Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/E0AAy4jgV_BtY7GQELCxALV6Q5U.roa
File:                     E0AAy4jgV_BtY7GQELCxALV6Q5U.roa (raw, json)
Hash identifier:          0YEsF8nmeEujfyIIOFiGW6CDXyDY9JCTr+LXIKq+emU=
Subject key identifier:   13:40:00:CB:88:E0:57:F0:6D:63:B1:90:10:B0:B1:00:B5:7A:43:95
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       0198D9
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/E0AAy4jgV_BtY7GQELCxALV6Q5U.roa
Signing time:             Sun 20 Apr 2025 17:37:31 +0000
ROA not before:           Sun 20 Apr 2025 17:37:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3927
IP address blocks:        198.180.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 17 May 2025 05:58:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 104665 (0x198d9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Apr 20 17:37:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=134000CB88E057F06D63B19010B0B100B57A4395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4d:dd:ab:bd:30:4f:5d:4f:f8:d9:c3:63:36:
                    82:39:26:c0:e0:a5:5d:9b:3c:a6:77:02:e2:51:6b:
                    2e:6f:60:8c:37:55:93:7e:35:22:39:d0:86:5b:79:
                    0b:56:2d:3b:ce:76:f6:e1:63:fd:0c:4d:2c:77:87:
                    60:c9:15:21:d1:08:2c:be:72:e0:e3:8c:54:ab:e3:
                    b5:58:93:f0:0c:5b:73:ba:5d:ec:69:16:dc:1c:48:
                    c3:bd:99:81:9b:3c:30:c8:31:5a:49:94:c2:c7:dd:
                    f6:e3:59:ef:48:e5:f2:11:7b:59:50:cb:d9:10:85:
                    59:18:07:27:3e:00:16:78:60:1b:e8:63:9e:9e:c6:
                    ec:48:89:df:ad:22:56:e3:03:46:4b:ce:85:c7:91:
                    37:ba:20:cc:65:3e:2d:1d:f9:59:a6:89:e0:68:65:
                    fa:b7:13:ce:fc:11:89:95:1b:e4:ea:62:6b:ce:1a:
                    e4:b8:08:46:f8:c2:a3:79:7a:87:2d:4f:a4:bb:61:
                    c6:53:c9:63:3b:d6:45:61:b6:97:25:1f:92:e9:72:
                    81:1a:48:56:85:7d:0e:0d:ca:67:a9:d7:84:bd:ef:
                    3c:26:61:38:06:46:17:1b:11:1f:34:76:2b:21:d0:
                    3e:f1:0f:ba:a7:08:e0:07:68:3e:7f:9d:f5:55:87:
                    7b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:40:00:CB:88:E0:57:F0:6D:63:B1:90:10:B0:B1:00:B5:7A:43:95
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/E0AAy4jgV_BtY7GQELCxALV6Q5U.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.180.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:59:88:a4:fa:9d:8b:18:63:9e:63:39:ae:89:5c:38:8c:69:
         41:66:25:71:77:a2:09:31:30:3f:dd:3a:3f:54:8b:d5:b7:d3:
         c4:4e:9c:9f:55:a9:8d:49:83:32:00:b0:25:af:a6:8b:bf:54:
         77:e8:d5:03:af:79:f3:3c:dd:d9:b4:24:40:c2:d6:29:93:eb:
         08:10:10:bf:00:03:cf:b9:60:ac:15:9a:57:4c:6f:1b:f7:78:
         93:2e:91:c7:9e:32:1f:39:3d:af:27:5e:e6:b7:45:dd:eb:3e:
         03:24:e5:04:7e:f5:37:df:13:46:c7:fc:47:86:52:4d:cf:0a:
         05:19:84:53:7b:99:b6:e0:25:1e:4e:5d:67:54:26:a2:60:fd:
         c3:ef:60:3d:b3:70:6d:81:71:91:5c:b4:c1:1e:3d:25:56:dd:
         24:ca:09:9b:af:b5:ff:e5:0b:7d:f5:66:76:31:10:6d:84:8e:
         66:7e:c1:b3:e5:d9:93:d9:dc:fe:a4:14:89:43:53:f2:b4:1f:
         21:d4:9c:b0:9a:20:b6:cb:da:69:91:2c:6d:05:a2:ad:bf:f2:
         bc:2e:eb:d8:9b:03:29:ce:f5:52:ef:d8:80:e3:7f:8a:7d:a9:
         47:d8:3c:d0:6f:03:8c:e9:d0:19:a3:66:96:81:5f:ca:d2:4e:
         1a:06:b6:fc
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAZjZMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjUwNDIw
MTczNzMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygxMzQwMDBDQjg4RTA1
N0YwNkQ2M0IxOTAxMEIwQjEwMEI1N0E0Mzk1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAu03dq70wT11P+NnDYzaCOSbA4KVdmzymdwLiUWsub2CMN1WT
fjUiOdCGW3kLVi07znb24WP9DE0sd4dgyRUh0QgsvnLg44xUq+O1WJPwDFtzul3s
aRbcHEjDvZmBmzwwyDFaSZTCx93241nvSOXyEXtZUMvZEIVZGAcnPgAWeGAb6GOe
nsbsSInfrSJW4wNGS86Fx5E3uiDMZT4tHflZpongaGX6txPO/BGJlRvk6mJrzhrk
uAhG+MKjeXqHLU+ku2HGU8ljO9ZFYbaXJR+S6XKBGkhWhX0ODcpnqdeEve88JmE4
BkYXGxEfNHYrIdA+8Q+6pwjgB2g+f531VYd7RwIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFBNAAMuI4FfwbWOxkBCwsQC1ekOVMB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL0UwQUF5NGpnVl9CdFk3R1FFTEN4QUxWNlE1VS5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMa0ljANBgkqhkiG9w0BAQsFAAOCAQEAMFmI
pPqdixhjnmM5rolcOIxpQWYlcXeiCTEwP906P1SL1bfTxE6cn1WpjUmDMgCwJa+m
i79Ud+jVA6958zzd2bQkQMLWKZPrCBAQvwADz7lgrBWaV0xvG/d4ky6Rx54yHzk9
ryde5rdF3es+AyTlBH71N98TRsf8R4ZSTc8KBRmEU3uZtuAlHk5dZ1QmomD9w+9g
PbNwbYFxkVy0wR49JVbdJMoJm6+1/+ULffVmdjEQbYSOZn7Bs+XZk9nc/qQUiUNT
8rQfIdScsJogtsvaaZEsbQWirb/yvC7r2JsDKc71Uu/YgON/in2pR9g80G8DjOnQ
GaNmloFfytJOGga2/A==
-----END CERTIFICATE-----