Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/W-JkKttxq6o8y6y9k4xDaxChgtQ.roa
File:                     W-JkKttxq6o8y6y9k4xDaxChgtQ.roa (raw, json)
Hash identifier:          B6W/TLLp/7RCbdhh8JAO2FImAMD2EIjBAiIAHDD14qA=
Subject key identifier:   5B:E2:64:2A:DB:71:AB:AA:3C:CB:AC:BD:93:8C:43:6B:10:A1:82:D4
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       01E83D
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/W-JkKttxq6o8y6y9k4xDaxChgtQ.roa
Signing time:             Wed 17 Jun 2026 00:18:46 +0000
ROA not before:           Wed 17 Jun 2026 00:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7619
IP address blocks:        147.28.8.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 13:48:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 124989 (0x1e83d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5BE2642ADB71ABAA3CCBACBD938C436B10A182D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:af:84:6a:98:69:b7:5a:78:19:3a:6d:53:b0:
                    79:07:98:65:7a:20:58:98:56:07:8a:08:90:01:ac:
                    e9:6d:f3:c2:14:8a:c6:fc:ba:70:db:7d:b6:49:c1:
                    42:98:34:d6:c6:bb:8e:e9:3c:cc:45:9f:95:0b:3d:
                    f7:e7:02:0f:98:d0:8e:8a:0a:12:d0:7c:2f:65:1d:
                    38:f1:9e:59:01:2e:fa:91:36:52:95:46:2e:de:ac:
                    7d:03:42:52:f2:70:07:30:e5:50:c3:49:39:bf:33:
                    d7:33:04:eb:31:66:da:16:51:46:8e:20:b8:64:47:
                    c2:b8:c7:b7:ef:7b:ad:7a:f6:d0:a0:9b:53:e1:54:
                    91:74:ba:bf:72:7b:fd:6f:31:18:05:b3:98:9e:34:
                    0d:dd:e1:d6:23:f7:0f:a5:32:1b:ab:ca:96:90:e3:
                    22:62:1c:c8:b5:58:b2:8a:2c:2a:8a:c5:34:16:75:
                    65:d4:ca:60:5c:ed:ce:1f:49:53:ce:f4:94:94:2f:
                    94:ed:37:b8:41:5e:8e:33:4d:16:b0:bc:b4:8a:4b:
                    d7:88:2a:c8:7c:c6:6e:3b:80:c4:15:5d:9c:3d:28:
                    4f:da:55:25:9d:b4:b2:d2:ed:ea:b8:00:82:ca:8f:
                    08:ca:78:05:8c:88:ba:28:a0:1e:3d:04:37:e5:bd:
                    0a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E2:64:2A:DB:71:AB:AA:3C:CB:AC:BD:93:8C:43:6B:10:A1:82:D4
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/W-JkKttxq6o8y6y9k4xDaxChgtQ.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cf:1a:f1:35:63:b7:16:f4:7f:2c:66:d9:05:18:7a:e2:f3:4c:
         de:04:bf:fc:21:57:19:d1:69:8d:cd:d5:a8:db:f8:b1:4d:3d:
         c4:87:e5:8e:4d:b4:53:04:1b:45:da:de:f7:84:10:ae:50:a0:
         3e:2d:54:77:40:1f:14:c4:d1:4e:f8:97:bd:55:af:24:f9:6b:
         ce:46:36:cf:2a:83:d1:7a:ed:c9:02:7d:28:a0:aa:a6:f5:82:
         f4:d8:ff:cb:d3:cc:21:7a:d1:5a:2f:8e:01:ce:2e:47:a6:ca:
         2e:4b:bc:34:84:2c:99:9f:11:63:6d:2f:23:b4:06:e7:37:16:
         86:f7:58:de:bb:e8:58:70:c2:81:fb:b3:4e:61:52:1d:f2:6d:
         52:2e:5b:f5:73:80:f3:de:d1:72:b2:69:6d:3d:58:7f:24:dd:
         60:4e:56:b7:27:f4:76:bf:05:32:5d:be:d0:6a:30:b4:1a:52:
         65:2d:97:06:b2:6e:1f:65:76:41:78:c0:6c:e8:a5:6e:51:9a:
         7c:a3:27:a1:88:79:c7:f9:0c:c2:a2:ef:26:7a:af:31:53:81:
         aa:fd:f8:4b:a5:4e:84:9f:7a:6b:ae:0e:82:1f:58:fc:49:aa:
         28:37:f4:d7:70:db:c1:4b:c3:1c:25:b2:83:fa:5c:da:65:ce:
         74:8b:fd:25
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAeg9MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjYwNjE3
MDAxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg1QkUyNjQyQURCNzFB
QkFBM0NDQkFDQkQ5MzhDNDM2QjEwQTE4MkQ0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAzq+Eaphpt1p4GTptU7B5B5hleiBYmFYHigiQAazpbfPCFIrG
/Lpw2322ScFCmDTWxruO6TzMRZ+VCz335wIPmNCOigoS0HwvZR048Z5ZAS76kTZS
lUYu3qx9A0JS8nAHMOVQw0k5vzPXMwTrMWbaFlFGjiC4ZEfCuMe373utevbQoJtT
4VSRdLq/cnv9bzEYBbOYnjQN3eHWI/cPpTIbq8qWkOMiYhzItViyiiwqisU0FnVl
1MpgXO3OH0lTzvSUlC+U7Te4QV6OM00WsLy0ikvXiCrIfMZuO4DEFV2cPShP2lUl
nbSy0u3quACCyo8IyngFjIi6KKAePQQ35b0KFwIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFFviZCrbcauqPMusvZOMQ2sQoYLUMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL1ctSmtLdHR4cTZvOHk2eTlrNHhEYXhDaGd0US5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAZMcCDANBgkqhkiG9w0BAQsFAAOCAQEAzxrx
NWO3FvR/LGbZBRh64vNM3gS//CFXGdFpjc3VqNv4sU09xIfljk20UwQbRdre94QQ
rlCgPi1Ud0AfFMTRTviXvVWvJPlrzkY2zyqD0XrtyQJ9KKCqpvWC9Nj/y9PMIXrR
Wi+OAc4uR6bKLku8NIQsmZ8RY20vI7QG5zcWhvdY3rvoWHDCgfuzTmFSHfJtUi5b
9XOA897RcrJpbT1YfyTdYE5Wtyf0dr8FMl2+0GowtBpSZS2XBrJuH2V2QXjAbOil
blGafKMnoYh5x/kMwqLvJnqvMVOBqv34S6VOhJ96a64Ogh9Y/EmqKDf013DbwUvD
HCWyg/pc2mXOdIv9JQ==
-----END CERTIFICATE-----