Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/YSG0sKzFMkZcZShaAoIRHO2nv-I.roa
File:                     YSG0sKzFMkZcZShaAoIRHO2nv-I.roa (raw, json)
Hash identifier:          NTvsQfNdosfTp8ww2PQ4arXh1WtTl+OC92+zrPFxbpM=
Subject key identifier:   61:21:B4:B0:AC:C5:32:46:5C:65:28:5A:02:82:11:1C:ED:A7:BF:E2
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       015F09
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/YSG0sKzFMkZcZShaAoIRHO2nv-I.roa
Signing time:             Mon 17 Jun 2024 00:14:17 +0000
ROA not before:           Mon 17 Jun 2024 00:14:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3927
IP address blocks:        198.180.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 20:21:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89865 (0x15f09)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:14:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6121B4B0ACC532465C65285A0282111CEDA7BFE2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:8f:14:32:79:eb:50:81:bc:b0:b4:db:f4:29:
                    2e:87:cc:54:06:fb:6f:cc:86:b7:48:90:76:46:3f:
                    89:c3:6d:50:1f:10:ff:cf:80:ca:88:d9:fd:c3:92:
                    91:c5:79:8e:e5:07:de:06:f6:5d:5b:e2:c8:d0:a9:
                    15:fa:89:f3:fa:85:78:1d:ba:e3:ce:9e:d3:be:63:
                    b8:34:c6:65:0c:d1:44:a5:36:9f:06:8b:e3:c7:fa:
                    af:57:5a:13:57:6a:a6:bf:8c:a5:3b:7a:e7:f8:b6:
                    36:c0:02:53:3e:da:03:50:b7:07:c9:90:7a:f9:58:
                    b2:20:d1:d1:b9:eb:08:6c:4b:34:29:f0:be:06:ae:
                    1d:be:7c:d9:a7:9c:c4:82:af:bc:c4:a2:58:cd:c5:
                    f9:9f:5f:15:1c:d7:f3:c2:e2:8b:01:92:01:aa:ae:
                    d4:e4:16:e4:04:ba:86:f5:48:05:1d:e1:8d:59:ba:
                    83:51:dc:be:86:67:5c:f1:de:78:e7:ec:42:8f:aa:
                    6b:9a:9f:ce:45:e1:3c:6a:4a:b1:02:f9:4a:02:b3:
                    5c:78:54:f9:2f:3e:3b:5d:29:53:3b:45:b9:a1:4c:
                    85:05:b6:f1:f2:0d:96:50:e0:4d:e0:38:4f:76:2a:
                    87:17:96:27:08:c3:83:a9:25:0c:f1:07:1b:59:a6:
                    a0:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:21:B4:B0:AC:C5:32:46:5C:65:28:5A:02:82:11:1C:ED:A7:BF:E2
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/YSG0sKzFMkZcZShaAoIRHO2nv-I.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.180.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:7c:f4:9a:27:d7:86:43:39:36:f4:cf:91:4e:4f:12:8b:76:
         8a:8b:16:75:0a:25:45:c0:39:53:f7:13:0f:01:b7:b6:7a:d4:
         6f:e8:c7:32:a2:26:bd:31:4d:b9:db:bd:98:41:ee:67:8b:d0:
         a6:b4:7f:12:b4:78:0b:eb:19:77:c5:3a:4f:f7:da:a7:3d:27:
         81:02:bb:c9:7f:96:fd:ce:17:50:6d:e2:ce:00:ca:b3:e0:d1:
         f7:db:bc:51:94:66:fe:0c:5f:f0:39:4c:a9:b5:85:bb:cc:ba:
         4c:6a:2e:f3:70:e2:7e:7b:1e:88:0d:b8:f6:ab:71:a1:fb:8b:
         34:34:89:dd:cb:1f:01:58:15:b0:ee:b8:d4:8f:19:75:0a:e2:
         b9:5d:5f:cb:61:45:eb:49:e9:0a:45:f0:95:6f:15:9e:64:cc:
         2a:f2:7b:47:e7:74:56:14:60:0c:82:66:6a:c1:ae:eb:07:26:
         29:97:c3:30:fd:ce:a9:81:c3:a5:1a:86:cf:cd:8a:57:72:0b:
         b5:15:1f:98:fa:b9:a1:5a:55:89:cf:11:1f:b8:a4:04:64:3f:
         20:8b:d5:c5:64:d5:57:87:0e:22:2c:b0:e5:4a:60:60:82:92:
         a8:df:f4:16:55:b1:c3:3c:f4:90:9e:36:80:11:11:5a:b5:4d:
         87:b8:ad:93
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAV8JMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjQwNjE3
MDAxNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg2MTIxQjRCMEFDQzUz
MjQ2NUM2NTI4NUEwMjgyMTExQ0VEQTdCRkUyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA6o8UMnnrUIG8sLTb9Ckuh8xUBvtvzIa3SJB2Rj+Jw21QHxD/
z4DKiNn9w5KRxXmO5QfeBvZdW+LI0KkV+onz+oV4Hbrjzp7TvmO4NMZlDNFEpTaf
Bovjx/qvV1oTV2qmv4ylO3rn+LY2wAJTPtoDULcHyZB6+ViyINHRuesIbEs0KfC+
Bq4dvnzZp5zEgq+8xKJYzcX5n18VHNfzwuKLAZIBqq7U5BbkBLqG9UgFHeGNWbqD
Udy+hmdc8d545+xCj6prmp/OReE8akqxAvlKArNceFT5Lz47XSlTO0W5oUyFBbbx
8g2WUOBN4DhPdiqHF5YnCMODqSUM8QcbWaaguwIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFGEhtLCsxTJGXGUoWgKCERztp7/iMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL1lTRzBzS3pGTWtaY1pTaGFBb0lSSE8ybnYtSS5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMa0ljANBgkqhkiG9w0BAQsFAAOCAQEAHnz0
mifXhkM5NvTPkU5PEot2iosWdQolRcA5U/cTDwG3tnrUb+jHMqImvTFNudu9mEHu
Z4vQprR/ErR4C+sZd8U6T/fapz0ngQK7yX+W/c4XUG3izgDKs+DR99u8UZRm/gxf
8DlMqbWFu8y6TGou83DifnseiA249qtxofuLNDSJ3csfAVgVsO641I8ZdQriuV1f
y2FF60npCkXwlW8VnmTMKvJ7R+d0VhRgDIJmasGu6wcmKZfDMP3OqYHDpRqGz82K
V3ILtRUfmPq5oVpVic8RH7ikBGQ/IIvVxWTVV4cOIiyw5UpgYIKSqN/0FlWxwzz0
kJ42gBERWrVNh7itkw==
-----END CERTIFICATE-----