Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/UDn6-ZD0WTj18D8nHih3D--ZO_s.roa
File:                     UDn6-ZD0WTj18D8nHih3D--ZO_s.roa (raw, json)
Hash identifier:          E0/WsIxOejz2/RTbLMdD/5U9XX5PVXs0IPlP2v1u8tI=
Subject key identifier:   50:39:FA:F9:90:F4:59:38:F5:F0:3F:27:1E:28:77:0F:EF:99:3B:FB
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       0198D7
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/UDn6-ZD0WTj18D8nHih3D--ZO_s.roa
Signing time:             Sun 20 Apr 2025 17:37:29 +0000
ROA not before:           Sun 20 Apr 2025 17:37:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3130
IP address blocks:        147.28.0.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 04 May 2025 11:57:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 104663 (0x198d7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Apr 20 17:37:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5039FAF990F45938F5F03F271E28770FEF993BFB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f6:be:bc:fa:d3:56:19:e2:87:ce:7e:c9:8f:
                    bf:e3:ab:09:1f:ad:47:af:23:c2:70:df:82:10:14:
                    86:10:b1:42:c7:88:52:ab:5b:1f:12:f8:1a:74:f5:
                    bb:57:12:d8:c8:a3:0f:5a:56:09:03:9c:dd:64:ac:
                    32:26:d9:6b:71:16:f2:fb:de:58:05:1c:93:f8:0a:
                    99:f4:35:43:3b:85:68:fc:6d:e6:20:b2:82:d8:55:
                    13:d3:a3:a5:91:5f:9c:b6:62:24:1b:27:80:bc:8c:
                    ea:b5:25:3c:87:f7:4f:53:97:23:67:b5:b3:91:84:
                    c4:aa:6e:fa:31:80:35:47:ab:63:e9:9d:a5:b1:36:
                    67:fe:56:0d:b6:e1:3f:c2:6f:6a:87:8b:fe:05:33:
                    da:80:9d:b0:8a:d5:3c:7b:ac:14:3f:60:99:1a:dd:
                    39:45:88:17:11:26:d5:8d:c3:39:b7:66:54:08:cd:
                    af:42:d7:ad:91:0a:25:02:ab:9d:35:aa:29:15:09:
                    a5:fc:0d:7a:44:a3:b5:ab:36:06:2b:c1:1e:05:81:
                    56:f6:d2:3f:55:73:dc:cc:2c:92:da:4a:b3:ee:fe:
                    2b:5b:3b:70:25:b7:ea:64:b8:f7:30:19:bc:77:db:
                    34:84:eb:ba:e8:af:88:ba:0e:9a:58:c2:e0:ec:95:
                    14:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:39:FA:F9:90:F4:59:38:F5:F0:3F:27:1E:28:77:0F:EF:99:3B:FB
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/UDn6-ZD0WTj18D8nHih3D--ZO_s.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:ce:aa:2d:ad:94:7e:ff:3f:e2:9b:06:f3:e2:1b:61:d1:84:
         81:55:d3:a1:c0:14:c1:ff:5d:70:47:64:b0:09:f9:43:93:ce:
         e1:b9:57:1e:91:3c:ad:ed:42:91:e3:b6:c2:9e:c2:84:64:38:
         ee:d0:c5:ee:79:7d:86:cc:41:7a:4b:8b:01:fe:bd:01:b5:0f:
         63:b6:34:49:e8:31:55:29:d7:90:ad:19:cb:8b:41:03:b5:8a:
         32:e9:3f:d8:92:4a:45:d8:ad:65:ad:71:70:39:96:49:85:aa:
         f6:ad:64:09:f5:2b:6b:52:39:93:82:b0:ad:22:6e:2d:78:97:
         5b:3b:b6:55:1c:9a:66:38:a2:b7:95:40:0f:70:ba:1a:ad:59:
         9a:d3:cc:a0:11:53:5c:ab:b0:5f:df:16:8e:d5:d4:c7:39:0e:
         a9:f2:75:68:33:14:eb:92:ec:6c:36:b6:46:ac:de:37:f9:d4:
         15:75:de:96:b5:64:83:77:80:16:12:0a:c2:a0:c3:40:53:41:
         d0:f9:52:e9:aa:ff:18:50:67:39:4a:7a:89:61:7f:1c:78:aa:
         8f:3f:07:fe:ef:42:95:d4:76:37:f8:3b:f4:14:cd:79:3a:8d:
         93:80:af:5a:d2:77:cf:c9:64:0f:8f:4f:f8:bd:68:63:97:82:
         26:bd:2a:16
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAZjXMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjUwNDIw
MTczNzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg1MDM5RkFGOTkwRjQ1
OTM4RjVGMDNGMjcxRTI4NzcwRkVGOTkzQkZCMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1fa+vPrTVhnih85+yY+/46sJH61HryPCcN+CEBSGELFCx4hS
q1sfEvgadPW7VxLYyKMPWlYJA5zdZKwyJtlrcRby+95YBRyT+AqZ9DVDO4Vo/G3m
ILKC2FUT06OlkV+ctmIkGyeAvIzqtSU8h/dPU5cjZ7WzkYTEqm76MYA1R6tj6Z2l
sTZn/lYNtuE/wm9qh4v+BTPagJ2witU8e6wUP2CZGt05RYgXESbVjcM5t2ZUCM2v
QtetkQolAqudNaopFQml/A16RKO1qzYGK8EeBYFW9tI/VXPczCyS2kqz7v4rWztw
JbfqZLj3MBm8d9s0hOu66K+Iug6aWMLg7JUUyQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFFA5+vmQ9Fk49fA/Jx4odw/vmTv7MB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL1VEbjYtWkQwV1RqMThEOG5IaWgzRC0tWk9fcy5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAZMcADANBgkqhkiG9w0BAQsFAAOCAQEArs6q
La2Ufv8/4psG8+IbYdGEgVXTocAUwf9dcEdksAn5Q5PO4blXHpE8re1CkeO2wp7C
hGQ47tDF7nl9hsxBekuLAf69AbUPY7Y0SegxVSnXkK0Zy4tBA7WKMuk/2JJKRdit
Za1xcDmWSYWq9q1kCfUra1I5k4KwrSJuLXiXWzu2VRyaZjiit5VAD3C6Gq1ZmtPM
oBFTXKuwX98WjtXUxzkOqfJ1aDMU65LsbDa2RqzeN/nUFXXelrVkg3eAFhIKwqDD
QFNB0PlS6ar/GFBnOUp6iWF/HHiqjz8H/u9CldR2N/g79BTNeTqNk4CvWtJ3z8lk
D49P+L1oY5eCJr0qFg==
-----END CERTIFICATE-----