Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/8mdKvv6WDmdbe4bzPB5FBaKq3Ko.roa
File:                     8mdKvv6WDmdbe4bzPB5FBaKq3Ko.roa (raw, json)
Hash identifier:          GrH848EtzLQK6eNM7RKU41hsJ3LcZPaIkfPsV1VDdLo=
Subject key identifier:   F2:67:4A:BE:FE:96:0E:67:5B:7B:86:F3:3C:1E:45:05:A2:AA:DC:AA
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       011A6A
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/8mdKvv6WDmdbe4bzPB5FBaKq3Ko.roa
Signing time:             Sat 17 Jun 2023 00:27:10 +0000
ROA not before:           Sat 17 Jun 2023 00:27:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3927
IP address blocks:        198.180.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 20:29:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 72298 (0x11a6a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:27:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=F2674ABEFE960E675B7B86F33C1E4505A2AADCAA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:1d:53:79:8a:ad:e5:54:77:8c:f4:14:bc:eb:
                    ff:13:fb:21:8c:77:b9:1d:f1:37:64:2e:a8:be:b5:
                    ad:1f:7f:72:ce:f7:5c:fc:b6:cf:4a:05:b7:66:a8:
                    2e:57:2c:c5:11:9f:f4:92:3c:88:eb:a3:a2:a0:62:
                    ca:b6:fe:31:a1:ff:3f:5d:a4:eb:c6:33:1e:bd:bc:
                    10:49:e3:31:3a:43:c4:42:ef:9e:59:95:c0:b0:92:
                    ec:5a:77:c1:c3:e9:b4:28:6d:b7:32:69:06:73:cc:
                    e8:d6:fd:18:9b:d2:b7:9d:d6:09:8a:65:aa:ae:90:
                    c2:cd:0b:ab:26:14:b2:f8:d2:c0:87:02:c5:fc:8f:
                    eb:53:91:a3:bc:86:bc:99:29:36:be:e7:96:45:79:
                    5f:5b:20:4b:08:50:2b:d9:7c:d8:1e:ff:f2:af:0d:
                    ae:95:a0:27:6b:42:90:de:90:ef:42:14:7d:08:9c:
                    60:ed:e6:f5:17:99:cb:3a:0c:f9:60:2e:d7:fe:74:
                    6d:2d:28:2a:2c:a9:10:e9:9c:b8:1c:eb:c6:66:df:
                    e7:46:ab:54:9d:5b:f1:64:dd:10:ab:53:38:a1:d1:
                    a2:68:a6:26:56:95:59:81:0e:51:a8:32:3f:a4:de:
                    b4:b0:51:4c:aa:88:07:20:45:d2:11:df:4e:a8:15:
                    37:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:67:4A:BE:FE:96:0E:67:5B:7B:86:F3:3C:1E:45:05:A2:AA:DC:AA
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/8mdKvv6WDmdbe4bzPB5FBaKq3Ko.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.180.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:36:a2:bf:b9:dc:d2:d5:58:fc:83:ea:0e:73:3f:b2:52:54:
         9f:e1:1f:06:9d:b0:6b:de:fd:81:05:6e:dc:5e:43:19:fa:9b:
         42:b3:f3:5a:ad:c6:0b:05:44:d9:4c:b5:2d:89:d4:a2:83:f6:
         eb:84:84:b9:b4:d8:ae:5d:bd:7d:bb:10:fa:a8:57:e9:5b:eb:
         ed:72:b8:98:93:47:fc:ae:59:ee:d6:5f:a8:ca:34:67:8d:86:
         5c:f5:40:6e:38:41:d5:17:0e:fe:71:bb:d0:6e:0f:9c:4d:83:
         e9:ce:f1:de:8c:3c:2a:3d:7a:1f:29:a0:8c:f0:f5:80:ff:32:
         29:4f:0f:b6:34:2b:f0:68:76:e7:d3:d3:15:a1:c6:05:c0:53:
         9b:03:96:bb:cc:08:af:53:8c:de:77:91:cf:ca:44:59:a9:03:
         05:c7:22:2e:f6:85:69:76:5d:50:a1:41:85:d3:b3:21:e8:67:
         4b:8c:ce:24:23:85:fd:d6:78:fd:23:65:54:e6:c6:13:ea:44:
         cb:fe:6d:a7:65:9c:75:f5:be:b6:78:a4:68:25:1b:05:51:c2:
         82:04:10:0c:b4:0b:fd:0d:fb:0c:fe:ed:9a:32:ac:d2:bd:13:
         5f:98:3d:5f:df:58:81:cc:46:fb:11:7a:77:95:57:3e:cc:1a:
         00:5c:5c:e3
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDARpqMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjMwNjE3
MDAyNzEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhGMjY3NEFCRUZFOTYw
RTY3NUI3Qjg2RjMzQzFFNDUwNUEyQUFEQ0FBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA6h1TeYqt5VR3jPQUvOv/E/shjHe5HfE3ZC6ovrWtH39yzvdc
/LbPSgW3ZqguVyzFEZ/0kjyI66OioGLKtv4xof8/XaTrxjMevbwQSeMxOkPEQu+e
WZXAsJLsWnfBw+m0KG23MmkGc8zo1v0Ym9K3ndYJimWqrpDCzQurJhSy+NLAhwLF
/I/rU5GjvIa8mSk2vueWRXlfWyBLCFAr2XzYHv/yrw2ulaAna0KQ3pDvQhR9CJxg
7eb1F5nLOgz5YC7X/nRtLSgqLKkQ6Zy4HOvGZt/nRqtUnVvxZN0Qq1M4odGiaKYm
VpVZgQ5RqDI/pN60sFFMqogHIEXSEd9OqBU3wQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFPJnSr7+lg5nW3uG8zweRQWiqtyqMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VLzhtZEt2djZXRG1kYmU0YnpQQjVGQmFLcTNLby5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMa0ljANBgkqhkiG9w0BAQsFAAOCAQEAsjai
v7nc0tVY/IPqDnM/slJUn+EfBp2wa979gQVu3F5DGfqbQrPzWq3GCwVE2Uy1LYnU
ooP264SEubTYrl29fbsQ+qhX6Vvr7XK4mJNH/K5Z7tZfqMo0Z42GXPVAbjhB1RcO
/nG70G4PnE2D6c7x3ow8Kj16HymgjPD1gP8yKU8PtjQr8Gh259PTFaHGBcBTmwOW
u8wIr1OM3neRz8pEWakDBcciLvaFaXZdUKFBhdOzIehnS4zOJCOF/dZ4/SNlVObG
E+pEy/5tp2WcdfW+tnikaCUbBVHCggQQDLQL/Q37DP7tmjKs0r0TX5g9X99YgcxG
+xF6d5VXPswaAFxc4w==
-----END CERTIFICATE-----