Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/Vvx1bC8uAflbQPltsuM_idhPJzQ.roa
File:                     Vvx1bC8uAflbQPltsuM_idhPJzQ.roa (raw, json)
Hash identifier:          yBk0YyRzqosn5CvZy2ChamJGuPLdrW+C1rYVBTGvR9g=
Subject key identifier:   56:FC:75:6C:2F:2E:01:F9:5B:40:F9:6D:B2:E3:3F:89:D8:4F:27:34
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       01B6CE
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/Vvx1bC8uAflbQPltsuM_idhPJzQ.roa
Signing time:             Fri 26 Sep 2025 22:33:53 +0000
ROA not before:           Fri 26 Sep 2025 22:33:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6447
IP address blocks:        192.83.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Oct 2025 20:32:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 112334 (0x1b6ce)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Sep 26 22:33:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56FC756C2F2E01F95B40F96DB2E33F89D84F2734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d4:df:1f:b9:4e:bc:4b:7a:11:c2:86:5b:c7:
                    58:49:65:76:0d:45:15:20:93:ca:d6:4f:d1:41:30:
                    40:1d:71:c7:1b:d6:9b:2e:c2:4e:aa:40:ac:2d:8e:
                    67:c6:ba:49:63:4c:48:ed:14:08:32:d8:d8:90:c8:
                    06:78:9e:e5:84:9a:04:68:53:e6:37:ea:2a:4c:fb:
                    f1:6b:5b:a9:43:86:bd:70:5a:9d:2e:f3:1a:46:e0:
                    7f:fe:67:ad:f6:09:ef:5e:50:a2:ba:9f:03:00:fd:
                    3d:37:a8:d8:6f:5b:05:ad:26:15:2c:ec:b3:cd:f5:
                    97:77:c2:5e:77:0c:97:35:8f:f6:a0:a1:ce:6c:3d:
                    17:a5:d0:a3:f4:00:1d:cc:8c:bf:9a:20:e4:3e:09:
                    b1:f6:f6:84:e8:5d:f3:07:9a:6d:5d:70:9f:b2:58:
                    9d:f3:96:c9:0d:2a:b5:7d:fc:d8:d6:f9:e2:ea:05:
                    76:62:66:1d:47:c1:fb:d4:7c:a4:21:f9:e0:9f:05:
                    4d:c8:80:12:37:5d:a8:7a:c2:f6:8a:42:1a:bd:0b:
                    5d:30:41:e1:7f:d1:3f:86:5d:83:bb:8d:8a:e5:d5:
                    4a:39:39:af:b4:c7:98:6f:e6:a7:27:3d:b6:13:06:
                    f7:81:84:8b:55:14:4d:d7:bc:7c:1b:7b:c6:ae:4a:
                    58:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:FC:75:6C:2F:2E:01:F9:5B:40:F9:6D:B2:E3:3F:89:D8:4F:27:34
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/Vvx1bC8uAflbQPltsuM_idhPJzQ.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.83.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:fe:dc:cd:e6:51:e4:95:c0:64:4e:98:2f:49:4f:48:5d:3c:
         78:25:f0:12:3e:d0:50:f8:5c:57:5c:77:6b:ff:0c:cf:5c:4f:
         7c:bc:5f:2c:b5:31:4b:08:a9:2b:bb:a3:51:84:9f:01:08:bf:
         85:5c:43:23:28:46:07:93:e5:c6:8c:bf:5a:79:e7:57:a3:91:
         f6:7a:58:f9:ee:cb:16:81:fa:a0:a5:aa:e3:e8:cc:e8:9b:d5:
         7e:c7:01:9a:f3:88:02:e0:5f:71:12:ef:e7:0f:ac:2b:e4:ad:
         1a:da:e0:2a:33:43:c7:19:64:8c:42:bc:e1:fe:f9:a4:ca:3d:
         6a:8f:6a:85:ea:83:fa:ce:35:2d:68:66:7d:84:e9:b5:99:76:
         4b:c0:64:c1:e4:b0:21:ff:63:fa:26:47:46:32:ef:48:e6:bc:
         15:14:f3:1f:6f:eb:33:32:11:fe:ea:3d:ee:61:67:ff:4c:0e:
         e7:d2:79:bb:4d:eb:a9:0b:7a:54:3e:74:68:89:b5:71:a6:23:
         a7:b0:d0:71:78:20:98:76:18:5f:6d:ff:8a:f5:3e:5c:5d:75:
         cc:74:11:1a:d9:03:29:de:15:0e:ee:b6:2c:ab:57:54:0f:94:
         21:e6:4b:a4:0a:9a:b7:5e:3f:c4:64:4b:50:e6:7f:00:24:83:
         ea:29:ed:7b
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAbbOMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjUwOTI2
MjIzMzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg1NkZDNzU2QzJGMkUw
MUY5NUI0MEY5NkRCMkUzM0Y4OUQ4NEYyNzM0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAz9TfH7lOvEt6EcKGW8dYSWV2DUUVIJPK1k/RQTBAHXHHG9ab
LsJOqkCsLY5nxrpJY0xI7RQIMtjYkMgGeJ7lhJoEaFPmN+oqTPvxa1upQ4a9cFqd
LvMaRuB//met9gnvXlCiup8DAP09N6jYb1sFrSYVLOyzzfWXd8JedwyXNY/2oKHO
bD0XpdCj9AAdzIy/miDkPgmx9vaE6F3zB5ptXXCfslid85bJDSq1ffzY1vni6gV2
YmYdR8H71HykIfngnwVNyIASN12oesL2ikIavQtdMEHhf9E/hl2Du42K5dVKOTmv
tMeYb+anJz22Ewb3gYSLVRRN17x8G3vGrkpY+QIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFFb8dWwvLgH5W0D5bbLjP4nYTyc0MB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL1Z2eDFiQzh1QWZsYlFQbHRzdU1faWRoUEp6US5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMBT5jANBgkqhkiG9w0BAQsFAAOCAQEAJf7c
zeZR5JXAZE6YL0lPSF08eCXwEj7QUPhcV1x3a/8Mz1xPfLxfLLUxSwipK7ujUYSf
AQi/hVxDIyhGB5Plxoy/WnnnV6OR9npY+e7LFoH6oKWq4+jM6JvVfscBmvOIAuBf
cRLv5w+sK+StGtrgKjNDxxlkjEK84f75pMo9ao9qheqD+s41LWhmfYTptZl2S8Bk
weSwIf9j+iZHRjLvSOa8FRTzH2/rMzIR/uo97mFn/0wO59J5u03rqQt6VD50aIm1
caYjp7DQcXggmHYYX23/ivU+XF11zHQRGtkDKd4VDu62LKtXVA+UIeZLpAqat14/
xGRLUOZ/ACSD6intew==
-----END CERTIFICATE-----