Route Origin Authorization

$ rpki-client -vvf ca.rg.net/rpki/RGnet-OU/r-pLC2fDZMfxKp9PL1lylxFeQHs.roa
File:                     r-pLC2fDZMfxKp9PL1lylxFeQHs.roa (raw, json)
Hash identifier:          NwnUQOTwUtYfhDg8EyWEkjuxKkBF9rlR8HB0QXbZKuA=
Subject key identifier:   AF:EA:4B:0B:67:C3:64:C7:F1:2A:9F:4F:2F:59:72:97:11:5E:40:7B
Certificate issuer:       /CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
Certificate serial:       0198D3
Authority key identifier: 6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
Subject info access:      rsync://ca.rg.net/rpki/RGnet-OU/r-pLC2fDZMfxKp9PL1lylxFeQHs.roa
Signing time:             Sun 20 Apr 2025 17:37:28 +0000
ROA not before:           Sun 20 Apr 2025 17:37:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10233
IP address blocks:        147.28.8.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 10:58:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 104659 (0x198d3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d6fbfa9753db8d846433db5351d9a9ec07c96bd
        Validity
            Not Before: Apr 20 17:37:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=AFEA4B0B67C364C7F12A9F4F2F597297115E407B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9f:07:c7:77:71:e6:21:0e:2e:b2:d8:11:96:
                    ae:7b:d9:90:db:d1:10:03:10:05:71:e1:04:d1:93:
                    56:dd:c0:ce:c2:98:03:c1:89:9c:95:4f:0e:77:82:
                    57:ee:89:fe:c9:51:82:85:97:a6:57:c9:64:4f:ba:
                    0e:c7:26:5f:d0:12:7a:7d:c1:49:1c:9d:86:f7:43:
                    71:a5:e5:b4:ef:87:0e:15:c4:44:8a:24:49:4e:3e:
                    8f:56:1b:5e:ef:b1:91:06:98:be:f0:c2:a2:c0:30:
                    df:ac:fa:89:9f:53:07:19:0a:a7:d3:69:26:55:1f:
                    40:49:77:ba:d7:4e:9d:4d:7d:0c:ee:1f:4e:26:c3:
                    78:01:c6:d7:55:b8:c0:b1:d6:fb:88:52:91:e7:0b:
                    ca:ea:e1:b7:37:5c:7e:09:dd:a6:cf:cf:41:60:37:
                    c8:54:8e:a8:50:89:07:a8:3c:4c:c5:ae:93:73:c6:
                    4b:60:cb:f4:16:70:c8:54:dc:2d:db:1d:35:39:30:
                    19:32:b0:d5:6c:87:0f:2c:b4:cb:fe:6c:3d:9d:92:
                    30:b5:fa:b9:eb:ff:c7:f8:87:d9:9a:0e:40:c3:a9:
                    13:17:85:70:0e:e9:79:fa:0a:8a:8b:b3:74:4a:03:
                    98:d7:7b:0d:b8:70:57:9d:4e:e8:72:8b:52:c6:38:
                    14:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:EA:4B:0B:67:C3:64:C7:F1:2A:9F:4F:2F:59:72:97:11:5E:40:7B
            X509v3 Authority Key Identifier:
                keyid:6D:6F:BF:A9:75:3D:B8:D8:46:43:3D:B5:35:1D:9A:9E:C0:7C:96:BD

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://ca.rg.net/rpki/RGnet-OU/r-pLC2fDZMfxKp9PL1lylxFeQHs.roa
                RPKI Notify - URI:https://ca.rg.net/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:3b:35:a8:1a:79:63:fd:1d:79:a4:14:de:8f:90:06:e7:63:
         a0:ab:69:de:87:31:50:a9:d4:79:9a:78:f5:13:5f:68:1c:74:
         b4:99:9d:9f:57:b9:b0:a5:6b:d9:b0:87:17:42:78:05:a2:b8:
         94:60:3b:bd:8e:3f:dc:54:34:ad:7c:32:48:fa:99:cc:6f:58:
         87:ea:bb:eb:96:9e:97:69:93:e7:b9:b9:5e:49:e7:55:0a:32:
         25:64:c8:a8:d7:c3:a3:ba:5c:2d:db:1c:dc:8d:21:0b:2a:e3:
         70:24:4b:c0:b1:5a:a0:78:f3:69:bc:3a:b3:b4:66:d0:78:6c:
         fb:15:d3:cf:db:6e:f8:1a:7a:06:37:c7:05:d0:a2:85:33:9e:
         0f:a7:8d:40:1c:dc:c8:ad:d4:60:9a:5c:b9:36:04:f0:33:35:
         1a:e9:6f:ac:d6:22:1b:9d:6e:b0:94:a2:e7:99:d0:0b:1d:37:
         02:ad:0e:00:39:c9:e6:ea:ff:64:63:87:da:14:57:41:94:74:
         92:38:71:ee:09:09:b8:eb:a0:a8:63:01:d5:d2:07:14:65:6d:
         e0:2a:e9:92:4e:6e:20:10:9a:88:c5:f5:48:16:3d:07:56:4a:
         e2:00:b2:d2:c9:32:f0:cf:fa:7c:50:35:42:ac:0f:7c:9d:15:
         71:6b:80:0c
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIDAZjTMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDZk
NmZiZmE5NzUzZGI4ZDg0NjQzM2RiNTM1MWQ5YTllYzA3Yzk2YmQwHhcNMjUwNDIw
MTczNzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhBRkVBNEIwQjY3QzM2
NEM3RjEyQTlGNEYyRjU5NzI5NzExNUU0MDdCMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAvZ8Hx3dx5iEOLrLYEZaue9mQ29EQAxAFceEE0ZNW3cDOwpgD
wYmclU8Od4JX7on+yVGChZemV8lkT7oOxyZf0BJ6fcFJHJ2G90NxpeW074cOFcRE
iiRJTj6PVhte77GRBpi+8MKiwDDfrPqJn1MHGQqn02kmVR9ASXe6106dTX0M7h9O
JsN4AcbXVbjAsdb7iFKR5wvK6uG3N1x+Cd2mz89BYDfIVI6oUIkHqDxMxa6Tc8ZL
YMv0FnDIVNwt2x01OTAZMrDVbIcPLLTL/mw9nZIwtfq56//H+IfZmg5Aw6kTF4Vw
Dul5+gqKi7N0SgOY13sNuHBXnU7ocotSxjgUxwIDAQABo4IB1DCCAdAwHQYDVR0O
BBYEFK/qSwtnw2TH8SqfTy9ZcpcRXkB7MB8GA1UdIwQYMBaAFG1vv6l1PbjYRkM9
tTUdmp7AfJa9MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwUAYDVR0fBEkwRzBF
oEOgQYY/cnN5bmM6Ly9jYS5yZy5uZXQvcnBraS9SR25ldC1PVS9iVy1fcVhVOXVO
aEdRejIxTlIyYW5zQjhscjAuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcw
AoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iVy1f
cVhVOXVOaEdRejIxTlIyYW5zQjhscjAuY2VyMA4GA1UdDwEB/wQEAwIHgDCBigYI
KwYBBQUHAQsEfjB8MEsGCCsGAQUFBzALhj9yc3luYzovL2NhLnJnLm5ldC9ycGtp
L1JHbmV0LU9VL3ItcExDMmZEWk1meEtwOVBMMWx5bHhGZVFIcy5yb2EwLQYIKwYB
BQUHMA2GIWh0dHBzOi8vY2EucmcubmV0L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAZMcCDANBgkqhkiG9w0BAQsFAAOCAQEAoTs1
qBp5Y/0deaQU3o+QBudjoKtp3ocxUKnUeZp49RNfaBx0tJmdn1e5sKVr2bCHF0J4
BaK4lGA7vY4/3FQ0rXwySPqZzG9Yh+q765ael2mT57m5XknnVQoyJWTIqNfDo7pc
Ldsc3I0hCyrjcCRLwLFaoHjzabw6s7Rm0Hhs+xXTz9tu+Bp6BjfHBdCihTOeD6eN
QBzcyK3UYJpcuTYE8DM1GulvrNYiG51usJSi55nQCx03Aq0OADnJ5ur/ZGOH2hRX
QZR0kjhx7gkJuOugqGMB1dIHFGVt4Crpkk5uIBCaiMX1SBY9B1ZK4gCy0sky8M/6
fFA1QqwPfJ0VcWuADA==
-----END CERTIFICATE-----