Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/rWvG5NEFGOfw0xIYlCYeThEG0Ww.roa
File:                     rWvG5NEFGOfw0xIYlCYeThEG0Ww.roa (raw, json)
Hash identifier:          kuOUia1vjIPU817KH6tcygT1NW1olXvBN0mQ4KVYycE=
Subject key identifier:   AD:6B:C6:E4:D1:05:18:E7:F0:D3:12:18:94:26:1E:4E:11:06:D1:6C
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       01E83E
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/rWvG5NEFGOfw0xIYlCYeThEG0Ww.roa
Signing time:             Wed 17 Jun 2026 00:18:46 +0000
ROA not before:           Wed 17 Jun 2026 00:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3130
IP address blocks:        198.180.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 13:48:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 124990 (0x1e83e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=AD6BC6E4D10518E7F0D3121894261E4E1106D16C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:aa:fc:78:2c:dd:96:18:35:96:52:0c:e5:ee:
                    7a:61:8f:f1:0b:e1:ea:30:fa:7e:59:79:70:00:19:
                    79:f9:c1:04:d0:80:16:12:62:68:31:ed:4d:6c:b2:
                    01:b5:e7:40:69:4b:92:9e:93:58:22:59:9e:b5:d5:
                    95:71:42:1b:c7:19:34:93:9e:4d:6d:ce:4e:f4:f8:
                    a9:c0:ec:09:3d:59:0d:52:4c:5e:cd:31:ef:25:54:
                    01:95:93:21:9f:61:e3:38:e4:a2:4b:1c:33:43:98:
                    e0:26:50:e4:c6:7a:d4:50:29:3a:78:23:33:2d:d0:
                    10:80:23:05:e9:4c:50:a7:ed:4e:d2:e5:fb:1f:3e:
                    0b:2b:01:9b:c2:ae:01:46:da:ae:d8:01:69:2c:39:
                    6b:79:3b:a6:7f:c7:f1:24:75:87:7a:df:5f:08:a3:
                    c3:a0:52:df:b3:ed:3a:db:41:5b:0e:6b:d7:f6:8b:
                    e5:71:82:6b:aa:41:db:b5:26:44:07:8b:3e:3a:3a:
                    ea:d6:b6:ce:42:5d:20:8b:09:81:6f:9f:c2:50:1c:
                    7b:d0:bb:4c:e9:0a:20:c9:2a:81:3e:ce:e2:40:c9:
                    4f:fb:71:82:e6:d7:47:62:ad:bd:33:81:ad:81:a8:
                    ce:81:c9:ed:32:90:99:3e:3e:03:fa:db:88:f2:49:
                    26:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:6B:C6:E4:D1:05:18:E7:F0:D3:12:18:94:26:1E:4E:11:06:D1:6C
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/rWvG5NEFGOfw0xIYlCYeThEG0Ww.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.180.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:3b:98:31:4d:b7:31:dc:90:56:63:8e:e7:37:0f:0a:70:cc:
         aa:8a:fa:8d:2c:a5:37:ee:a3:d9:58:8d:14:23:2d:09:c8:0b:
         d2:fb:cd:6f:b6:c7:b2:0d:fd:92:ee:b1:45:47:7f:cd:2c:32:
         aa:8c:bd:e4:7f:58:95:9d:1a:a6:48:a4:d2:52:66:05:70:e0:
         bd:68:67:c6:1d:a2:a9:e4:d8:87:2d:d4:b9:5d:2d:5a:06:4e:
         2e:38:61:3b:b4:43:d2:67:fd:a3:50:82:67:65:3b:b4:06:26:
         35:38:f5:4e:6d:8d:f5:37:bc:e6:c1:65:c9:d9:81:3f:14:32:
         f9:f2:16:31:eb:a6:31:d0:24:d9:5a:ac:8b:c1:31:9d:e9:a6:
         29:ec:86:46:bd:c8:f8:4d:3f:5a:92:f2:13:11:c9:dc:d0:ea:
         3c:e3:d9:f8:6a:58:9e:68:59:35:17:5a:d6:53:74:94:a8:78:
         e8:00:c2:c6:23:80:de:bf:ed:5f:80:c7:5c:68:d1:b0:fd:0b:
         72:ce:86:5b:4c:1f:ec:dd:d5:f4:fc:a2:86:e9:ee:9f:17:8f:
         3a:5d:eb:9a:5c:d3:37:61:e5:ac:8d:82:f5:bc:03:f5:f4:5f:
         15:70:a7:c4:8a:2a:32:79:c5:2b:15:29:4a:a3:8c:0a:ac:d2:
         57:ff:6e:8b
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAeg+MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjYwNjE3
MDAxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhBRDZCQzZFNEQxMDUx
OEU3RjBEMzEyMTg5NDI2MUU0RTExMDZEMTZDMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA26r8eCzdlhg1llIM5e56YY/xC+HqMPp+WXlwABl5+cEE0IAW
EmJoMe1NbLIBtedAaUuSnpNYIlmetdWVcUIbxxk0k55Nbc5O9PipwOwJPVkNUkxe
zTHvJVQBlZMhn2HjOOSiSxwzQ5jgJlDkxnrUUCk6eCMzLdAQgCMF6UxQp+1O0uX7
Hz4LKwGbwq4BRtqu2AFpLDlreTumf8fxJHWHet9fCKPDoFLfs+0620FbDmvX9ovl
cYJrqkHbtSZEB4s+Ojrq1rbOQl0giwmBb5/CUBx70LtM6QogySqBPs7iQMlP+3GC
5tdHYq29M4GtgajOgcntMpCZPj4D+tuI8kkmvQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFK1rxuTRBRjn8NMSGJQmHk4RBtFsMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL3JXdkc1TkVGR09mdzB4SVlsQ1llVGhFRzBXdy5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMa0mTANBgkqhkiG9w0BAQsFAAOCAQEAdzuY
MU23MdyQVmOO5zcPCnDMqor6jSylN+6j2ViNFCMtCcgL0vvNb7bHsg39ku6xRUd/
zSwyqoy95H9YlZ0apkik0lJmBXDgvWhnxh2iqeTYhy3UuV0tWgZOLjhhO7RD0mf9
o1CCZ2U7tAYmNTj1Tm2N9Te85sFlydmBPxQy+fIWMeumMdAk2Vqsi8ExnemmKeyG
Rr3I+E0/WpLyExHJ3NDqPOPZ+GpYnmhZNRda1lN0lKh46ADCxiOA3r/tX4DHXGjR
sP0Lcs6GW0wf7N3V9PyihununxePOl3rmlzTN2HlrI2C9bwD9fRfFXCnxIoqMnnF
KxUpSqOMCqzSV/9uiw==
-----END CERTIFICATE-----