Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/U45pfCYqljJXOC9Vd1bKQVM1bwo.roa
File:                     U45pfCYqljJXOC9Vd1bKQVM1bwo.roa (raw, json)
Hash identifier:          GU5ZBy59SJR67lq2z35yFUn5OrRMigkqWL/kf/VrBJE=
Subject key identifier:   53:8E:69:7C:26:2A:96:32:57:38:2F:55:77:56:CA:41:53:35:6F:0A
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       011A69
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/U45pfCYqljJXOC9Vd1bKQVM1bwo.roa
Signing time:             Sat 17 Jun 2023 00:27:09 +0000
ROA not before:           Sat 17 Jun 2023 00:27:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     4128
IP address blocks:        198.180.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 18:30:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 72297 (0x11a69)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:27:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=538E697C262A963257382F557756CA4153356F0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:24:48:5b:b6:c1:45:6b:a6:37:3b:0b:8a:9a:
                    ec:c7:b4:a6:68:b4:9f:48:c5:c1:f5:41:24:7b:05:
                    db:80:46:fd:60:6d:a3:08:7f:e4:a5:64:65:3b:65:
                    ef:e6:86:a3:94:a5:b1:06:4e:b3:fe:15:76:cd:59:
                    c4:7b:89:79:6a:1c:d2:eb:62:29:57:e1:4a:81:c2:
                    52:b3:ad:e3:54:0a:ae:a6:6e:a5:66:67:c7:4b:66:
                    f2:6f:21:5a:64:be:0b:3a:fd:10:1e:76:5c:84:72:
                    96:e0:ed:bb:ab:ed:11:fe:e0:02:c6:5b:bd:b8:54:
                    ef:cb:5b:c2:ba:1a:f5:85:29:64:8a:71:85:98:2c:
                    14:af:94:f0:83:7d:26:5d:be:8d:4a:94:5b:9a:c1:
                    af:1f:13:e5:d2:55:19:48:92:a1:68:54:3e:67:13:
                    f7:77:dc:00:16:7c:08:d6:82:9f:42:5c:8f:27:1c:
                    ac:91:86:d3:82:6f:9c:e2:51:67:7f:70:0f:90:8a:
                    e8:76:00:2b:e3:d7:62:8e:ce:da:e1:f4:24:d8:e9:
                    f7:3c:50:7c:83:38:6f:92:7c:ca:b0:4f:eb:dd:99:
                    1e:81:4d:8d:28:f4:38:9b:83:50:69:c7:38:16:0b:
                    42:31:67:c2:33:71:bd:0f:d2:6c:da:51:46:dc:67:
                    4c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:8E:69:7C:26:2A:96:32:57:38:2F:55:77:56:CA:41:53:35:6F:0A
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/U45pfCYqljJXOC9Vd1bKQVM1bwo.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.180.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:1b:d0:a9:71:22:cb:7f:df:98:02:45:08:42:a0:52:85:af:
         36:3c:09:06:31:25:6a:62:68:d3:69:59:9b:90:52:d7:00:e0:
         c3:5a:b4:b9:87:25:76:48:f2:64:ed:1f:14:d4:c6:8f:f9:89:
         55:30:1d:6d:fc:63:55:fe:e5:37:fc:a2:09:fd:ca:30:3e:25:
         13:eb:7e:09:f5:c5:13:bd:17:4c:d5:27:dc:0a:20:cb:3c:24:
         44:45:48:eb:a7:e8:a6:90:27:15:f9:59:d9:7d:6e:41:47:62:
         d4:ff:ea:b5:b2:d2:56:50:ac:83:d9:88:ef:aa:76:e8:69:09:
         4a:02:57:c1:e6:03:9c:60:a4:eb:20:1b:76:93:eb:c9:3d:d1:
         06:6f:ed:c5:1d:66:00:a7:2a:4c:3d:c6:cf:63:d4:d7:ae:ba:
         4e:80:67:c1:e0:2a:23:24:73:4d:b8:f2:fd:ea:2b:f0:21:19:
         d2:6b:88:16:c9:7a:e8:4c:a2:a2:3a:3e:0f:12:52:1c:b5:54:
         26:62:b1:e8:78:bb:93:35:d5:ac:b0:f9:fa:f4:98:8f:5e:62:
         13:f0:17:eb:7e:8e:e9:5f:e3:56:1f:ad:68:07:5c:d6:80:ba:
         08:3f:52:22:1a:48:29:b5:08:b9:3e:7f:71:b7:26:af:e7:2f:
         20:aa:8c:d7
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDARppMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjMwNjE3
MDAyNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg1MzhFNjk3QzI2MkE5
NjMyNTczODJGNTU3NzU2Q0E0MTUzMzU2RjBBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAzSRIW7bBRWumNzsLiprsx7SmaLSfSMXB9UEkewXbgEb9YG2j
CH/kpWRlO2Xv5oajlKWxBk6z/hV2zVnEe4l5ahzS62IpV+FKgcJSs63jVAqupm6l
ZmfHS2bybyFaZL4LOv0QHnZchHKW4O27q+0R/uACxlu9uFTvy1vCuhr1hSlkinGF
mCwUr5Twg30mXb6NSpRbmsGvHxPl0lUZSJKhaFQ+ZxP3d9wAFnwI1oKfQlyPJxys
kYbTgm+c4lFnf3APkIrodgAr49dijs7a4fQk2On3PFB8gzhvknzKsE/r3ZkegU2N
KPQ4m4NQacc4FgtCMWfCM3G9D9Js2lFG3GdM+QIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFFOOaXwmKpYyVzgvVXdWykFTNW8KMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL1U0NXBmQ1lxbGpKWE9DOVZkMWJLUVZNMWJ3by5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMa0mDANBgkqhkiG9w0BAQsFAAOCAQEArBvQ
qXEiy3/fmAJFCEKgUoWvNjwJBjElamJo02lZm5BS1wDgw1q0uYcldkjyZO0fFNTG
j/mJVTAdbfxjVf7lN/yiCf3KMD4lE+t+CfXFE70XTNUn3AogyzwkREVI66foppAn
FflZ2X1uQUdi1P/qtbLSVlCsg9mI76p26GkJSgJXweYDnGCk6yAbdpPryT3RBm/t
xR1mAKcqTD3Gz2PU1666ToBnweAqIyRzTbjy/eor8CEZ0muIFsl66Eyiojo+DxJS
HLVUJmKx6Hi7kzXVrLD5+vSYj15iE/AX636O6V/jVh+taAdc1oC6CD9SIhpIKbUI
uT5/cbcmr+cvIKqM1w==
-----END CERTIFICATE-----