Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/u3LxPDwE68JjCe4rglZq-TiLgdQ.roa
File:                     u3LxPDwE68JjCe4rglZq-TiLgdQ.roa (raw, json)
Hash identifier:          TL9uFRNt2yylbvERYgsQzvW7FKzRTjnH6ltkOEjxQ7M=
Subject key identifier:   BB:72:F1:3C:3C:04:EB:C2:63:09:EE:2B:82:56:6A:F9:38:8B:81:D4
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       011A68
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/u3LxPDwE68JjCe4rglZq-TiLgdQ.roa
Signing time:             Sat 17 Jun 2023 00:27:07 +0000
ROA not before:           Sat 17 Jun 2023 00:27:07 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203274
IP address blocks:        198.133.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 04:41:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 72296 (0x11a68)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:27:07 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=BB72F13C3C04EBC26309EE2B82566AF9388B81D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:dc:e6:06:2e:53:45:08:ac:69:b7:5d:1a:fe:
                    4f:06:36:b9:e2:85:8d:e1:36:e4:43:2f:11:92:ef:
                    f4:ea:cc:d8:b5:45:99:c5:18:6e:8d:9d:51:44:e7:
                    95:e4:1a:fd:92:41:b0:a5:0d:a2:7f:e4:b7:b8:e0:
                    12:e7:1d:68:c7:ea:69:7a:34:f1:16:d0:70:5b:c0:
                    2b:db:47:ca:47:c1:cd:9f:42:6e:8f:0a:5c:27:60:
                    4a:a3:09:a8:2f:ff:21:b2:db:e6:d6:88:06:0a:5a:
                    b6:49:b2:96:cc:89:d5:f1:9d:15:74:ba:27:a5:ed:
                    c8:b2:2a:8c:84:6e:40:6e:19:3a:7e:de:7e:4f:ec:
                    04:fd:19:0a:12:20:09:d5:6b:55:c4:e8:91:32:93:
                    f0:8c:7d:0c:4f:7c:de:94:df:fd:a5:74:38:0a:8e:
                    e7:3f:3b:51:25:c1:52:e4:d3:53:6a:e6:d5:42:5a:
                    6b:20:84:f4:ee:d4:db:fd:0d:4c:2e:f7:24:28:3e:
                    73:c9:ef:a4:92:f6:63:b9:25:aa:1d:48:cf:f2:58:
                    6b:56:46:e6:6a:04:1e:f1:31:2b:41:9d:5a:3d:f8:
                    1e:5a:76:02:b8:b5:32:d5:37:2c:bc:45:41:2d:a1:
                    bb:21:48:2c:b1:92:fb:10:40:9a:7a:9e:fa:0d:2e:
                    bd:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:72:F1:3C:3C:04:EB:C2:63:09:EE:2B:82:56:6A:F9:38:8B:81:D4
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/u3LxPDwE68JjCe4rglZq-TiLgdQ.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.133.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:f4:ea:2e:51:c4:a7:07:49:ba:ce:d1:cc:ef:1f:77:91:4b:
         78:90:0f:51:6c:dc:c3:f2:de:75:91:e4:cb:c7:bc:1f:6d:d8:
         83:c3:9f:a9:33:58:95:09:c5:78:27:55:a5:71:76:d1:72:6b:
         0f:ee:58:cb:ef:28:94:b0:e1:36:08:6e:2d:1a:ef:f3:c8:7d:
         a8:2b:cd:b4:39:ba:78:03:32:88:19:80:78:c7:d2:f3:ff:8c:
         59:20:53:4b:2b:ba:08:e7:a2:1d:27:44:3b:89:56:aa:71:65:
         6a:a0:79:4c:a8:a4:a8:02:b1:c8:75:f9:e2:5b:4c:8e:5f:a4:
         f1:c1:c8:e1:0a:18:00:af:fc:03:d4:1d:a7:bd:4d:fa:bc:16:
         01:dd:2d:97:99:33:d7:b9:88:6b:ac:88:14:35:6c:39:46:a7:
         93:7e:e0:7a:82:d7:fa:47:f6:53:7a:5a:67:7f:60:78:0f:ab:
         66:03:71:74:a7:83:72:be:ba:53:8f:50:33:70:00:86:d5:b4:
         fd:9f:db:53:fe:97:8d:8b:da:87:e5:84:74:b5:0c:af:da:08:
         1d:4f:24:d4:d5:54:61:d9:74:cb:6b:43:f9:4a:bf:8c:0f:14:
         bd:e0:ac:d1:81:bb:80:0d:f0:09:05:d6:d5:df:b9:18:8f:bb:
         48:b9:f0:9b
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDARpoMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjMwNjE3
MDAyNzA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhCQjcyRjEzQzNDMDRF
QkMyNjMwOUVFMkI4MjU2NkFGOTM4OEI4MUQ0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAmNzmBi5TRQisabddGv5PBja54oWN4TbkQy8Rku/06szYtUWZ
xRhujZ1RROeV5Br9kkGwpQ2if+S3uOAS5x1ox+ppejTxFtBwW8Ar20fKR8HNn0Ju
jwpcJ2BKowmoL/8hstvm1ogGClq2SbKWzInV8Z0VdLonpe3IsiqMhG5Abhk6ft5+
T+wE/RkKEiAJ1WtVxOiRMpPwjH0MT3zelN/9pXQ4Co7nPztRJcFS5NNTaubVQlpr
IIT07tTb/Q1MLvckKD5zye+kkvZjuSWqHUjP8lhrVkbmagQe8TErQZ1aPfgeWnYC
uLUy1TcsvEVBLaG7IUgssZL7EECaep76DS69FwIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFLty8Tw8BOvCYwnuK4JWavk4i4HUMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL3UzTHhQRHdFNjhKakNlNHJnbFpxLVRpTGdkUS5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMaFzjANBgkqhkiG9w0BAQsFAAOCAQEASPTq
LlHEpwdJus7RzO8fd5FLeJAPUWzcw/LedZHky8e8H23Yg8OfqTNYlQnFeCdVpXF2
0XJrD+5Yy+8olLDhNghuLRrv88h9qCvNtDm6eAMyiBmAeMfS8/+MWSBTSyu6COei
HSdEO4lWqnFlaqB5TKikqAKxyHX54ltMjl+k8cHI4QoYAK/8A9Qdp71N+rwWAd0t
l5kz17mIa6yIFDVsOUank37geoLX+kf2U3paZ39geA+rZgNxdKeDcr66U49QM3AA
htW0/Z/bU/6XjYvah+WEdLUMr9oIHU8k1NVUYdl0y2tD+Uq/jA8UveCs0YG7gA3w
CQXW1d+5GI+7SLnwmw==
-----END CERTIFICATE-----