Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/ydTSCcPtgpsebxw5s9jkK8PGqxI.roa
File:                     ydTSCcPtgpsebxw5s9jkK8PGqxI.roa (raw, json)
Hash identifier:          vWsf1Z/MgokSVhK6K9u+kuB8asCUpV4SmSGuRVE2Q0Q=
Subject key identifier:   C9:D4:D2:09:C3:ED:82:9B:1E:6F:1C:39:B3:D8:E4:2B:C3:C6:AB:12
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       015F07
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/ydTSCcPtgpsebxw5s9jkK8PGqxI.roa
Signing time:             Mon 17 Jun 2024 00:14:16 +0000
ROA not before:           Mon 17 Jun 2024 00:14:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203274
IP address blocks:        198.133.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 20:21:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89863 (0x15f07)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Jun 17 00:14:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=C9D4D209C3ED829B1E6F1C39B3D8E42BC3C6AB12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:77:fa:36:1e:89:f3:32:02:e8:a8:c4:fc:22:
                    36:36:93:ac:9c:23:d9:fe:57:11:fd:a0:70:e5:0b:
                    41:5d:6e:42:89:a4:c7:81:d7:3f:08:08:07:22:9d:
                    dd:d3:af:90:dd:1b:0d:49:23:f8:fd:80:77:29:cf:
                    86:b4:8f:50:5d:14:cb:e1:94:97:82:71:82:a6:9f:
                    71:c6:e9:b4:32:10:a9:f2:d6:b4:a4:fe:a9:55:ff:
                    33:c3:8a:e3:8a:0a:ce:58:87:12:cf:f1:6c:9d:ec:
                    49:e7:96:b1:13:7b:8d:04:5f:01:ec:93:39:2f:65:
                    b9:e4:c1:8a:9b:5e:d1:9a:fe:ab:5b:08:81:7a:2e:
                    51:07:bd:70:b9:10:95:70:ae:21:4b:49:6d:0f:63:
                    c3:35:15:6e:0f:63:f2:0c:bb:d1:1e:52:06:55:67:
                    f0:cb:7b:8d:db:41:4b:08:36:52:1e:ea:3b:8d:09:
                    08:7b:02:3d:8a:c0:eb:1a:df:73:fc:d5:2f:60:2a:
                    94:15:60:52:d2:e7:6a:fc:24:eb:ee:ed:8d:cc:5f:
                    55:3e:8f:a2:8d:74:e2:7d:db:58:06:c8:22:e5:a2:
                    17:d7:ae:f0:e2:a3:e7:d8:5e:07:27:7b:99:50:25:
                    af:6a:95:5a:9b:95:43:1f:5e:3b:df:d3:f4:7c:a7:
                    52:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D4:D2:09:C3:ED:82:9B:1E:6F:1C:39:B3:D8:E4:2B:C3:C6:AB:12
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/ydTSCcPtgpsebxw5s9jkK8PGqxI.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.133.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:b3:15:58:48:a2:99:3f:41:62:7f:3b:3e:1b:91:38:3b:87:
         03:4a:5c:bf:94:bb:24:97:18:fe:8a:16:0c:50:ff:17:69:57:
         29:66:87:97:22:9c:8c:c8:81:58:7c:c4:21:78:f2:8d:d7:53:
         47:83:f4:a8:f8:14:39:4e:f2:cf:85:08:03:80:84:92:89:29:
         85:2c:a4:57:2b:99:e9:d5:00:9c:d2:05:f0:db:c9:0c:5a:e5:
         f8:08:ec:d8:d8:03:c5:f7:79:81:e1:a2:d7:a7:d3:99:41:63:
         44:f6:4d:0f:c2:cb:66:d8:ca:67:77:43:40:69:18:bc:27:5f:
         f4:52:fd:e0:0f:78:00:10:fb:1d:7d:63:63:a4:5f:ae:6d:3a:
         0e:7b:59:88:15:c5:ce:0e:48:df:8b:75:7b:79:8f:5d:3c:f4:
         f2:73:cc:9c:5f:99:ab:d8:52:8a:9c:4f:0e:75:0b:5c:50:da:
         96:28:c3:9e:2e:94:69:e3:46:c9:c3:e2:f5:75:45:64:93:61:
         b7:fa:e5:90:3b:52:88:28:b8:fc:6e:22:e6:2f:66:a1:fb:e8:
         be:4d:57:60:40:f6:b8:8b:48:87:f0:f5:fa:2c:b9:1d:79:6b:
         9c:70:33:fc:28:a4:f1:fe:41:b2:46:b6:c7:1a:36:4f:30:98:
         0c:1c:a8:5e
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAV8HMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjQwNjE3
MDAxNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhDOUQ0RDIwOUMzRUQ4
MjlCMUU2RjFDMzlCM0Q4RTQyQkMzQzZBQjEyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA03f6Nh6J8zIC6KjE/CI2NpOsnCPZ/lcR/aBw5QtBXW5CiaTH
gdc/CAgHIp3d06+Q3RsNSSP4/YB3Kc+GtI9QXRTL4ZSXgnGCpp9xxum0MhCp8ta0
pP6pVf8zw4rjigrOWIcSz/FsnexJ55axE3uNBF8B7JM5L2W55MGKm17Rmv6rWwiB
ei5RB71wuRCVcK4hS0ltD2PDNRVuD2PyDLvRHlIGVWfwy3uN20FLCDZSHuo7jQkI
ewI9isDrGt9z/NUvYCqUFWBS0udq/CTr7u2NzF9VPo+ijXTifdtYBsgi5aIX167w
4qPn2F4HJ3uZUCWvapVam5VDH14739P0fKdSNQIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFMnU0gnD7YKbHm8cObPY5CvDxqsSMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL3lkVFNDY1B0Z3BzZWJ4dzVzOWprSzhQR3F4SS5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMaFzjANBgkqhkiG9w0BAQsFAAOCAQEAp7MV
WEiimT9BYn87PhuRODuHA0pcv5S7JJcY/ooWDFD/F2lXKWaHlyKcjMiBWHzEIXjy
jddTR4P0qPgUOU7yz4UIA4CEkokphSykVyuZ6dUAnNIF8NvJDFrl+Ajs2NgDxfd5
geGi16fTmUFjRPZND8LLZtjKZ3dDQGkYvCdf9FL94A94ABD7HX1jY6Rfrm06DntZ
iBXFzg5I34t1e3mPXTz08nPMnF+Zq9hSipxPDnULXFDalijDni6UaeNGycPi9XVF
ZJNht/rlkDtSiCi4/G4i5i9mofvovk1XYED2uItIh/D1+iy5HXlrnHAz/Cik8f5B
ska2xxo2TzCYDByoXg==
-----END CERTIFICATE-----