Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/Cj5ZRKtByA1oSvzgNdbXx2kuZQ4.roa
File:                     Cj5ZRKtByA1oSvzgNdbXx2kuZQ4.roa (raw, json)
Hash identifier:          ZEVMpj1l9RZGSL43WiWgUXRXufJh/xIXULJdQaQWNJ0=
Subject key identifier:   0A:3E:59:44:AB:41:C8:0D:68:4A:FC:E0:35:D6:D7:C7:69:2E:65:0E
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       010C71
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/Cj5ZRKtByA1oSvzgNdbXx2kuZQ4.roa
Signing time:             Mon 03 Apr 2023 20:09:53 +0000
ROA not before:           Mon 03 Apr 2023 20:09:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3970
IP address blocks:        45.132.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 09:29:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 68721 (0x10c71)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Apr  3 20:09:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0A3E5944AB41C80D684AFCE035D6D7C7692E650E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7a:a6:f5:46:46:3c:4a:c6:22:71:9f:28:d3:
                    48:84:fc:0e:38:4d:d0:d3:b5:e5:6c:ba:5e:9b:c2:
                    ef:00:39:37:49:f7:79:74:1a:39:4d:f7:a1:b4:a3:
                    96:2a:56:f7:ec:46:f4:9f:f6:48:f2:16:8d:ce:bb:
                    7d:ac:34:70:ea:27:97:dc:46:c7:36:9f:9f:1b:01:
                    51:d6:05:e9:68:74:2a:dc:d7:df:44:b7:7a:d6:1d:
                    b0:f2:31:31:cb:52:94:4f:0a:05:22:1f:63:98:11:
                    ba:26:11:57:ca:e2:10:d1:98:ca:44:14:1b:44:ae:
                    76:92:48:1c:cb:62:8b:0c:f3:8f:58:36:f3:04:7e:
                    bb:4c:d0:a6:61:89:8b:f7:d9:c0:41:a3:dc:a2:e9:
                    0a:2e:a3:80:27:0a:39:b4:1e:ae:f3:7f:19:17:1c:
                    9d:d8:b2:3e:99:0e:fc:6c:b8:6b:87:67:b8:93:58:
                    20:1a:ad:74:78:a7:5a:51:18:47:dc:70:ef:e4:e6:
                    ec:06:cb:9e:ae:67:4d:5a:4d:ff:06:e9:25:44:ee:
                    05:19:65:4b:ed:14:48:fd:fd:37:af:cb:2c:c1:32:
                    9d:c8:76:7d:9c:32:0e:a3:1e:b6:bc:9b:13:7b:8f:
                    4c:ae:b6:c1:ca:7b:55:4a:34:68:20:76:58:92:f6:
                    5f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:3E:59:44:AB:41:C8:0D:68:4A:FC:E0:35:D6:D7:C7:69:2E:65:0E
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/Cj5ZRKtByA1oSvzgNdbXx2kuZQ4.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:af:4f:1f:44:53:16:d5:47:32:b1:a1:0e:82:56:3e:f3:78:
         49:1d:6c:2f:9b:77:3e:b6:af:3c:ac:8b:89:f1:9b:95:bc:c6:
         e4:7b:c7:6a:18:c4:8c:c2:03:72:78:64:8f:46:ce:4b:38:55:
         70:4e:d4:c0:88:c2:e3:6f:bf:36:18:45:8b:d5:79:29:86:ca:
         8d:ad:6b:df:9b:b5:3b:c3:9a:c1:67:47:05:99:77:cc:f8:85:
         8f:6b:c8:f7:61:de:5e:30:44:4a:0c:51:dc:dd:48:fc:67:88:
         40:fd:04:3a:ea:be:00:cc:43:9b:24:4f:61:32:8e:2d:27:1e:
         58:0b:6e:91:0a:53:7e:c3:bf:f8:7e:53:56:55:6e:50:92:8c:
         7b:1e:95:8a:36:c3:a7:38:40:29:e3:fa:8d:34:57:32:58:ca:
         9d:60:43:f3:e7:04:07:e1:ad:d9:df:3b:d8:79:b7:d9:d5:ec:
         66:64:7a:00:51:44:da:27:8a:11:6f:e8:73:fe:7a:c5:d7:1e:
         c5:a2:49:96:bc:e8:08:49:42:d6:1c:15:46:82:6e:4d:cb:3a:
         eb:ca:6c:84:4b:a4:97:d0:dd:5d:9e:9e:a0:a7:38:41:73:e6:
         8d:62:bf:2b:a4:9c:15:3d:d6:e5:cf:5c:b6:00:61:e6:d3:c3:
         23:86:d8:9f
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAQxxMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjMwNDAz
MjAwOTUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygwQTNFNTk0NEFCNDFD
ODBENjg0QUZDRTAzNUQ2RDdDNzY5MkU2NTBFMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAm3qm9UZGPErGInGfKNNIhPwOOE3Q07XlbLpem8LvADk3Sfd5
dBo5TfehtKOWKlb37Eb0n/ZI8haNzrt9rDRw6ieX3EbHNp+fGwFR1gXpaHQq3Nff
RLd61h2w8jExy1KUTwoFIh9jmBG6JhFXyuIQ0ZjKRBQbRK52kkgcy2KLDPOPWDbz
BH67TNCmYYmL99nAQaPcoukKLqOAJwo5tB6u838ZFxyd2LI+mQ78bLhrh2e4k1gg
Gq10eKdaURhH3HDv5ObsBsuermdNWk3/BuklRO4FGWVL7RRI/f03r8sswTKdyHZ9
nDIOox62vJsTe49MrrbByntVSjRoIHZYkvZfBQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFAo+WUSrQcgNaEr84DXW18dpLmUOMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL0NqNVpSS3RCeUExb1N2emdOZGJYeDJrdVpRNC5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAi2EvDANBgkqhkiG9w0BAQsFAAOCAQEAK69P
H0RTFtVHMrGhDoJWPvN4SR1sL5t3PravPKyLifGblbzG5HvHahjEjMIDcnhkj0bO
SzhVcE7UwIjC42+/NhhFi9V5KYbKja1r35u1O8OawWdHBZl3zPiFj2vI92HeXjBE
SgxR3N1I/GeIQP0EOuq+AMxDmyRPYTKOLSceWAtukQpTfsO/+H5TVlVuUJKMex6V
ijbDpzhAKeP6jTRXMljKnWBD8+cEB+Gt2d872Hm32dXsZmR6AFFE2ieKEW/oc/56
xdcexaJJlrzoCElC1hwVRoJuTcs668pshEukl9DdXZ6eoKc4QXPmjWK/K6ScFT3W
5c9ctgBh5tPDI4bYnw==
-----END CERTIFICATE-----