Route Origin Authorization

$ rpki-client -vvf krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139302e302f32342d3234203d3e2033393730.roa
File:                     34352e3133322e3139302e302f32342d3234203d3e2033393730.roa (raw, json)
Hash identifier:          ZvFIRI5Y2rVZcFk84QTgqRybDF5ljbI4FjwVY0yfJVE=
Subject key identifier:   05:F4:FA:8A:33:6B:59:66:7A:9E:40:BE:54:4E:44:0B:B8:FD:61:90
Certificate issuer:       /CN=656E4422ABF129649200EB019A815F2B12236E92
Certificate serial:       2D9A2C6DABEF9C1FA4C4DD11CB0DDECEA0C36A21
Authority key identifier: 65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92
Authority info access:    rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
Subject info access:      rsync://krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139302e302f32342d3234203d3e2033393730.roa
Signing time:             Mon 13 Jan 2025 18:29:36 +0000
ROA not before:           Mon 13 Jan 2025 18:24:36 +0000
ROA not after:            Mon 12 Jan 2026 18:29:36 +0000
asID:                     3970
IP address blocks:        45.132.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl
                          rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.mft
                          rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:26:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:9a:2c:6d:ab:ef:9c:1f:a4:c4:dd:11:cb:0d:de:ce:a0:c3:6a:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656E4422ABF129649200EB019A815F2B12236E92
        Validity
            Not Before: Jan 13 18:24:36 2025 GMT
            Not After : Jan 12 18:29:36 2026 GMT
        Subject: CN=05F4FA8A336B59667A9E40BE544E440BB8FD6190
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b9:e2:aa:8f:7f:9e:2e:15:a7:da:49:7d:e7:
                    ab:a5:5f:e3:a1:74:06:ce:9b:53:6f:db:31:74:da:
                    a5:33:da:7c:3b:c4:3d:1b:1b:cc:5d:35:35:31:97:
                    d8:fc:b6:19:6c:55:a5:b1:1a:86:71:c6:95:32:fd:
                    29:80:c2:61:41:a1:fb:ff:20:3b:f3:08:df:f6:da:
                    d1:c9:e0:32:a2:d4:d6:4b:81:2a:96:fb:b2:72:38:
                    37:3f:e4:08:0e:b7:48:87:13:4c:e6:42:9e:91:2e:
                    f4:12:bb:12:02:a3:3b:3b:6b:ea:29:f5:db:e1:2b:
                    2a:ea:de:9e:98:c2:4e:1d:29:d5:e3:4d:2a:cb:c8:
                    b9:8b:f5:29:94:91:c1:08:f2:78:69:65:66:ed:fa:
                    fd:50:2a:a4:79:1d:01:1a:39:a9:ed:c8:56:46:af:
                    6d:65:7f:bc:64:59:53:a3:92:1a:53:31:3c:19:c6:
                    62:1d:89:1f:d0:af:04:41:11:cc:e3:8a:6d:e5:82:
                    aa:4b:24:18:06:10:da:b4:7f:f3:03:f1:b0:d7:eb:
                    56:89:51:4e:59:82:a1:5b:c4:ec:41:16:4c:c7:66:
                    e7:62:77:57:c5:a1:3f:57:77:0b:6f:d8:e3:ed:83:
                    ff:19:ab:f2:14:dc:4a:72:c7:2b:12:83:67:4c:90:
                    e8:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:F4:FA:8A:33:6B:59:66:7A:9E:40:BE:54:4E:44:0B:B8:FD:61:90
            X509v3 Authority Key Identifier:
                keyid:65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl

            Authority Information Access:
                CA Issuers - URI:rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139302e302f32342d3234203d3e2033393730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:7f:d9:65:e6:bc:3a:1d:80:e0:d9:2c:c9:f2:3d:bd:7b:8a:
         5b:94:d1:d4:67:b3:3d:1d:5e:d1:20:00:f7:82:b2:95:eb:82:
         ce:11:23:d7:cc:bb:41:49:2d:14:3b:cd:24:ae:6f:7b:53:8b:
         0e:58:28:80:e6:93:07:5f:9e:55:13:8c:67:5c:a9:df:3f:63:
         c4:aa:6a:d9:c7:fd:b7:f7:c3:1c:97:b2:bb:65:64:8b:ec:c5:
         3e:c7:86:88:9e:ba:1d:55:01:4c:09:76:75:92:b4:bd:6d:9d:
         bb:95:72:a7:26:86:1c:51:67:80:af:2a:b2:0c:f3:2e:d0:a7:
         85:eb:5f:c4:35:1e:31:0a:2d:70:99:e3:25:a3:63:be:f1:ac:
         94:46:64:de:3c:71:d0:e7:bc:fe:4a:db:11:89:7e:9e:d6:48:
         84:46:47:b1:ba:54:85:03:71:63:cb:46:3e:b3:ae:2b:1b:bd:
         17:54:ff:59:b2:cc:e3:21:f1:ee:be:53:36:b4:3f:aa:aa:a9:
         e4:a1:86:d3:69:be:48:9d:24:ee:f5:bf:4b:97:e5:60:df:2e:
         56:b1:8f:66:d4:8b:85:67:5c:f2:38:8c:43:61:df:7f:55:4a:
         c4:22:95:6f:21:27:e4:b3:8d:46:d2:6d:3e:4f:8b:c4:b6:46:
         b2:2b:bd:29
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIULZosbavvnB+kxN0Ryw3ezqDDaiEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIx
MjIzNkU5MjAeFw0yNTAxMTMxODI0MzZaFw0yNjAxMTIxODI5MzZaMDMxMTAvBgNV
BAMTKDA1RjRGQThBMzM2QjU5NjY3QTlFNDBCRTU0NEU0NDBCQjhGRDYxOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7ueKqj3+eLhWn2kl956ulX+Oh
dAbOm1Nv2zF02qUz2nw7xD0bG8xdNTUxl9j8thlsVaWxGoZxxpUy/SmAwmFBofv/
IDvzCN/22tHJ4DKi1NZLgSqW+7JyODc/5AgOt0iHE0zmQp6RLvQSuxICozs7a+op
9dvhKyrq3p6Ywk4dKdXjTSrLyLmL9SmUkcEI8nhpZWbt+v1QKqR5HQEaOantyFZG
r21lf7xkWVOjkhpTMTwZxmIdiR/QrwRBEczjim3lgqpLJBgGENq0f/MD8bDX61aJ
UU5ZgqFbxOxBFkzHZudid1fFoT9Xdwtv2OPtg/8Zq/IU3EpyxysSg2dMkOgvAgMB
AAGjggHaMIIB1jAdBgNVHQ4EFgQUBfT6ijNrWWZ6nkC+VE5EC7j9YZAwHwYDVR0j
BBgwFoAUZW5EIqvxKWSSAOsBmoFfKxIjbpIwDgYDVR0PAQH/BAQDAgeAMGkGA1Ud
HwRiMGAwXqBcoFqGWHJzeW5jOi8va3JpbGwucmcubmV0L3JlcG8vcnBraS1iZWFj
b25zLWNhLzAvNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIxMjIzNkU5
Mi5jcmwwWwYIKwYBBQUHAQEETzBNMEsGCCsGAQUFBzAChj9yc3luYzovL2NhLnJn
Lm5ldC9ycGtpL1JHbmV0LU9VL1pXNUVJcXZ4S1dTU0FPc0Jtb0ZmS3hJamJwSS5j
ZXIwgYAGCCsGAQUFBwELBHQwcjBwBggrBgEFBQcwC4ZkcnN5bmM6Ly9rcmlsbC5y
Zy5uZXQvcmVwby9ycGtpLWJlYWNvbnMtY2EvMC8zNDM1MmUzMTMzMzIyZTMxMzkz
MDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzNzMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYS+
MA0GCSqGSIb3DQEBCwUAA4IBAQAJf9ll5rw6HYDg2SzJ8j29e4pblNHUZ7M9HV7R
IAD3grKV64LOESPXzLtBSS0UO80krm97U4sOWCiA5pMHX55VE4xnXKnfP2PEqmrZ
x/2398Mcl7K7ZWSL7MU+x4aInrodVQFMCXZ1krS9bZ27lXKnJoYcUWeAryqyDPMu
0KeF61/ENR4xCi1wmeMlo2O+8ayURmTePHHQ57z+StsRiX6e1kiERkexulSFA3Fj
y0Y+s64rG70XVP9ZsszjIfHuvlM2tD+qqqnkoYbTab5InSTu9b9Ll+Vg3y5WsY9m
1IuFZ1zyOIxDYd9/VUrEIpVvISfks41G0m0+T4vEtkayK70p
-----END CERTIFICATE-----