Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/NEIcMSp3sM1YXJ05ZNevAcmi27E.roa
File:                     NEIcMSp3sM1YXJ05ZNevAcmi27E.roa (raw, json)
Hash identifier:          qZQS+fkEFldJh9rTaAycPPOKqpqwsY2Ih1vnnvFuQHs=
Subject key identifier:   34:42:1C:31:2A:77:B0:CD:58:5C:9D:39:64:D7:AF:01:C9:A2:DB:B1
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       01E840
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/NEIcMSp3sM1YXJ05ZNevAcmi27E.roa
Signing time:             Wed 17 Jun 2026 00:18:46 +0000
ROA not before:           Wed 17 Jun 2026 00:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3130
IP address blocks:        147.28.0.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 13:48:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 124992 (0x1e840)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34421C312A77B0CD585C9D3964D7AF01C9A2DBB1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e7:09:c0:21:39:64:23:fd:21:4c:5a:29:88:
                    d3:0f:5a:6e:d5:83:5d:05:1b:0b:80:9f:fa:05:51:
                    08:e6:bd:2d:d6:c6:59:9e:44:6a:e1:94:1f:80:f7:
                    12:d1:cb:61:95:50:d3:cf:52:d3:d6:c0:b4:22:f6:
                    64:aa:31:43:dd:ad:24:97:50:72:3e:ee:11:df:5e:
                    a2:88:44:fa:64:89:6c:42:19:35:85:5f:3e:db:20:
                    68:1e:be:e5:4d:93:d0:d3:d8:78:af:87:63:a0:85:
                    f1:01:e6:58:b1:08:97:68:3f:57:27:0e:b2:0d:40:
                    ae:3c:55:4f:76:97:20:2b:dc:15:f8:9a:e2:ac:c2:
                    d6:bb:98:3d:27:38:9f:9e:05:f3:2e:00:b0:fd:3e:
                    cd:55:ab:b8:51:4a:dd:35:24:69:23:63:33:6b:4b:
                    d2:a6:31:22:14:8c:85:8b:d3:56:9d:b5:39:8a:44:
                    17:fa:bf:29:d4:a6:b0:59:21:67:e6:fd:65:d6:c4:
                    64:df:66:c8:22:30:d0:c6:77:1e:0e:fd:3f:a0:a6:
                    17:2b:dc:d9:b3:06:cf:5f:76:a1:6f:57:a0:12:8d:
                    f8:ee:66:4f:c9:f5:40:0b:62:7c:5e:0e:c0:6f:bc:
                    c8:89:5e:57:2d:8e:00:4f:77:70:99:78:0e:c7:57:
                    eb:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:42:1C:31:2A:77:B0:CD:58:5C:9D:39:64:D7:AF:01:C9:A2:DB:B1
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/NEIcMSp3sM1YXJ05ZNevAcmi27E.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:66:dd:a4:17:4f:cf:14:8b:e5:99:71:db:30:5d:8f:b4:83:
         6a:c3:31:23:56:6c:70:86:6f:c5:2d:0f:6b:3b:4c:d7:e4:7b:
         52:73:3d:46:b5:b6:3a:77:1e:a6:9c:74:55:b9:04:57:7b:fa:
         aa:fc:17:dc:e0:1e:49:4b:88:42:81:95:63:e3:3a:25:5c:5c:
         43:31:37:a8:ca:b7:8b:0c:5d:d6:e5:e0:f8:53:1d:eb:b8:52:
         d1:ea:b1:30:23:02:57:42:ae:c7:a1:8e:81:cb:eb:8e:48:7b:
         fa:4c:a2:b4:9b:85:f2:de:fe:c3:25:ce:98:96:eb:23:57:5d:
         cd:6a:a5:ac:f4:a8:91:77:af:40:a8:18:fa:c8:34:c0:cd:40:
         45:d0:fc:85:7d:16:81:56:f6:55:b5:2e:75:84:ef:d1:aa:fa:
         ee:00:f7:05:8c:af:cc:2f:5e:a5:0e:11:17:05:e2:a6:4e:c0:
         33:d3:9f:41:fc:d0:25:bc:37:35:e5:55:6c:46:51:58:08:35:
         4e:7f:8b:c9:db:87:a5:c3:78:46:df:74:46:2d:5b:63:85:2e:
         81:55:2b:b0:95:d3:e8:16:db:a1:24:6a:a0:7a:d7:92:fe:03:
         2a:0e:64:3a:05:c5:57:8b:8c:78:7f:52:ea:f2:e7:37:08:16:
         f4:ad:ed:7d
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAehAMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjYwNjE3
MDAxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygzNDQyMUMzMTJBNzdC
MENENTg1QzlEMzk2NEQ3QUYwMUM5QTJEQkIxMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAs+cJwCE5ZCP9IUxaKYjTD1pu1YNdBRsLgJ/6BVEI5r0t1sZZ
nkRq4ZQfgPcS0cthlVDTz1LT1sC0IvZkqjFD3a0kl1ByPu4R316iiET6ZIlsQhk1
hV8+2yBoHr7lTZPQ09h4r4djoIXxAeZYsQiXaD9XJw6yDUCuPFVPdpcgK9wV+Jri
rMLWu5g9JzifngXzLgCw/T7NVau4UUrdNSRpI2Mza0vSpjEiFIyFi9NWnbU5ikQX
+r8p1KawWSFn5v1l1sRk32bIIjDQxnceDv0/oKYXK9zZswbPX3ahb1egEo347mZP
yfVAC2J8Xg7Ab7zIiV5XLY4AT3dwmXgOx1frWQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFDRCHDEqd7DNWFydOWTXrwHJotuxMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL05FSWNNU3Azc00xWVhKMDVaTmV2QWNtaTI3RS5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAZMcADANBgkqhkiG9w0BAQsFAAOCAQEAmWbd
pBdPzxSL5Zlx2zBdj7SDasMxI1ZscIZvxS0PaztM1+R7UnM9RrW2Onceppx0VbkE
V3v6qvwX3OAeSUuIQoGVY+M6JVxcQzE3qMq3iwxd1uXg+FMd67hS0eqxMCMCV0Ku
x6GOgcvrjkh7+kyitJuF8t7+wyXOmJbrI1ddzWqlrPSokXevQKgY+sg0wM1ARdD8
hX0WgVb2VbUudYTv0ar67gD3BYyvzC9epQ4RFwXipk7AM9OfQfzQJbw3NeVVbEZR
WAg1Tn+LyduHpcN4Rt90Ri1bY4UugVUrsJXT6BbboSRqoHrXkv4DKg5kOgXFV4uM
eH9S6vLnNwgW9K3tfQ==
-----END CERTIFICATE-----