Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/3HMwBI2mmdgZf44vmklizh4l3uk.roa
File:                     3HMwBI2mmdgZf44vmklizh4l3uk.roa (raw, json)
Hash identifier:          S0NWCAaR8S1oYS8AY/ncX2TsWb380AVwO1+DIZWsP64=
Subject key identifier:   DC:73:30:04:8D:A6:99:D8:19:7F:8E:2F:9A:49:62:CE:1E:25:DE:E9
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       015F06
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/3HMwBI2mmdgZf44vmklizh4l3uk.roa
Signing time:             Mon 17 Jun 2024 00:14:16 +0000
ROA not before:           Mon 17 Jun 2024 00:14:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3130
IP address blocks:        192.83.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 11:21:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89862 (0x15f06)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:14:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=DC7330048DA699D8197F8E2F9A4962CE1E25DEE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:67:2a:d1:7f:7a:82:45:b1:03:28:28:5b:d9:
                    65:67:c6:15:df:ca:f3:22:d8:ab:0c:63:c5:b8:8d:
                    f6:87:cf:ce:a4:b2:82:ed:cf:58:73:e0:4d:5e:90:
                    d9:f2:7a:6d:75:b5:94:13:05:08:8d:59:93:8a:d7:
                    00:57:6e:9d:5f:7b:a9:3d:c0:a3:fd:9b:a3:ed:81:
                    66:b3:a8:d3:23:39:e2:ad:7b:02:05:6f:c9:ef:07:
                    28:32:19:23:19:24:1d:84:bb:5c:95:f7:6d:b6:66:
                    96:75:da:60:70:ad:15:91:8c:13:91:c9:04:03:5c:
                    1b:6e:15:33:fa:96:b2:d1:5d:cb:57:aa:69:5c:85:
                    74:22:21:0d:33:1c:4c:4f:b0:87:f7:d1:62:3c:8c:
                    77:35:73:c1:3e:8b:a5:5c:3d:a0:7f:a7:10:92:ff:
                    ca:42:e6:df:e5:18:25:24:d1:de:fb:54:3b:06:41:
                    86:68:41:99:49:c2:86:77:1a:19:49:99:de:d6:58:
                    98:2a:0d:74:76:70:7c:ce:62:e0:fa:c3:63:c2:77:
                    45:3b:36:ce:50:7d:48:a4:90:b3:24:87:e9:74:18:
                    78:4f:57:6d:49:a9:86:a7:16:ba:6a:1b:67:42:91:
                    e4:cd:03:de:02:42:87:e8:03:fa:03:be:c0:a3:99:
                    33:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:73:30:04:8D:A6:99:D8:19:7F:8E:2F:9A:49:62:CE:1E:25:DE:E9
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/3HMwBI2mmdgZf44vmklizh4l3uk.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.83.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:d2:d6:74:65:1a:27:fe:4c:6e:1f:b4:36:cd:6f:02:40:16:
         60:c4:80:d9:21:d7:0b:4b:c6:b0:f2:02:b3:ec:58:18:49:1b:
         45:43:f2:1e:0e:32:a9:60:13:8e:88:be:2d:d4:c2:4c:dd:ab:
         1a:d0:b0:b3:a5:ce:3f:a5:e7:ee:f0:5a:58:4d:0e:f2:d3:0f:
         66:9b:30:17:22:b1:49:51:fe:4c:08:7d:54:c8:33:47:b8:67:
         af:8f:9e:e2:7a:ac:1f:93:86:7c:ff:f2:0c:a2:39:f7:33:4c:
         32:cc:79:e3:17:54:63:92:d0:65:dd:c2:23:1d:46:dc:df:d6:
         98:aa:fe:24:07:af:0f:04:3b:2b:12:10:61:a8:87:00:a5:72:
         0b:0c:71:aa:91:db:2e:de:3b:47:75:51:48:1a:b1:4c:78:29:
         7b:74:5e:97:18:ee:a4:25:f1:2b:cf:8f:15:49:fc:95:fe:7d:
         a5:fe:c6:84:f4:02:5f:ce:13:24:e4:fa:46:93:9f:2f:bd:fe:
         2f:b0:e4:36:09:d8:5e:8b:9e:88:1a:2b:27:51:53:d0:b6:5a:
         6b:c5:23:6a:85:8c:1f:bf:54:ed:f0:9c:33:97:cb:3e:2d:3e:
         4a:0b:52:cd:77:65:cc:da:d4:6f:5c:35:6e:4f:eb:b9:45:c9:
         6c:ae:6a:1d
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAV8GMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjQwNjE3
MDAxNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhEQzczMzAwNDhEQTY5
OUQ4MTk3RjhFMkY5QTQ5NjJDRTFFMjVERUU5MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA0Gcq0X96gkWxAygoW9llZ8YV38rzItirDGPFuI32h8/OpLKC
7c9Yc+BNXpDZ8nptdbWUEwUIjVmTitcAV26dX3upPcCj/Zuj7YFms6jTIznirXsC
BW/J7wcoMhkjGSQdhLtclfdttmaWddpgcK0VkYwTkckEA1wbbhUz+pay0V3LV6pp
XIV0IiENMxxMT7CH99FiPIx3NXPBPoulXD2gf6cQkv/KQubf5RglJNHe+1Q7BkGG
aEGZScKGdxoZSZne1liYKg10dnB8zmLg+sNjwndFOzbOUH1IpJCzJIfpdBh4T1dt
SamGpxa6ahtnQpHkzQPeAkKH6AP6A77Ao5kzIQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFNxzMASNppnYGX+OL5pJYs4eJd7pMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VLzNITXdCSTJtbWRnWmY0NHZta2xpemg0bDN1ay5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMBT5jANBgkqhkiG9w0BAQsFAAOCAQEAGdLW
dGUaJ/5Mbh+0Ns1vAkAWYMSA2SHXC0vGsPICs+xYGEkbRUPyHg4yqWATjoi+LdTC
TN2rGtCws6XOP6Xn7vBaWE0O8tMPZpswFyKxSVH+TAh9VMgzR7hnr4+e4nqsH5OG
fP/yDKI59zNMMsx54xdUY5LQZd3CIx1G3N/WmKr+JAevDwQ7KxIQYaiHAKVyCwxx
qpHbLt47R3VRSBqxTHgpe3RelxjupCXxK8+PFUn8lf59pf7GhPQCX84TJOT6RpOf
L73+L7DkNgnYXoueiBorJ1FT0LZaa8UjaoWMH79U7fCcM5fLPi0+SgtSzXdlzNrU
b1w1bk/ruUXJbK5qHQ==
-----END CERTIFICATE-----