Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/pI_PWFse5seIT9FINPfIYnMMjNM.roa
File:                     pI_PWFse5seIT9FINPfIYnMMjNM.roa (raw, json)
Hash identifier:          nL4HHY70uhwlmcMnjcVaSkqTm7cearjF6VRV2ff3TlE=
Subject key identifier:   A4:8F:CF:58:5B:1E:E6:C7:88:4F:D1:48:34:F7:C8:62:73:0C:8C:D3
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       01E83C
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/pI_PWFse5seIT9FINPfIYnMMjNM.roa
Signing time:             Wed 17 Jun 2026 00:18:46 +0000
ROA not before:           Wed 17 Jun 2026 00:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199518
IP address blocks:        198.180.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 13:48:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 124988 (0x1e83c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=A48FCF585B1EE6C7884FD14834F7C862730C8CD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:e7:d6:d2:08:2c:26:95:d8:69:59:10:87:da:
                    14:33:e4:3a:ba:40:4e:a4:f2:33:bb:fd:b1:6e:c3:
                    7d:7e:2b:2c:01:06:11:f5:9d:e2:fa:34:88:01:1f:
                    69:9e:a9:c5:f3:ce:17:94:c5:04:ab:15:cb:11:c5:
                    4a:10:85:c9:ef:80:b5:2f:1f:88:e4:06:dc:a1:52:
                    c9:91:28:2c:ff:35:85:6f:a0:8e:09:b7:dc:17:91:
                    7e:19:87:b0:1f:07:24:e9:d9:36:7e:22:1a:86:0c:
                    30:32:b2:fa:85:b0:c6:b9:3c:8c:92:c5:a1:48:9b:
                    5f:1e:1f:73:68:41:6b:e9:c4:fb:16:a5:4d:55:ac:
                    f9:11:6c:65:d3:88:a9:81:9f:2c:22:8b:9a:47:60:
                    f9:5d:5b:2d:4a:02:d9:b5:c5:20:c4:92:82:a4:39:
                    35:b2:eb:41:ce:be:c4:91:e2:a6:50:0d:28:2c:dd:
                    8f:ce:f9:ae:9f:bb:fe:1d:27:9f:cd:d5:83:47:25:
                    d3:03:c0:6e:35:c4:8b:76:92:01:f6:3c:f5:1b:2a:
                    34:22:42:f7:a2:9d:76:67:12:88:88:a8:d4:f2:94:
                    b3:f5:8d:0c:de:82:28:e2:c6:4e:11:a8:26:14:05:
                    a4:a7:ee:06:ae:38:5d:c3:24:0b:e9:f0:06:ff:0a:
                    d8:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:8F:CF:58:5B:1E:E6:C7:88:4F:D1:48:34:F7:C8:62:73:0C:8C:D3
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/pI_PWFse5seIT9FINPfIYnMMjNM.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.180.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:92:b0:7b:14:f6:fa:83:90:e3:41:a5:6e:26:76:cc:e4:bc:
         92:80:99:27:fe:5f:b0:82:20:9d:ea:ce:01:06:b4:8c:fd:29:
         8e:7b:db:02:d4:fa:f8:8e:60:62:f0:ad:96:7c:98:b8:38:bc:
         91:18:cf:e4:82:74:c3:0f:31:07:73:6d:91:69:ac:90:cd:c2:
         fd:8f:23:00:76:c0:38:dd:55:2c:c0:a8:0a:70:1f:5b:28:da:
         09:d3:f0:2c:ab:73:30:fa:5e:82:06:fd:e2:dc:53:19:1d:be:
         26:9f:8e:9b:4f:db:34:1d:c7:a1:8a:a1:8f:58:dd:60:1d:b8:
         58:d7:fa:4b:1e:ab:64:95:ce:6e:1b:5e:4c:f9:94:22:ac:d0:
         b9:25:d5:21:60:79:50:99:c0:2e:cb:dd:ac:d2:e4:53:fe:63:
         5b:a6:31:28:c3:d1:58:71:51:e3:be:cc:6a:ce:70:63:c7:cc:
         33:c1:61:78:0b:03:0d:4f:ee:e9:cf:2d:ff:02:fa:e4:3b:01:
         0d:0f:00:ae:97:fa:53:30:ba:4b:a2:fc:59:a1:30:7a:ee:5b:
         1c:fb:69:40:b7:8a:77:83:6e:39:c1:1d:29:13:c6:f8:a2:36:
         d9:93:a5:5a:f1:42:06:79:35:2a:06:16:9e:c3:39:09:79:44:
         81:5d:88:23
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAeg8MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjYwNjE3
MDAxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhBNDhGQ0Y1ODVCMUVF
NkM3ODg0RkQxNDgzNEY3Qzg2MjczMEM4Q0QzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA+ufW0ggsJpXYaVkQh9oUM+Q6ukBOpPIzu/2xbsN9fissAQYR
9Z3i+jSIAR9pnqnF884XlMUEqxXLEcVKEIXJ74C1Lx+I5AbcoVLJkSgs/zWFb6CO
CbfcF5F+GYewHwck6dk2fiIahgwwMrL6hbDGuTyMksWhSJtfHh9zaEFr6cT7FqVN
Vaz5EWxl04ipgZ8sIouaR2D5XVstSgLZtcUgxJKCpDk1sutBzr7EkeKmUA0oLN2P
zvmun7v+HSefzdWDRyXTA8BuNcSLdpIB9jz1Gyo0IkL3op12ZxKIiKjU8pSz9Y0M
3oIo4sZOEagmFAWkp+4GrjhdwyQL6fAG/wrYVwIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFKSPz1hbHubHiE/RSDT3yGJzDIzTMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL3BJX1BXRnNlNXNlSVQ5RklOUGZJWW5NTWpOTS5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMa0lzANBgkqhkiG9w0BAQsFAAOCAQEAeJKw
exT2+oOQ40GlbiZ2zOS8koCZJ/5fsIIgnerOAQa0jP0pjnvbAtT6+I5gYvCtlnyY
uDi8kRjP5IJ0ww8xB3NtkWmskM3C/Y8jAHbAON1VLMCoCnAfWyjaCdPwLKtzMPpe
ggb94txTGR2+Jp+Om0/bNB3HoYqhj1jdYB24WNf6Sx6rZJXObhteTPmUIqzQuSXV
IWB5UJnALsvdrNLkU/5jW6YxKMPRWHFR477Mas5wY8fMM8FheAsDDU/u6c8t/wL6
5DsBDQ8Arpf6UzC6S6L8WaEweu5bHPtpQLeKd4NuOcEdKRPG+KI22ZOlWvFCBnk1
KgYWnsM5CXlEgV2IIw==
-----END CERTIFICATE-----