Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/TFexsS7wMHP5o4Ij3ZkGJmlw8Jg.roa
File:                     TFexsS7wMHP5o4Ij3ZkGJmlw8Jg.roa (raw, json)
Hash identifier:          Z333zwglKJdvaAOyhlAIv9oXJfHVOnlHuEM0TQLbjPw=
Subject key identifier:   4C:57:B1:B1:2E:F0:30:73:F9:A3:82:23:DD:99:06:26:69:70:F0:98
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       011A67
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/TFexsS7wMHP5o4Ij3ZkGJmlw8Jg.roa
Signing time:             Sat 17 Jun 2023 00:27:07 +0000
ROA not before:           Sat 17 Jun 2023 00:27:07 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3130
IP address blocks:        192.83.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 03:59:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 72295 (0x11a67)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:27:07 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4C57B1B12EF03073F9A38223DD9906266970F098
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:9f:e5:28:b5:00:e1:12:db:cf:df:e5:88:97:
                    ad:7d:62:f5:86:69:cb:5c:e6:21:dd:bd:11:56:c5:
                    aa:0a:c9:54:6a:53:c4:b9:34:2d:31:9c:be:57:a3:
                    29:73:5d:1d:d6:04:86:8d:a3:ed:45:6f:be:a4:7f:
                    37:33:6c:30:15:39:6f:dc:85:10:a3:51:78:d1:4d:
                    b8:5f:d0:25:97:52:3c:01:55:a4:5d:9a:40:e9:8f:
                    78:f0:7c:6f:ca:d0:08:31:d9:4c:b2:aa:3b:77:72:
                    24:51:cc:07:ee:ff:7b:24:30:ae:c6:6b:55:f7:c8:
                    22:d3:cb:22:9b:56:69:de:84:59:aa:32:aa:c4:20:
                    4f:dd:bf:7a:13:e1:80:f4:cf:89:20:ce:68:00:8b:
                    01:82:26:d9:fd:97:ef:e1:ef:a1:77:00:af:1b:c3:
                    5c:38:1f:92:9b:53:fd:aa:17:68:18:e2:c2:d4:e4:
                    8f:ab:f4:36:fb:81:64:e0:2c:03:80:2e:dd:9a:0b:
                    03:4d:50:b5:44:2c:19:f2:b0:2c:1c:2c:4c:5f:97:
                    27:c9:38:f3:c1:8c:90:3d:34:7e:68:78:bb:88:a2:
                    92:53:4c:b8:f2:b6:ee:67:f7:1c:71:20:f5:3e:e9:
                    eb:57:2a:3b:00:51:86:38:b3:21:3f:f6:3f:5d:22:
                    76:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:57:B1:B1:2E:F0:30:73:F9:A3:82:23:DD:99:06:26:69:70:F0:98
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/TFexsS7wMHP5o4Ij3ZkGJmlw8Jg.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.83.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:74:e6:7c:86:b1:a3:7c:aa:8b:de:29:1f:db:14:99:4e:13:
         16:d3:d1:52:d3:a7:32:14:19:98:d7:cc:3b:75:ae:32:44:db:
         ca:04:1a:6c:45:fd:e2:80:0f:02:2b:97:18:ae:89:0f:d0:d5:
         59:4b:62:8b:86:93:96:48:1d:4c:5b:8c:24:98:bf:97:4b:8a:
         08:8d:95:3b:f2:59:30:b5:c8:02:52:a9:b3:84:8c:02:7d:1a:
         e5:59:16:c1:bd:e3:5f:03:a3:b8:1c:53:09:e5:72:54:07:bb:
         2a:58:9c:bc:a4:af:65:42:17:13:57:95:1a:65:d5:51:12:e0:
         e9:8b:db:e5:33:6b:c8:e5:ea:92:7e:dd:24:13:67:5a:a1:76:
         d2:f5:5e:89:cb:f9:68:c4:f7:dc:f8:b0:2d:b6:6e:ba:4c:23:
         84:c7:5b:97:0c:56:1c:49:b4:f3:1f:4c:86:a0:04:ea:b6:d7:
         96:53:71:37:d6:da:9e:b4:f6:30:59:ed:a0:f5:a4:07:8f:6a:
         b7:1c:ed:c7:88:57:8b:9d:9d:f4:40:1c:7a:4a:61:66:56:9a:
         dc:f9:94:ca:bc:8f:4f:4f:4c:3d:2f:0e:87:10:bf:83:52:75:
         fd:9f:e9:27:5e:89:e3:50:16:a9:37:4e:26:93:f2:29:f7:94:
         94:24:7b:0e
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDARpnMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjMwNjE3
MDAyNzA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg0QzU3QjFCMTJFRjAz
MDczRjlBMzgyMjNERDk5MDYyNjY5NzBGMDk4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA2p/lKLUA4RLbz9/liJetfWL1hmnLXOYh3b0RVsWqCslUalPE
uTQtMZy+V6Mpc10d1gSGjaPtRW++pH83M2wwFTlv3IUQo1F40U24X9All1I8AVWk
XZpA6Y948HxvytAIMdlMsqo7d3IkUcwH7v97JDCuxmtV98gi08sim1Zp3oRZqjKq
xCBP3b96E+GA9M+JIM5oAIsBgibZ/Zfv4e+hdwCvG8NcOB+Sm1P9qhdoGOLC1OSP
q/Q2+4Fk4CwDgC7dmgsDTVC1RCwZ8rAsHCxMX5cnyTjzwYyQPTR+aHi7iKKSU0y4
8rbuZ/cccSD1PunrVyo7AFGGOLMhP/Y/XSJ2jwIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFExXsbEu8DBz+aOCI92ZBiZpcPCYMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL1RGZXhzUzd3TUhQNW80SWozWmtHSm1sdzhKZy5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMBT5jANBgkqhkiG9w0BAQsFAAOCAQEAVXTm
fIaxo3yqi94pH9sUmU4TFtPRUtOnMhQZmNfMO3WuMkTbygQabEX94oAPAiuXGK6J
D9DVWUtii4aTlkgdTFuMJJi/l0uKCI2VO/JZMLXIAlKps4SMAn0a5VkWwb3jXwOj
uBxTCeVyVAe7KlicvKSvZUIXE1eVGmXVURLg6Yvb5TNryOXqkn7dJBNnWqF20vVe
icv5aMT33PiwLbZuukwjhMdblwxWHEm08x9MhqAE6rbXllNxN9banrT2MFntoPWk
B49qtxztx4hXi52d9EAcekphZlaa3PmUyryPT09MPS8OhxC/g1J1/Z/pJ16J41AW
qTdOJpPyKfeUlCR7Dg==
-----END CERTIFICATE-----