Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/TCowW55CMo5nvYCGDBaeilTvY6k.roa
File:                     TCowW55CMo5nvYCGDBaeilTvY6k.roa (raw, json)
Hash identifier:          puj+QDSga2A8MzRdAlXyzCxXxn56ezdEG3C1HVua4NE=
Subject key identifier:   4C:2A:30:5B:9E:42:32:8E:67:BD:80:86:0C:16:9E:8A:54:EF:63:A9
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       015F02
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/TCowW55CMo5nvYCGDBaeilTvY6k.roa
Signing time:             Mon 17 Jun 2024 00:14:15 +0000
ROA not before:           Mon 17 Jun 2024 00:14:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199518
IP address blocks:        198.180.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 08:51:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89858 (0x15f02)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:14:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4C2A305B9E42328E67BD80860C169E8A54EF63A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:48:4c:70:02:4e:1a:ff:f5:44:f1:c6:66:6e:
                    87:88:2a:07:d5:51:fc:c0:de:55:7a:3f:0c:15:37:
                    c7:8d:e2:11:78:97:c6:f8:7c:67:4f:40:9a:8e:69:
                    c6:40:e9:e7:ae:02:bf:26:9c:c2:06:88:bc:cd:4d:
                    ad:7b:63:03:bf:19:a3:fa:89:4b:49:29:c6:c9:0b:
                    07:54:40:c2:2b:21:b9:09:d0:43:1d:65:11:24:26:
                    c7:9f:e6:bb:3e:fd:e6:e1:07:3a:47:bc:ff:a1:8e:
                    ab:b2:66:33:d6:39:20:d3:66:6e:0c:a8:9f:1d:f1:
                    09:3b:b7:f6:b6:19:ab:5d:b2:b7:8c:14:37:34:75:
                    59:2b:3b:57:92:f0:ae:7a:fe:12:08:23:0c:41:9e:
                    42:de:54:b1:bc:36:b4:f3:1a:86:28:fe:10:91:8f:
                    5a:cf:34:a9:a3:99:17:fa:af:28:7a:b5:aa:2b:b8:
                    17:e7:68:ac:7e:f7:91:3f:23:3c:f3:e2:0d:ed:cc:
                    45:a5:e6:87:63:e5:6f:d6:8f:75:72:41:be:55:36:
                    3e:43:71:4e:e7:dc:d4:1d:95:30:d8:2d:2c:33:d7:
                    f8:c8:ba:c6:ab:29:05:f5:c6:ea:33:1a:d4:82:7b:
                    03:46:80:01:07:ef:81:bd:a5:36:91:81:5a:e0:41:
                    1e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:2A:30:5B:9E:42:32:8E:67:BD:80:86:0C:16:9E:8A:54:EF:63:A9
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/TCowW55CMo5nvYCGDBaeilTvY6k.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.180.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:09:3a:36:9a:9c:f8:ae:c1:21:93:31:fb:3a:5f:bf:93:ce:
         fa:7f:d8:a1:79:db:41:e4:b4:c6:eb:f8:36:8e:b6:c6:2d:4d:
         f5:21:87:3b:b7:50:5b:55:ac:a9:53:24:a9:13:ec:72:4a:d2:
         69:75:d0:a2:e2:65:23:94:55:6e:1e:95:2f:d7:28:bc:30:a3:
         ab:48:49:ff:ec:da:f6:63:68:44:b6:0e:1a:b4:49:28:e5:e4:
         6c:6e:7a:b6:d8:78:cb:e9:0e:84:db:26:0d:21:f8:c0:80:bf:
         d0:64:e0:b0:81:15:ef:44:d5:8e:f8:3e:39:b3:c6:06:3e:16:
         fb:ef:b8:3a:94:56:a3:3e:74:89:ab:a4:d5:56:b7:ab:2b:80:
         e1:a4:65:39:26:c3:f8:fe:ca:b8:54:59:09:8f:0e:fe:15:b9:
         39:c9:3b:35:e1:03:5b:13:8a:be:d8:97:8f:0e:6d:88:5a:d7:
         ec:17:8c:7f:4b:f5:88:96:87:ee:c2:47:83:20:85:10:75:77:
         05:67:5d:b3:38:c2:8c:69:3f:31:61:9b:7b:e7:84:a8:db:4d:
         b1:40:fb:9f:db:75:9d:a4:7f:5e:e0:29:bb:2f:c2:bf:3b:b5:
         f3:96:02:b0:85:8f:02:99:17:44:24:c4:cc:e7:26:3a:10:2f:
         18:6b:b1:2b
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAV8CMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjQwNjE3
MDAxNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg0QzJBMzA1QjlFNDIz
MjhFNjdCRDgwODYwQzE2OUU4QTU0RUY2M0E5MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1EhMcAJOGv/1RPHGZm6HiCoH1VH8wN5Vej8MFTfHjeIReJfG
+HxnT0CajmnGQOnnrgK/JpzCBoi8zU2te2MDvxmj+olLSSnGyQsHVEDCKyG5CdBD
HWURJCbHn+a7Pv3m4Qc6R7z/oY6rsmYz1jkg02ZuDKifHfEJO7f2thmrXbK3jBQ3
NHVZKztXkvCuev4SCCMMQZ5C3lSxvDa08xqGKP4QkY9azzSpo5kX+q8oerWqK7gX
52isfveRPyM88+IN7cxFpeaHY+Vv1o91ckG+VTY+Q3FO59zUHZUw2C0sM9f4yLrG
qykF9cbqMxrUgnsDRoABB++BvaU2kYFa4EEeNQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFEwqMFueQjKOZ72AhgwWnopU72OpMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL1RDb3dXNTVDTW81bnZZQ0dEQmFlaWxUdlk2ay5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMa0lzANBgkqhkiG9w0BAQsFAAOCAQEAngk6
Npqc+K7BIZMx+zpfv5PO+n/YoXnbQeS0xuv4No62xi1N9SGHO7dQW1WsqVMkqRPs
ckrSaXXQouJlI5RVbh6VL9covDCjq0hJ/+za9mNoRLYOGrRJKOXkbG56tth4y+kO
hNsmDSH4wIC/0GTgsIEV70TVjvg+ObPGBj4W+++4OpRWoz50iauk1Va3qyuA4aRl
OSbD+P7KuFRZCY8O/hW5Ock7NeEDWxOKvtiXjw5tiFrX7BeMf0v1iJaH7sJHgyCF
EHV3BWddszjCjGk/MWGbe+eEqNtNsUD7n9t1naR/XuApuy/Cvzu185YCsIWPApkX
RCTEzOcmOhAvGGuxKw==
-----END CERTIFICATE-----