Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/kEBySXrNC0v9rOC9xiBUxarIfH4.roa
File:                     kEBySXrNC0v9rOC9xiBUxarIfH4.roa (raw, json)
Hash identifier:          FyjE7Y9efKxm1h4E2lQFzyMhdHUCY33ftWiln7QE+og=
Subject key identifier:   90:40:72:49:7A:CD:0B:4B:FD:AC:E0:BD:C6:20:54:C5:AA:C8:7C:7E
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       011A64
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/kEBySXrNC0v9rOC9xiBUxarIfH4.roa
Signing time:             Sat 17 Jun 2023 00:27:06 +0000
ROA not before:           Sat 17 Jun 2023 00:27:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3130
IP address blocks:        198.180.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 03:59:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 72292 (0x11a64)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:27:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=904072497ACD0B4BFDACE0BDC62054C5AAC87C7E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:7a:23:41:b7:11:54:92:08:b1:65:c3:83:6e:
                    a8:0d:0b:48:33:e0:76:e2:2c:64:74:ad:a5:f2:77:
                    ca:67:7a:e2:ba:86:af:0c:59:2c:0d:b6:76:a6:ec:
                    92:94:ae:44:6a:8f:bb:09:1f:24:1f:c6:cd:7b:4b:
                    9b:08:5c:49:3d:99:6f:c2:f4:34:61:b1:5a:3a:56:
                    74:cf:4c:54:25:47:6f:3c:ae:cb:14:ae:65:dc:21:
                    92:16:78:1c:09:3d:13:7a:c7:d8:cd:ca:14:70:37:
                    ad:49:49:30:d1:5a:c9:f8:21:37:66:23:5e:d2:c6:
                    08:ee:6f:28:7c:97:c2:14:69:55:a0:bb:bf:2d:77:
                    26:34:bd:40:e7:71:3f:1c:a0:9c:5b:25:6d:20:4d:
                    dd:73:75:a6:47:0e:78:ad:7a:cd:41:90:87:41:4b:
                    52:d1:5a:9e:07:19:cb:d0:0a:d4:b7:24:27:82:e0:
                    f6:4b:23:cc:49:bd:51:65:e1:b9:5e:80:f4:19:b3:
                    e9:60:d1:39:82:3b:40:20:f9:45:5a:f0:77:2d:41:
                    c4:c6:41:17:1e:5e:4a:22:e9:53:49:bd:2b:48:ae:
                    78:c4:5d:b1:ff:12:1a:90:d9:24:40:34:5d:d0:b5:
                    e7:d6:e9:76:52:e7:41:9c:7b:18:d9:e7:19:c8:f0:
                    0d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:40:72:49:7A:CD:0B:4B:FD:AC:E0:BD:C6:20:54:C5:AA:C8:7C:7E
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/kEBySXrNC0v9rOC9xiBUxarIfH4.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.180.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:a0:5e:eb:e2:69:b6:1f:bd:76:e4:75:21:70:db:13:a1:46:
         67:aa:11:f8:10:b7:66:69:98:a4:16:15:8d:0e:0f:54:69:dd:
         e6:77:6d:08:8d:1a:0c:69:d4:24:52:8f:ca:f8:01:78:36:9a:
         30:92:ba:36:b0:da:fa:42:3f:a8:09:32:cc:1d:76:20:47:98:
         1c:73:4d:a3:99:3b:3e:88:05:63:c2:f0:4e:79:53:54:f6:12:
         9e:74:da:49:2e:d3:52:77:f6:ed:30:86:a7:06:be:a6:78:b5:
         11:ce:12:8c:21:f3:71:36:3f:49:e8:70:31:41:28:f9:3b:80:
         f0:08:56:9c:fe:96:66:b0:4a:c9:39:89:4c:0a:c1:14:de:e4:
         19:de:58:97:9a:5d:07:d4:3d:43:94:f7:ec:26:07:32:73:3c:
         e7:d9:7b:20:9f:c8:a9:8c:7f:1a:56:29:fd:3c:b0:5d:1b:57:
         e0:6b:fa:29:d8:59:ab:62:9f:4a:cd:3d:c5:0f:89:85:56:ce:
         4c:f8:ff:7d:04:81:18:2c:41:6b:2b:0a:4e:a4:71:46:45:66:
         a5:51:28:74:7e:fb:4f:68:cf:ae:59:e9:30:3c:d6:6c:58:f7:
         ef:e8:9c:2a:91:92:74:bd:b0:49:12:49:37:ee:26:e4:11:46:
         70:32:22:8d
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDARpkMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjMwNjE3
MDAyNzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg5MDQwNzI0OTdBQ0Qw
QjRCRkRBQ0UwQkRDNjIwNTRDNUFBQzg3QzdFMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA4XojQbcRVJIIsWXDg26oDQtIM+B24ixkdK2l8nfKZ3riuoav
DFksDbZ2puySlK5Eao+7CR8kH8bNe0ubCFxJPZlvwvQ0YbFaOlZ0z0xUJUdvPK7L
FK5l3CGSFngcCT0TesfYzcoUcDetSUkw0VrJ+CE3ZiNe0sYI7m8ofJfCFGlVoLu/
LXcmNL1A53E/HKCcWyVtIE3dc3WmRw54rXrNQZCHQUtS0VqeBxnL0ArUtyQnguD2
SyPMSb1RZeG5XoD0GbPpYNE5gjtAIPlFWvB3LUHExkEXHl5KIulTSb0rSK54xF2x
/xIakNkkQDRd0LXn1ul2UudBnHsY2ecZyPANmwIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFJBAckl6zQtL/azgvcYgVMWqyHx+MB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL2tFQnlTWHJOQzB2OXJPQzl4aUJVeGFySWZINC5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMa0mTANBgkqhkiG9w0BAQsFAAOCAQEAZKBe
6+Jpth+9duR1IXDbE6FGZ6oR+BC3ZmmYpBYVjQ4PVGnd5ndtCI0aDGnUJFKPyvgB
eDaaMJK6NrDa+kI/qAkyzB12IEeYHHNNo5k7PogFY8LwTnlTVPYSnnTaSS7TUnf2
7TCGpwa+pni1Ec4SjCHzcTY/SehwMUEo+TuA8AhWnP6WZrBKyTmJTArBFN7kGd5Y
l5pdB9Q9Q5T37CYHMnM859l7IJ/IqYx/GlYp/TywXRtX4Gv6KdhZq2KfSs09xQ+J
hVbOTPj/fQSBGCxBaysKTqRxRkVmpVEodH77T2jPrlnpMDzWbFj37+icKpGSdL2w
SRJJN+4m5BFGcDIijQ==
-----END CERTIFICATE-----