Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/EmGMYYVCDGoU-QOxoI-WVZALLS0.roa
File:                     EmGMYYVCDGoU-QOxoI-WVZALLS0.roa (raw, json)
Hash identifier:          z/5ItsYNs4/2LSyvkEujKJHfJOuj6EnPXeXj1b7bCeY=
Subject key identifier:   12:61:8C:61:85:42:0C:6A:14:F9:03:B1:A0:8F:96:55:90:0B:2D:2D
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       01E841
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/EmGMYYVCDGoU-QOxoI-WVZALLS0.roa
Signing time:             Wed 17 Jun 2026 00:18:47 +0000
ROA not before:           Wed 17 Jun 2026 00:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203274
IP address blocks:        198.133.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 13:48:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 124993 (0x1e841)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=12618C6185420C6A14F903B1A08F9655900B2D2D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:70:ea:76:f4:35:f3:47:e7:11:1f:a7:94:cc:
                    e4:b9:99:92:1c:c0:95:9a:d6:01:61:91:76:79:48:
                    66:9a:0a:ca:38:92:87:e2:51:77:27:bd:42:c9:b4:
                    9b:b4:c5:75:cb:81:e1:c8:7c:7b:0d:30:70:ec:44:
                    64:a8:48:5d:7e:02:c9:ed:60:1d:3b:fe:64:1f:68:
                    05:8c:13:44:42:ca:00:f9:75:af:3a:d6:7d:2a:8c:
                    5e:ed:a9:03:f0:9a:e6:db:4e:e2:9d:75:a6:be:cb:
                    48:fc:d2:e5:79:ed:8e:44:9f:c4:b2:91:e7:21:82:
                    66:34:c6:3c:8c:05:58:79:c7:0f:c7:fd:ec:46:e7:
                    64:4f:86:56:cd:40:b6:87:80:9d:d3:5e:cf:5a:37:
                    c6:2a:38:38:aa:77:86:50:8f:0a:d8:83:77:29:c0:
                    0d:7f:bf:e7:bc:70:09:ef:46:34:9f:a8:5f:e4:e0:
                    96:14:b2:e6:e0:ba:19:f8:38:14:5e:87:ec:da:ab:
                    14:bf:4c:74:12:32:e3:bd:5e:88:55:4a:e7:9c:8a:
                    da:60:28:d1:b6:c5:d8:51:87:13:ae:6d:64:38:51:
                    54:a8:6b:40:58:6e:8a:ae:27:c5:52:2b:c0:42:29:
                    cd:06:59:be:b9:b9:f7:d0:44:2d:98:5f:b3:4b:ee:
                    b3:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:61:8C:61:85:42:0C:6A:14:F9:03:B1:A0:8F:96:55:90:0B:2D:2D
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/EmGMYYVCDGoU-QOxoI-WVZALLS0.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.133.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:4a:7c:44:3d:27:2e:93:44:b8:0e:64:ea:4d:72:c5:d3:79:
         f7:16:14:38:ab:41:f9:7f:6e:35:68:57:1c:22:6f:0d:d5:ca:
         7f:b3:b0:79:a6:ac:e5:3a:67:9a:dd:04:f0:55:12:e4:93:81:
         15:62:5f:b7:d4:32:e4:74:6b:a9:17:ef:ca:7a:36:87:b8:df:
         60:c3:f4:6d:c3:b9:d4:88:92:3d:86:64:c0:44:06:a0:6b:4f:
         fd:d5:93:71:d0:96:be:fe:60:c5:15:f5:72:51:c1:71:66:06:
         0b:47:65:62:9d:cc:2f:2c:e6:fb:18:ab:31:cf:d4:b3:cd:46:
         7f:66:3d:c8:ba:be:ab:67:55:bf:19:80:06:0f:fd:5c:d6:14:
         b3:06:f4:35:10:84:e1:32:41:1b:01:8a:24:cd:b6:83:d2:d8:
         94:fa:32:86:7e:bf:f3:fa:03:a6:c6:09:a4:16:aa:a4:e6:61:
         41:0a:88:36:26:80:96:fd:69:4d:91:b3:d7:ff:94:13:18:75:
         87:cf:ec:b2:65:9f:99:e0:20:ca:12:19:bb:ce:67:e5:43:49:
         fb:7d:64:c6:44:89:e0:66:2e:3b:bb:52:91:23:9a:e4:d6:13:
         b8:f3:ac:f0:c6:2a:5e:38:9f:1e:d2:ca:61:6e:2a:61:26:6c:
         7a:99:4d:ae
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAehBMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjYwNjE3
MDAxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygxMjYxOEM2MTg1NDIw
QzZBMTRGOTAzQjFBMDhGOTY1NTkwMEIyRDJEMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAr3DqdvQ180fnER+nlMzkuZmSHMCVmtYBYZF2eUhmmgrKOJKH
4lF3J71CybSbtMV1y4HhyHx7DTBw7ERkqEhdfgLJ7WAdO/5kH2gFjBNEQsoA+XWv
OtZ9Koxe7akD8Jrm207inXWmvstI/NLlee2ORJ/EspHnIYJmNMY8jAVYeccPx/3s
RudkT4ZWzUC2h4Cd017PWjfGKjg4qneGUI8K2IN3KcANf7/nvHAJ70Y0n6hf5OCW
FLLm4LoZ+DgUXofs2qsUv0x0EjLjvV6IVUrnnIraYCjRtsXYUYcTrm1kOFFUqGtA
WG6KrifFUivAQinNBlm+ubn30EQtmF+zS+6zFwIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFBJhjGGFQgxqFPkDsaCPllWQCy0tMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL0VtR01ZWVZDREdvVS1RT3hvSS1XVlpBTExTMC5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMaFzjANBgkqhkiG9w0BAQsFAAOCAQEALkp8
RD0nLpNEuA5k6k1yxdN59xYUOKtB+X9uNWhXHCJvDdXKf7Oweaas5Tpnmt0E8FUS
5JOBFWJft9Qy5HRrqRfvyno2h7jfYMP0bcO51IiSPYZkwEQGoGtP/dWTcdCWvv5g
xRX1clHBcWYGC0dlYp3MLyzm+xirMc/Us81Gf2Y9yLq+q2dVvxmABg/9XNYUswb0
NRCE4TJBGwGKJM22g9LYlPoyhn6/8/oDpsYJpBaqpOZhQQqINiaAlv1pTZGz1/+U
Exh1h8/ssmWfmeAgyhIZu85n5UNJ+31kxkSJ4GYuO7tSkSOa5NYTuPOs8MYqXjif
HtLKYW4qYSZseplNrg==
-----END CERTIFICATE-----