Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/fDvN8JDIeg8h7b5wWCFK_F7J_SY.roa
File:                     fDvN8JDIeg8h7b5wWCFK_F7J_SY.roa (raw, json)
Hash identifier:          3XTR+/4DackDLN++CL7fLb+4xpAjYp7KADxJhiiuXY4=
Subject key identifier:   7C:3B:CD:F0:90:C8:7A:0F:21:ED:BE:70:58:21:4A:FC:5E:C9:FD:26
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       0198D4
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/fDvN8JDIeg8h7b5wWCFK_F7J_SY.roa
Signing time:             Sun 20 Apr 2025 17:37:28 +0000
ROA not before:           Sun 20 Apr 2025 17:37:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199518
IP address blocks:        198.180.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 06:27:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 104660 (0x198d4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Apr 20 17:37:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7C3BCDF090C87A0F21EDBE7058214AFC5EC9FD26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:53:47:f1:a0:61:8f:90:6b:e1:73:c2:9a:75:
                    64:24:5a:c4:3d:39:49:72:dd:a5:a3:50:18:f0:77:
                    2b:56:7c:05:8b:b2:61:f0:84:ab:ac:2d:db:a0:ae:
                    ef:e6:69:21:6b:63:e7:d3:b3:ac:a2:c8:76:d2:59:
                    15:b7:d7:7a:15:9d:46:26:3e:81:ea:2e:0e:91:c3:
                    3c:82:a0:3e:cf:0c:55:a5:d8:08:9d:95:9f:cf:c7:
                    fa:f6:af:eb:78:8f:eb:74:68:94:4f:41:dc:9e:50:
                    e3:35:6a:0b:7b:1b:84:74:17:55:8b:01:6c:54:46:
                    d1:13:72:33:5a:c8:ae:fe:47:95:ee:c0:a0:42:82:
                    19:09:e2:48:91:42:c5:44:c6:7f:32:9c:64:de:67:
                    73:45:81:ca:50:4a:29:ba:66:04:f9:b5:a5:7a:9a:
                    f5:35:02:d7:39:ba:4d:8e:ef:84:49:8e:bf:b3:70:
                    e5:46:df:76:92:0b:ff:5a:28:01:99:5c:a9:70:47:
                    6e:87:55:38:31:67:b2:e8:86:50:7f:3e:df:33:62:
                    3a:3c:b8:5b:89:ce:d7:d0:5d:36:42:ca:ab:b0:2f:
                    a4:64:0c:68:ca:83:48:e9:b0:66:70:00:49:02:09:
                    e1:b8:eb:8b:4b:da:85:2d:22:e3:72:f8:7c:11:5b:
                    71:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:3B:CD:F0:90:C8:7A:0F:21:ED:BE:70:58:21:4A:FC:5E:C9:FD:26
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/fDvN8JDIeg8h7b5wWCFK_F7J_SY.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.180.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:82:af:65:21:4b:d2:73:39:a4:d8:6d:ee:90:5a:e7:ee:ff:
         39:9c:c5:37:4b:06:c5:3b:f7:ab:a8:87:0a:22:c7:5f:56:00:
         19:5b:26:24:44:1f:a7:44:f1:f5:0f:40:d2:32:29:50:41:47:
         7f:b2:70:12:98:19:cd:ab:97:76:5d:9c:0e:09:60:b9:7a:54:
         ff:a8:95:19:48:3f:7a:54:12:30:d9:ea:18:94:eb:77:49:4a:
         81:85:77:39:cf:2e:e7:c0:d4:f9:37:4e:4c:46:a0:83:6d:d7:
         5d:06:56:ea:20:dc:4e:be:49:d4:af:0c:c0:e2:a8:59:30:7e:
         78:5d:fd:21:68:58:1d:58:a4:ac:70:ed:97:6d:e7:52:1a:09:
         e0:7c:4b:1c:d6:a4:4c:6c:ee:52:4a:b1:bc:d9:58:8f:ef:de:
         ac:0f:f6:5c:8c:1c:0d:85:12:35:06:5f:f9:e5:d2:65:55:a5:
         0d:e2:87:10:7f:66:87:02:07:1c:e9:b3:50:a0:66:d3:77:43:
         ff:d7:d7:cc:92:d3:2f:95:2f:49:ee:01:a4:ae:b8:41:d5:7f:
         ff:0b:b3:e6:0a:31:6a:85:62:8c:67:52:f8:79:da:74:e0:62:
         83:4b:1b:06:a2:bd:63:cf:28:97:45:dc:93:85:5e:57:ae:7e:
         ac:88:68:34
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAZjUMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjUwNDIw
MTczNzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg3QzNCQ0RGMDkwQzg3
QTBGMjFFREJFNzA1ODIxNEFGQzVFQzlGRDI2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAp1NH8aBhj5Br4XPCmnVkJFrEPTlJct2lo1AY8HcrVnwFi7Jh
8ISrrC3boK7v5mkha2Pn07Ososh20lkVt9d6FZ1GJj6B6i4OkcM8gqA+zwxVpdgI
nZWfz8f69q/reI/rdGiUT0HcnlDjNWoLexuEdBdViwFsVEbRE3IzWsiu/keV7sCg
QoIZCeJIkULFRMZ/Mpxk3mdzRYHKUEopumYE+bWlepr1NQLXObpNju+ESY6/s3Dl
Rt92kgv/WigBmVypcEduh1U4MWey6IZQfz7fM2I6PLhbic7X0F02QsqrsC+kZAxo
yoNI6bBmcABJAgnhuOuLS9qFLSLjcvh8EVtxtQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFHw7zfCQyHoPIe2+cFghSvxeyf0mMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL2ZEdk44SkRJZWc4aDdiNXdXQ0ZLX0Y3Sl9TWS5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMa0lzANBgkqhkiG9w0BAQsFAAOCAQEAs4Kv
ZSFL0nM5pNht7pBa5+7/OZzFN0sGxTv3q6iHCiLHX1YAGVsmJEQfp0Tx9Q9A0jIp
UEFHf7JwEpgZzauXdl2cDglguXpU/6iVGUg/elQSMNnqGJTrd0lKgYV3Oc8u58DU
+TdOTEagg23XXQZW6iDcTr5J1K8MwOKoWTB+eF39IWhYHVikrHDtl23nUhoJ4HxL
HNakTGzuUkqxvNlYj+/erA/2XIwcDYUSNQZf+eXSZVWlDeKHEH9mhwIHHOmzUKBm
03dD/9fXzJLTL5UvSe4BpK64QdV//wuz5goxaoVijGdS+HnadOBig0sbBqK9Y88o
l0Xck4VeV65+rIhoNA==
-----END CERTIFICATE-----