:95:de:ef:b5:
                    48:46:3a:a4:72:e9:3f:92:a1:2e:4b:f7:d0:5a:1b:
                    81:ca:a1:63:c5:d3:54:1f:77:22:1a:16:0f:8e:0d:
                    71:e4:6f:6e:54:73:79:bf:d4:bc:f0:72:91:36:ed:
                    f8:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:DD:CE:E5:86:7D:A4:C2:B9:17:70:CD:B8:1B:9E:50:67:E8:52:17
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS51928.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.212.0/24
                IPv6:
                  2a0e:6904::/31

    Signature Algorithm: sha256WithRSAEncryption
         ae:0d:45:19:bb:f5:b3:df:e9:cd:b3:35:08:eb:46:cf:89:91:
         f0:06:1d:76:16:0c:c8:3e:04:8a:0e:c7:bc:3e:b0:74:4c:a1:
         37:c9:35:4e:a5:83:11:55:9d:ad:99:a0:05:1c:73:20:19:85:
         f6:36:0a:73:0c:fc:22:23:64:71:63:66:7a:1a:b9:9e:9d:b7:
         fa:21:8f:bc:5b:28:a1:9f:08:be:79:39:0b:c9:6d:f4:86:a7:
         91:5a:08:49:44:56:16:05:55:fc:ed:5a:45:2e:d8:9a:e7:01:
         d7:d7:06:8d:7e:12:ee:7c:42:06:7d:63:e7:b7:69:70:55:bf:
         ab:42:79:f6:3d:1a:f0:77:63:8b:32:3a:e0:e6:86:73:6e:45:
         6f:c5:0e:f1:4b:9b:23:90:ab:f1:10:0a:16:4e:76:74:0b:a5:
         03:78:e8:bd:de:cf:02:f6:b2:4f:e5:6c:1f:e4:12:a4:50:8f:
         ed:e4:d6:bf:55:c1:29:50:ef:8c:0e:51:78:7e:d7:15:2d:f2:
         ad:98:1e:20:02:c8:d2:9b:0e:3c:cd:50:ca:7e:c6:39:f8:e8:
         38:07:58:ef:77:9a:fb:23:b8:ab:c8:d3:70:61:68:0d:15:20:
         0c:03:88:a7:af:3f:d5:95:cb:17:f2:88:c8:87:0d:c6:3b:89:
         c5:88:43:69
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIUV4U12Zo57B7TyxKzx+BNrheEkXwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNTEwMjIyMTI2MjVaFw0yNjEwMjEyMTMxMjVaMDMxMTAvBgNV
BAMTKDIxRERDRUU1ODY3REE0QzJCOTE3NzBDREI4MUI5RTUwNjdFODUyMTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqP35TD7Rb57qFGzXSQkNIh3sg
XURts6wjYOgGMaLIh7/6htt18cmeauC+kOZmBeKIvOFzNqhwjKFk/hyCiDTBnGVD
o2RD8F6xwNrtHqna3uGK99S2pMa6w8o/T9FZ52M/PPipK0tduhUHIiqzEzpBMRgK
5VzPuNgvyqX9U/I/5n8C3t4OWTI7gyoD456oXOUc88B8BJDgg4DKlxPdh1xk+efm
DGKtBR8hkSPKbZBlO5JuQMnjjxbHXGlOHM7iPliJVO0aD/W5tRqi0f8fld7vtUhG
OqRy6T+SoS5L99BaG4HKoWPF01QfdyIaFg+ODXHkb25Uc3m/1LzwcpE27fiZAgMB
AAGjggG0MIIBsDAdBgNVHQ4EFgQUId3O5YZ9pMK5F3DNuBueUGfoUhcwHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEsGCCsGAQUFBwELBD8wPTA7BggrBgEFBQcwC4YvcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVM1MTkyOC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEALnq1DANBAIA
AjAHAwUBKg5pBDANBgkqhkiG9w0BAQsFAAOCAQEArg1FGbv1s9/pzbM1COtGz4mR
8AYddhYMyD4Eig7HvD6wdEyhN8k1TqWDEVWdrZmgBRxzIBmF9jYKcwz8IiNkcWNm
ehq5np23+iGPvFsooZ8Ivnk5C8lt9IankVoISURWFgVV/O1aRS7YmucB19cGjX4S
7nxCBn1j57dpcFW/q0J59j0a8HdjizI64OaGc25Fb8UO8UubI5Cr8RAKFk52dAul
A3jovd7PAvayT+VsH+QSpFCP7eTWv1XBKVDvjA5ReH7XFS3yrZgeIALI0psOPM1Q
yn7GOfjoOAdY73ea+yO4q8jTcGFoDRUgDAOIp68/1ZXLF/KIyIcNxjuJxYhDaQ==
-----END CERTIFICATE-----