Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/w4aQNJ6BTAhSy8N4jpzB1C_y4HU.roa
File:                     w4aQNJ6BTAhSy8N4jpzB1C_y4HU.roa (raw, json)
Hash identifier:          wIU9BI6fyhBSfnUIs22MlIgIfUPGB/EErx+QcgVKZhY=
Subject key identifier:   C3:86:90:34:9E:81:4C:08:52:CB:C3:78:8E:9C:C1:D4:2F:F2:E0:75
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       014943
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/w4aQNJ6BTAhSy8N4jpzB1C_y4HU.roa
Signing time:             Thu 22 Feb 2024 01:57:28 +0000
ROA not before:           Thu 22 Feb 2024 01:57:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10233
IP address blocks:        147.28.8.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:11:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 84291 (0x14943)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Feb 22 01:57:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=C38690349E814C0852CBC3788E9CC1D42FF2E075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:20:32:3e:86:5d:0f:41:50:60:7d:f3:5e:e2:
                    70:b9:65:dc:ea:f1:5e:1c:7b:0e:b5:a9:50:4d:62:
                    2f:22:e1:16:f5:04:65:43:91:e5:f0:0d:b7:e9:c2:
                    b7:23:02:d9:84:3a:c7:33:ee:5a:cf:94:e4:75:90:
                    a5:bf:06:b7:41:ab:eb:79:ad:f5:9f:85:3b:20:cd:
                    be:8a:3a:68:61:b6:5e:49:16:05:a8:87:40:cd:26:
                    ff:51:95:c7:e4:fd:a6:54:36:71:33:4b:93:7d:9f:
                    d0:8d:88:a4:b2:75:5e:f8:c4:94:42:88:b3:4e:5e:
                    e2:76:65:a9:af:d2:19:b2:df:c8:d6:3c:01:52:ee:
                    8c:31:16:ae:f8:1b:8a:f3:d6:b5:2e:a1:38:df:54:
                    01:8d:dc:ce:63:fb:47:f3:8c:3f:a6:b1:50:82:2e:
                    cc:10:55:b9:92:35:5c:8c:d9:f5:90:25:28:e6:b5:
                    a0:60:78:1a:da:8e:df:6b:ae:89:7c:47:1b:78:7c:
                    a2:70:53:e9:8d:ed:b2:1a:e0:a8:8b:84:91:59:eb:
                    06:c0:ed:06:71:c0:b9:9b:6a:7d:68:25:6f:73:f6:
                    c7:44:bc:05:2a:f1:23:c0:0b:ea:c2:3b:e6:05:2b:
                    9d:d4:ba:63:03:f7:c4:4c:e6:a5:2f:04:1b:43:f6:
                    b2:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:86:90:34:9E:81:4C:08:52:CB:C3:78:8E:9C:C1:D4:2F:F2:E0:75
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/w4aQNJ6BTAhSy8N4jpzB1C_y4HU.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:44:3a:12:27:bc:45:93:43:6d:79:8f:0f:7d:2e:f5:26:fc:
         71:d4:51:3f:e7:6e:5c:ae:74:b3:3b:69:87:98:fa:f6:59:db:
         c2:8f:fd:b5:13:40:0a:5e:14:cf:55:c4:3a:8b:b6:5d:d0:70:
         1a:df:ac:eb:2c:d4:ec:9a:d9:43:29:e6:dd:c2:f7:aa:dc:b8:
         d6:ed:d8:32:af:ec:22:9a:47:2c:a8:f6:0c:bc:87:0d:a4:76:
         66:89:01:7d:6b:e0:28:75:c9:3b:89:84:81:d7:9c:13:c8:13:
         b1:22:cf:90:3f:0c:09:3a:24:82:e0:af:83:cc:a7:19:08:89:
         cc:43:76:35:c4:1d:1d:a0:b1:11:05:c2:c3:92:aa:aa:8b:22:
         98:99:5c:42:90:27:cf:67:83:73:87:8b:da:42:34:ea:db:42:
         3f:ec:57:b7:9d:b7:80:85:8e:bc:a5:ee:8b:41:b8:e1:39:7d:
         9a:b7:4a:94:bd:bd:49:71:30:f3:02:68:22:9d:d4:ed:6a:4e:
         8e:bc:f2:45:6b:1f:aa:37:08:f2:7f:69:1e:e9:42:cc:0a:1d:
         32:18:be:8f:d0:77:3a:a4:45:41:ee:8e:bf:57:fe:c0:e9:c5:
         79:97:f5:14:d1:1f:75:06:e8:3b:4d:a4:4f:cc:2c:99:a7:fc:
         52:d2:6e:76
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAUlDMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjQwMjIy
MDE1NzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhDMzg2OTAzNDlFODE0
QzA4NTJDQkMzNzg4RTlDQzFENDJGRjJFMDc1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAoSAyPoZdD0FQYH3zXuJwuWXc6vFeHHsOtalQTWIvIuEW9QRl
Q5Hl8A236cK3IwLZhDrHM+5az5TkdZClvwa3Qavrea31n4U7IM2+ijpoYbZeSRYF
qIdAzSb/UZXH5P2mVDZxM0uTfZ/QjYiksnVe+MSUQoizTl7idmWpr9IZst/I1jwB
Uu6MMRau+BuK89a1LqE431QBjdzOY/tH84w/prFQgi7MEFW5kjVcjNn1kCUo5rWg
YHga2o7fa66JfEcbeHyicFPpje2yGuCoi4SRWesGwO0GccC5m2p9aCVvc/bHRLwF
KvEjwAvqwjvmBSud1LpjA/fETOalLwQbQ/aykwIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFMOGkDSegUwIUsvDeI6cwdQv8uB1MB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL3c0YVFOSjZCVEFoU3k4TjRqcHpCMUNfeTRIVS5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAZMcCDANBgkqhkiG9w0BAQsFAAOCAQEAQkQ6
Eie8RZNDbXmPD30u9Sb8cdRRP+duXK50sztph5j69lnbwo/9tRNACl4Uz1XEOou2
XdBwGt+s6yzU7JrZQynm3cL3qty41u3YMq/sIppHLKj2DLyHDaR2ZokBfWvgKHXJ
O4mEgdecE8gTsSLPkD8MCTokguCvg8ynGQiJzEN2NcQdHaCxEQXCw5KqqosimJlc
QpAnz2eDc4eL2kI06ttCP+xXt523gIWOvKXui0G44Tl9mrdKlL29SXEw8wJoIp3U
7WpOjrzyRWsfqjcI8n9pHulCzAodMhi+j9B3OqRFQe6Ov1f+wOnFeZf1FNEfdQbo
O02kT8wsmaf8UtJudg==
-----END CERTIFICATE-----