Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/IdgNYO8v_dEbdoPuHFTpsjA3l0U.roa
File:                     IdgNYO8v_dEbdoPuHFTpsjA3l0U.roa (raw, json)
Hash identifier:          rr4euxcMf4+ZXrKMACe3mGR+5zZFKDjuT9seOvH/4fA=
Subject key identifier:   21:D8:0D:60:EF:2F:FD:D1:1B:76:83:EE:1C:54:E9:B2:30:37:97:45
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       0198DB
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/IdgNYO8v_dEbdoPuHFTpsjA3l0U.roa
Signing time:             Sun 20 Apr 2025 17:37:32 +0000
ROA not before:           Sun 20 Apr 2025 17:37:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203274
IP address blocks:        198.133.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 23:27:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 104667 (0x198db)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Apr 20 17:37:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21D80D60EF2FFDD11B7683EE1C54E9B230379745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f5:2f:46:be:a1:11:9c:f4:a7:9c:52:b8:09:
                    71:89:0f:ed:8f:97:b9:3f:d4:dd:38:e3:bf:2e:81:
                    cf:43:2b:7d:16:28:32:bc:2b:89:5d:a5:8e:2a:46:
                    44:35:3d:27:c1:8e:4e:05:b3:da:10:a3:40:7d:e5:
                    d5:5e:b7:e6:5a:9b:cb:c3:50:53:af:6e:15:5e:6e:
                    29:92:15:54:b5:11:d4:36:23:b8:ab:d6:a1:2e:da:
                    25:20:f5:df:08:3c:f6:de:fe:86:82:b0:44:94:78:
                    2a:7a:b6:ea:8c:1e:de:0d:7d:39:14:32:1f:66:f6:
                    81:52:5a:b3:5b:5e:ad:a4:fd:38:73:45:f6:63:e3:
                    5e:df:e0:a7:a2:b3:85:20:74:d9:37:74:88:d8:7c:
                    81:8b:7d:34:9e:07:bf:35:0a:7c:24:7c:1d:20:6d:
                    a7:be:f0:09:f0:9d:99:1e:fe:dc:fd:cc:fb:4a:bb:
                    b2:d3:93:4c:6a:48:36:51:8f:b2:12:66:65:e3:dd:
                    3e:98:13:1a:6c:40:3e:ad:39:4c:22:b5:2d:40:82:
                    81:ce:d5:36:dd:06:c0:da:71:55:25:1a:93:48:72:
                    54:5e:55:55:23:9c:ad:72:0f:33:e6:8c:ee:06:88:
                    81:43:48:cb:b8:26:13:e1:08:48:70:50:1a:c1:e8:
                    ed:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:D8:0D:60:EF:2F:FD:D1:1B:76:83:EE:1C:54:E9:B2:30:37:97:45
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/IdgNYO8v_dEbdoPuHFTpsjA3l0U.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.133.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:dc:84:1e:52:f2:e8:08:f0:88:9c:e4:59:4f:ba:7e:e5:74:
         df:2c:37:b9:d6:fe:b5:19:3f:93:dd:15:ca:6a:61:ae:01:af:
         b0:c3:44:e1:cc:bb:eb:c5:91:fe:54:f5:34:12:cc:41:e0:64:
         b4:35:6f:0c:ec:0d:5b:23:74:04:2e:f5:60:cb:4e:3b:2e:4c:
         8f:fc:ea:23:a9:a4:c3:6b:18:0c:cf:6f:d5:6c:97:1b:07:28:
         52:ab:0f:1e:2a:74:cf:71:41:47:14:31:c9:8c:5f:7e:67:97:
         ec:77:0b:0f:c7:5d:b9:66:cd:f4:ea:8b:24:ec:eb:5d:4d:ab:
         08:f5:cc:85:82:87:d0:5c:eb:2c:74:57:a4:c9:d5:00:9b:f9:
         73:ff:cb:8d:eb:f4:32:14:55:0d:f7:e4:0a:cd:fe:c6:d9:39:
         c1:85:70:9f:75:33:aa:cf:a2:12:c2:c8:d8:59:cb:d2:02:d1:
         b8:5e:61:ff:8c:ff:da:a6:b2:48:04:6d:ec:a7:26:2e:32:5c:
         22:68:7a:91:7b:c7:5e:2d:41:be:8f:a1:0b:47:f9:57:81:8e:
         3e:7b:99:a3:12:8c:50:90:c7:53:5b:e8:ff:b6:37:1a:3b:a9:
         31:fe:ce:96:c1:ee:b1:b3:05:42:05:3c:42:fe:ba:43:54:98:
         c8:ee:94:ba
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAZjbMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjUwNDIw
MTczNzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygyMUQ4MEQ2MEVGMkZG
REQxMUI3NjgzRUUxQzU0RTlCMjMwMzc5NzQ1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1PUvRr6hEZz0p5xSuAlxiQ/tj5e5P9TdOOO/LoHPQyt9Figy
vCuJXaWOKkZENT0nwY5OBbPaEKNAfeXVXrfmWpvLw1BTr24VXm4pkhVUtRHUNiO4
q9ahLtolIPXfCDz23v6GgrBElHgqerbqjB7eDX05FDIfZvaBUlqzW16tpP04c0X2
Y+Ne3+CnorOFIHTZN3SI2HyBi300nge/NQp8JHwdIG2nvvAJ8J2ZHv7c/cz7Sruy
05NMakg2UY+yEmZl490+mBMabEA+rTlMIrUtQIKBztU23QbA2nFVJRqTSHJUXlVV
I5ytcg8z5ozuBoiBQ0jLuCYT4QhIcFAawejtQQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFCHYDWDvL/3RG3aD7hxU6bIwN5dFMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL0lkZ05ZTzh2X2RFYmRvUHVIRlRwc2pBM2wwVS5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMaFzjANBgkqhkiG9w0BAQsFAAOCAQEAoNyE
HlLy6AjwiJzkWU+6fuV03yw3udb+tRk/k90VymphrgGvsMNE4cy768WR/lT1NBLM
QeBktDVvDOwNWyN0BC71YMtOOy5Mj/zqI6mkw2sYDM9v1WyXGwcoUqsPHip0z3FB
RxQxyYxffmeX7HcLD8dduWbN9OqLJOzrXU2rCPXMhYKH0FzrLHRXpMnVAJv5c//L
jev0MhRVDffkCs3+xtk5wYVwn3Uzqs+iEsLI2FnL0gLRuF5h/4z/2qaySARt7Kcm
LjJcImh6kXvHXi1Bvo+hC0f5V4GOPnuZoxKMUJDHU1vo/7Y3GjupMf7OlsHusbMF
QgU8Qv66Q1SYyO6Uug==
-----END CERTIFICATE-----