Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/ZZExL8L72RCGaV34XAMYx73mWi8.roa
File:                     ZZExL8L72RCGaV34XAMYx73mWi8.roa (raw, json)
Hash identifier:          KpHVbxcuRVFmUqK9GkNfOHzJtyKabWP1AxbUfRK3BJ0=
Subject key identifier:   65:91:31:2F:C2:FB:D9:10:86:69:5D:F8:5C:03:18:C7:BD:E6:5A:2F
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       015F03
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/ZZExL8L72RCGaV34XAMYx73mWi8.roa
Signing time:             Mon 17 Jun 2024 00:14:15 +0000
ROA not before:           Mon 17 Jun 2024 00:14:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3130
IP address blocks:        198.180.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:21:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89859 (0x15f03)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:14:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6591312FC2FBD91086695DF85C0318C7BDE65A2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a8:22:1f:c6:3f:74:76:09:86:ab:6d:15:16:
                    d2:0f:c8:9f:3d:94:18:1c:c0:37:b2:e9:9f:cb:a1:
                    a4:0b:16:08:fb:5e:3c:fa:e0:0b:f7:5f:24:c5:bd:
                    36:11:be:fd:d4:11:55:2a:f2:9c:15:90:13:6a:f4:
                    77:0e:d3:5b:e0:44:61:74:d2:60:a6:53:e5:e1:32:
                    64:bf:02:38:8f:06:48:39:c0:a3:ae:4e:e9:44:48:
                    f6:8d:59:43:b7:89:5c:a5:93:0f:8c:85:e7:b3:a7:
                    f6:0e:ad:a2:e8:7c:9e:c9:5c:e4:40:08:2e:e5:13:
                    4e:33:6a:ce:1e:91:ee:01:97:9d:30:85:03:a2:d2:
                    d9:02:69:4b:78:3c:d5:70:7a:51:6f:fc:9b:ec:0b:
                    36:b1:03:73:c7:20:87:52:ca:83:51:67:1c:64:e0:
                    dc:a0:d9:a5:2c:0c:81:80:49:be:74:ca:2c:6b:7d:
                    61:1f:cf:31:2d:ca:e0:53:dc:d0:8d:67:61:1d:db:
                    df:e1:c2:00:5c:03:b8:f6:ef:2b:ad:53:c0:fb:2d:
                    ab:7b:41:13:1c:2d:93:a1:4b:56:4e:d4:47:b5:10:
                    c8:7d:15:2d:01:fd:63:6b:a1:dd:44:a0:96:8c:a5:
                    c0:73:3c:f3:22:a6:06:9f:9a:96:8f:57:2b:57:eb:
                    1c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:91:31:2F:C2:FB:D9:10:86:69:5D:F8:5C:03:18:C7:BD:E6:5A:2F
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/ZZExL8L72RCGaV34XAMYx73mWi8.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.180.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:b9:54:6f:ca:84:9a:4b:e3:9f:9c:ee:9f:81:1e:8a:a9:4f:
         83:d5:bc:8e:4e:89:ff:74:41:80:a7:54:a6:69:80:f9:f8:98:
         ab:f0:b1:4b:b1:ab:8a:80:5b:1a:a2:a3:79:72:c3:24:25:d0:
         00:eb:83:d9:2e:a5:f1:48:d1:0f:30:4b:6d:13:68:bb:e5:81:
         5c:05:ff:1e:3a:b9:8f:fd:6e:75:cc:88:41:a6:1e:85:a0:61:
         f5:69:c3:a7:91:27:b4:47:a3:74:58:29:4a:91:16:fd:84:1c:
         03:13:f6:a3:01:c5:a1:15:9a:21:c9:00:a6:36:68:47:66:7e:
         05:bb:a4:3c:1a:26:3b:b8:ef:44:f4:bd:9e:ee:c8:41:37:95:
         77:e7:5d:58:ec:8f:4d:60:74:c2:4e:21:17:cf:d6:e5:94:d5:
         7a:a1:f0:90:5d:bd:6b:8f:cd:85:da:80:e8:fe:33:97:97:fa:
         e4:81:70:e7:4b:bf:dd:ed:5b:e9:7c:57:2d:76:6f:42:0b:f4:
         4b:31:2b:32:8b:23:13:3b:cd:69:22:e6:b8:c6:e2:38:2a:e5:
         ac:70:3c:dd:be:64:10:94:83:42:6d:17:37:8b:37:c2:3e:de:
         f2:f4:99:a6:bd:fd:84:c1:d1:26:7d:d6:40:3f:a7:45:6f:9a:
         2a:14:71:f8
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAV8DMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjQwNjE3
MDAxNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg2NTkxMzEyRkMyRkJE
OTEwODY2OTVERjg1QzAzMThDN0JERTY1QTJGMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAw6giH8Y/dHYJhqttFRbSD8ifPZQYHMA3sumfy6GkCxYI+148
+uAL918kxb02Eb791BFVKvKcFZATavR3DtNb4ERhdNJgplPl4TJkvwI4jwZIOcCj
rk7pREj2jVlDt4lcpZMPjIXns6f2Dq2i6HyeyVzkQAgu5RNOM2rOHpHuAZedMIUD
otLZAmlLeDzVcHpRb/yb7As2sQNzxyCHUsqDUWccZODcoNmlLAyBgEm+dMosa31h
H88xLcrgU9zQjWdhHdvf4cIAXAO49u8rrVPA+y2re0ETHC2ToUtWTtRHtRDIfRUt
Af1ja6HdRKCWjKXAczzzIqYGn5qWj1crV+scxwIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFGWRMS/C+9kQhmld+FwDGMe95lovMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL1paRXhMOEw3MlJDR2FWMzRYQU1ZeDczbVdpOC5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMa0mTANBgkqhkiG9w0BAQsFAAOCAQEArLlU
b8qEmkvjn5zun4EeiqlPg9W8jk6J/3RBgKdUpmmA+fiYq/CxS7GrioBbGqKjeXLD
JCXQAOuD2S6l8UjRDzBLbRNou+WBXAX/Hjq5j/1udcyIQaYehaBh9WnDp5EntEej
dFgpSpEW/YQcAxP2owHFoRWaIckApjZoR2Z+BbukPBomO7jvRPS9nu7IQTeVd+dd
WOyPTWB0wk4hF8/W5ZTVeqHwkF29a4/NhdqA6P4zl5f65IFw50u/3e1b6XxXLXZv
Qgv0SzErMosjEzvNaSLmuMbiOCrlrHA83b5kEJSDQm0XN4s3wj7e8vSZpr39hMHR
Jn3WQD+nRW+aKhRx+A==
-----END CERTIFICATE-----