Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/0eIyeiGyIFKlmQZQX86bC9ciEr0.roa
File:                     0eIyeiGyIFKlmQZQX86bC9ciEr0.roa (raw, json)
Hash identifier:          cyM/FkQoj9xO06P7TCTTv/LOo2Xuut82u3dZZ39/U9g=
Subject key identifier:   D1:E2:32:7A:21:B2:20:52:A5:99:06:50:5F:CE:9B:0B:D7:22:12:BD
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       0198D8
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/0eIyeiGyIFKlmQZQX86bC9ciEr0.roa
Signing time:             Sun 20 Apr 2025 17:37:30 +0000
ROA not before:           Sun 20 Apr 2025 17:37:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3130
IP address blocks:        192.83.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 09:26:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 104664 (0x198d8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Apr 20 17:37:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=D1E2327A21B22052A59906505FCE9B0BD72212BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ea:03:6b:98:66:72:38:81:04:74:96:88:96:
                    c7:d1:f8:f7:50:c7:c1:8f:99:41:6c:19:8b:c5:70:
                    9b:30:19:94:fe:a5:81:e8:35:52:5c:80:20:44:3d:
                    64:dd:0c:6e:e0:9e:67:83:49:33:c0:69:1f:a7:99:
                    41:c5:f4:fb:4f:c0:07:33:29:30:b1:60:c3:ea:68:
                    52:fb:4d:e5:90:52:6b:53:57:14:03:8f:60:9f:cd:
                    83:9d:cc:42:64:e1:18:7e:15:2e:16:0a:e0:99:45:
                    d7:11:9d:38:f7:67:9b:ef:16:77:ca:8e:5c:42:d7:
                    7e:0b:bd:43:23:36:5a:27:5b:98:21:88:bc:27:89:
                    0d:86:54:bd:17:e3:0a:1d:84:da:af:82:69:f0:a1:
                    62:f3:0e:f3:84:f9:79:00:5b:a6:42:b6:c4:6a:30:
                    73:7f:ef:48:1b:8a:80:50:7b:94:f3:3f:48:c4:76:
                    eb:0e:90:84:b7:23:65:1f:ba:f1:41:a4:ee:2b:95:
                    89:34:0d:4d:e9:9f:31:b2:11:34:ab:57:bf:53:63:
                    28:de:a5:aa:6e:58:20:1c:b7:d0:0f:11:fe:75:4e:
                    f4:97:76:fb:ee:aa:6d:6a:f2:31:97:98:06:64:e4:
                    2b:3c:47:ce:4b:e6:fd:3c:bd:c4:f6:80:69:0b:c9:
                    ad:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:E2:32:7A:21:B2:20:52:A5:99:06:50:5F:CE:9B:0B:D7:22:12:BD
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/0eIyeiGyIFKlmQZQX86bC9ciEr0.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.83.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:71:f9:a0:cf:74:82:41:18:d0:86:37:8d:e5:c8:e8:02:be:
         f4:7c:ed:b0:71:9b:dd:b5:8c:d2:e2:f3:57:13:27:78:93:f2:
         aa:07:c7:3a:aa:0e:2f:f3:3d:0e:7c:b9:6e:ef:82:24:f5:8c:
         62:66:ef:03:04:83:d2:e4:3c:38:e9:e8:47:4e:78:e1:3c:3a:
         16:5a:bd:32:9a:60:9a:ae:69:af:52:72:90:21:c3:34:7f:26:
         1a:e0:f7:ed:3a:37:b9:db:9d:13:67:92:bf:ca:df:d1:9e:7c:
         d2:fc:c3:d3:a7:6f:57:e0:a3:70:1b:69:9b:d8:8f:32:b2:08:
         8e:df:a6:82:a1:7d:e2:68:3f:81:45:59:59:bc:1c:57:d8:c2:
         79:39:e8:5d:df:d9:e1:cb:1c:f2:18:56:54:82:42:73:ee:40:
         36:aa:95:e8:f6:20:05:a9:f9:72:43:2f:e5:72:df:c4:5a:93:
         02:ee:1f:4b:c9:aa:b1:b2:a9:5d:1b:ba:ea:86:7e:85:52:cf:
         be:09:a6:74:5c:a2:c4:33:df:7a:58:bb:27:0b:ea:8f:5b:e0:
         04:8c:d0:b2:cf:b5:bc:77:8e:ed:07:0a:01:a8:da:76:78:fa:
         22:9b:25:5f:c1:3a:8e:64:da:e2:20:e0:66:98:ad:d7:37:3c:
         e5:69:1c:af
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAZjYMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjUwNDIw
MTczNzMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhEMUUyMzI3QTIxQjIy
MDUyQTU5OTA2NTA1RkNFOUIwQkQ3MjIxMkJEMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAu+oDa5hmcjiBBHSWiJbH0fj3UMfBj5lBbBmLxXCbMBmU/qWB
6DVSXIAgRD1k3Qxu4J5ng0kzwGkfp5lBxfT7T8AHMykwsWDD6mhS+03lkFJrU1cU
A49gn82DncxCZOEYfhUuFgrgmUXXEZ0492eb7xZ3yo5cQtd+C71DIzZaJ1uYIYi8
J4kNhlS9F+MKHYTar4Jp8KFi8w7zhPl5AFumQrbEajBzf+9IG4qAUHuU8z9IxHbr
DpCEtyNlH7rxQaTuK5WJNA1N6Z8xshE0q1e/U2Mo3qWqblggHLfQDxH+dU70l3b7
7qptavIxl5gGZOQrPEfOS+b9PL3E9oBpC8mtjQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFNHiMnohsiBSpZkGUF/OmwvXIhK9MB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VLzBlSXllaUd5SUZLbG1RWlFYODZiQzljaUVyMC5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMBT5jANBgkqhkiG9w0BAQsFAAOCAQEApXH5
oM90gkEY0IY3jeXI6AK+9HztsHGb3bWM0uLzVxMneJPyqgfHOqoOL/M9Dny5bu+C
JPWMYmbvAwSD0uQ8OOnoR0544Tw6Flq9Mppgmq5pr1JykCHDNH8mGuD37To3udud
E2eSv8rf0Z580vzD06dvV+CjcBtpm9iPMrIIjt+mgqF94mg/gUVZWbwcV9jCeTno
Xd/Z4csc8hhWVIJCc+5ANqqV6PYgBan5ckMv5XLfxFqTAu4fS8mqsbKpXRu66oZ+
hVLPvgmmdFyixDPfeli7Jwvqj1vgBIzQss+1vHeO7QcKAajadnj6IpslX8E6jmTa
4iDgZpit1zc85Wkcrw==
-----END CERTIFICATE-----