Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/96tURaabgjzgVugskt0VXoo83zg.roa
File:                     96tURaabgjzgVugskt0VXoo83zg.roa (raw, json)
Hash identifier:          14fs3Md4TNstiyC6nR641winIlE9WPGiJTX2hZTLEB8=
Subject key identifier:   F7:AB:54:45:A6:9B:82:3C:E0:56:E8:2C:92:DD:15:5E:8A:3C:DF:38
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       015F04
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/96tURaabgjzgVugskt0VXoo83zg.roa
Signing time:             Mon 17 Jun 2024 00:14:15 +0000
ROA not before:           Mon 17 Jun 2024 00:14:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3130
IP address blocks:        147.28.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 10:51:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89860 (0x15f04)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:14:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=F7AB5445A69B823CE056E82C92DD155E8A3CDF38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8a:af:0c:7e:73:87:79:d4:8a:2c:ff:92:35:
                    0b:f3:8a:0c:5f:1e:58:73:5b:db:80:30:98:43:80:
                    b1:95:ca:f5:61:a2:5b:45:01:41:69:9a:b2:fa:17:
                    fa:32:8f:44:05:9d:97:30:a3:15:bb:8e:51:e8:90:
                    22:bd:70:d4:a6:82:c2:62:54:e1:0e:e9:d4:ae:49:
                    5d:bd:3b:48:5b:ee:0d:05:20:04:2c:71:7b:a0:60:
                    42:cb:6c:7b:01:c5:bf:3c:18:be:9b:6c:25:02:3b:
                    f6:ee:4a:da:b4:e6:99:ae:df:21:13:b8:79:06:cf:
                    f3:bb:c3:55:bf:3d:99:7a:ad:d0:fc:c4:e4:45:90:
                    bf:eb:20:1a:b4:ac:86:48:8e:36:94:c6:a6:05:d5:
                    4f:53:98:60:80:14:04:e7:f1:b7:81:a2:17:41:85:
                    e9:d1:b2:37:6c:75:b4:f1:8b:a7:40:2a:1a:3d:21:
                    08:cb:6f:08:ff:eb:30:57:12:dd:ea:af:42:85:1f:
                    e8:f0:90:53:2d:61:74:09:26:41:ef:3d:aa:89:bb:
                    0f:71:00:64:05:3e:40:f1:1a:45:e4:1f:3b:1c:46:
                    2a:02:99:bd:6b:d9:81:8a:9e:d7:1d:60:4c:98:4e:
                    c1:f3:e5:7c:51:98:1d:48:51:4e:7b:3e:e9:9f:8f:
                    83:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:AB:54:45:A6:9B:82:3C:E0:56:E8:2C:92:DD:15:5E:8A:3C:DF:38
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/96tURaabgjzgVugskt0VXoo83zg.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:0c:b6:70:64:49:10:5b:65:43:09:b0:c2:8c:70:68:f3:12:
         5a:2f:82:d9:8f:ca:3f:76:d1:aa:41:56:42:f6:9c:6a:1a:aa:
         a0:7f:e5:9e:69:c4:9a:b6:36:db:db:f2:84:13:df:0c:a2:15:
         c1:e2:eb:84:97:33:c0:52:08:90:39:a5:5e:37:04:6c:b1:82:
         a0:64:f0:5d:0e:05:be:5b:a2:f1:fd:12:50:1c:a8:14:73:45:
         4b:3c:6f:7e:ce:b4:4b:41:53:8c:8c:e4:ba:c6:9c:e2:c3:cc:
         46:6f:f7:fa:20:f3:14:e6:84:2c:70:a6:50:50:e2:68:20:24:
         bf:08:cf:3c:9b:d9:83:fa:33:29:07:34:2e:d9:26:be:6f:e4:
         dc:23:1d:de:0a:dd:20:ad:0e:1d:6a:cf:6b:fc:9c:68:17:65:
         d7:3c:a8:ea:1f:d4:3e:86:15:53:a1:1a:25:88:b4:ab:8f:69:
         bd:df:31:8a:23:9f:68:4e:eb:77:4a:0a:7d:45:78:47:6b:c3:
         4b:e3:b5:50:c3:d8:40:b7:76:0a:c5:16:91:d1:0d:2b:8e:96:
         2a:61:d6:e6:c0:d1:30:81:58:80:b9:50:d7:0f:e6:19:45:97:
         f1:de:3a:ca:6f:4c:96:72:da:46:7b:d1:ab:4f:74:46:86:b9:
         e3:3d:49:18
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAV8EMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjQwNjE3
MDAxNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhGN0FCNTQ0NUE2OUI4
MjNDRTA1NkU4MkM5MkREMTU1RThBM0NERjM4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAooqvDH5zh3nUiiz/kjUL84oMXx5Yc1vbgDCYQ4Cxlcr1YaJb
RQFBaZqy+hf6Mo9EBZ2XMKMVu45R6JAivXDUpoLCYlThDunUrkldvTtIW+4NBSAE
LHF7oGBCy2x7AcW/PBi+m2wlAjv27kratOaZrt8hE7h5Bs/zu8NVvz2Zeq3Q/MTk
RZC/6yAatKyGSI42lMamBdVPU5hggBQE5/G3gaIXQYXp0bI3bHW08YunQCoaPSEI
y28I/+swVxLd6q9ChR/o8JBTLWF0CSZB7z2qibsPcQBkBT5A8RpF5B87HEYqApm9
a9mBip7XHWBMmE7B8+V8UZgdSFFOez7pn4+DaQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFPerVEWmm4I84FboLJLdFV6KPN84MB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VLzk2dFVSYWFiZ2p6Z1Z1Z3NrdDBWWG9vODN6Zy5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAJMcBzANBgkqhkiG9w0BAQsFAAOCAQEArgy2
cGRJEFtlQwmwwoxwaPMSWi+C2Y/KP3bRqkFWQvacahqqoH/lnmnEmrY229vyhBPf
DKIVweLrhJczwFIIkDmlXjcEbLGCoGTwXQ4Fvlui8f0SUByoFHNFSzxvfs60S0FT
jIzkusac4sPMRm/3+iDzFOaELHCmUFDiaCAkvwjPPJvZg/ozKQc0Ltkmvm/k3CMd
3grdIK0OHWrPa/ycaBdl1zyo6h/UPoYVU6EaJYi0q49pvd8xiiOfaE7rd0oKfUV4
R2vDS+O1UMPYQLd2CsUWkdENK46WKmHW5sDRMIFYgLlQ1w/mGUWX8d46ym9MlnLa
RnvRq090Roa54z1JGA==
-----END CERTIFICATE-----