Route Origin Authorization

$ rpki-client -vvf krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139302e302f32342d3234203d3e2030.roa
File:                     34352e3133322e3139302e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier:          9ieyP3BjwnrGT7jHWN0miv3BwxPneURkOZZD4j2C8Tw=
Subject key identifier:   ED:E2:BB:1A:4F:B2:E8:D7:B2:9C:30:65:AC:F9:CB:2F:CE:67:72:92
Certificate issuer:       /CN=656E4422ABF129649200EB019A815F2B12236E92
Certificate serial:       07C373453E0068ADB288306392C5F37493664BE0
Authority key identifier: 65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92
Authority info access:    rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
Subject info access:      rsync://krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139302e302f32342d3234203d3e2030.roa
Signing time:             Mon 09 Jun 2025 18:05:17 +0000
ROA not before:           Mon 09 Jun 2025 18:00:17 +0000
ROA not after:            Mon 08 Jun 2026 18:05:17 +0000
asID:                     0
IP address blocks:        45.132.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl
                          rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.mft
                          rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 20:26:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:c3:73:45:3e:00:68:ad:b2:88:30:63:92:c5:f3:74:93:66:4b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656E4422ABF129649200EB019A815F2B12236E92
        Validity
            Not Before: Jun  9 18:00:17 2025 GMT
            Not After : Jun  8 18:05:17 2026 GMT
        Subject: CN=EDE2BB1A4FB2E8D7B29C3065ACF9CB2FCE677292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:38:79:7b:7b:1c:18:16:33:8a:65:ee:a0:f2:
                    f7:97:9f:f0:b3:39:b3:ac:0b:31:aa:c7:78:6b:ab:
                    59:c1:a3:ea:a6:09:16:75:8d:fd:74:e0:42:f2:5e:
                    68:93:2e:d6:2f:73:64:70:79:40:1a:f5:3f:d8:b7:
                    07:88:b4:3c:9a:cb:0c:37:ca:51:98:76:54:ae:1c:
                    84:60:60:9a:1a:43:73:3c:89:2a:14:6d:9d:86:d9:
                    67:40:7e:1c:f6:74:bc:b5:c4:dc:b6:5b:6c:be:b3:
                    55:45:8c:a1:96:56:60:2a:fa:5f:a5:e2:fc:5b:f5:
                    0a:56:fd:e1:f0:4a:4d:54:f9:d8:d0:6f:b1:0c:65:
                    07:00:db:09:59:a8:01:16:df:94:30:fb:09:59:05:
                    43:ec:88:40:33:f4:ea:f4:50:da:c4:ef:a8:ff:39:
                    59:b0:88:5d:0c:24:10:a6:5f:29:b8:1f:83:53:67:
                    d8:b1:e1:41:a5:98:3b:82:c5:33:a8:bf:b8:ba:e5:
                    12:b2:07:8c:46:fa:c1:1f:c6:f0:0a:78:5b:ba:c9:
                    5a:c8:54:4e:b9:6c:a4:9d:05:4f:41:ca:0d:0d:10:
                    c7:ad:9a:ea:52:da:47:d6:00:57:3b:0d:21:f3:e9:
                    2d:55:11:11:de:aa:9f:dc:2d:30:fb:1f:80:9d:67:
                    c5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:E2:BB:1A:4F:B2:E8:D7:B2:9C:30:65:AC:F9:CB:2F:CE:67:72:92
            X509v3 Authority Key Identifier:
                keyid:65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl

            Authority Information Access:
                CA Issuers - URI:rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139302e302f32342d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:32:f3:c9:1f:5d:a7:ae:9e:d7:70:2b:43:07:bc:98:51:21:
         54:4f:75:90:2c:3d:3a:74:d8:74:0c:59:b0:39:8e:0a:95:71:
         f3:38:db:1b:40:03:aa:69:98:c0:cf:cb:ba:0a:88:a7:7b:c4:
         38:03:f7:57:f5:13:ad:1d:ef:44:d0:b6:bc:b4:d8:51:fb:58:
         06:a0:c6:8a:c2:a4:0c:8a:af:f2:18:10:85:41:d1:c5:02:ed:
         b7:67:00:ac:19:de:f1:51:83:02:5e:ae:f9:a0:94:ce:f4:a3:
         02:2a:e5:0a:1a:7b:2a:a5:b8:a2:63:00:df:12:a6:ee:09:39:
         59:4d:b8:73:0e:40:d1:2a:9d:24:18:9e:58:04:70:d2:59:a3:
         aa:99:88:6d:28:68:f9:10:32:0f:8d:71:54:19:a4:9d:dc:76:
         3b:4e:5c:c1:8f:69:7e:b0:00:d3:7d:e1:c0:d3:91:f8:b4:7f:
         c1:b8:a6:de:fb:89:fa:55:61:09:a2:2c:96:b5:94:47:e6:98:
         89:c5:36:7a:6a:6a:c5:6f:3d:cb:16:fb:24:37:66:51:f3:f4:
         93:93:1f:5d:5f:9b:1c:e1:31:05:aa:b1:31:f1:a9:d4:6a:0b:
         fa:55:24:6a:34:6f:38:82:87:7b:52:61:fc:c0:db:66:33:b4:
         0c:26:6b:97
-----BEGIN CERTIFICATE-----
MIIEyTCCA7GgAwIBAgIUB8NzRT4AaK2yiDBjksXzdJNmS+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIx
MjIzNkU5MjAeFw0yNTA2MDkxODAwMTdaFw0yNjA2MDgxODA1MTdaMDMxMTAvBgNV
BAMTKEVERTJCQjFBNEZCMkU4RDdCMjlDMzA2NUFDRjlDQjJGQ0U2NzcyOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIOHl7exwYFjOKZe6g8veXn/Cz
ObOsCzGqx3hrq1nBo+qmCRZ1jf104ELyXmiTLtYvc2RweUAa9T/YtweItDyayww3
ylGYdlSuHIRgYJoaQ3M8iSoUbZ2G2WdAfhz2dLy1xNy2W2y+s1VFjKGWVmAq+l+l
4vxb9QpW/eHwSk1U+djQb7EMZQcA2wlZqAEW35Qw+wlZBUPsiEAz9Or0UNrE76j/
OVmwiF0MJBCmXym4H4NTZ9ix4UGlmDuCxTOov7i65RKyB4xG+sEfxvAKeFu6yVrI
VE65bKSdBU9Byg0NEMetmupS2kfWAFc7DSHz6S1VERHeqp/cLTD7H4CdZ8VBAgMB
AAGjggHTMIIBzzAdBgNVHQ4EFgQU7eK7Gk+y6NeynDBlrPnLL85ncpIwHwYDVR0j
BBgwFoAUZW5EIqvxKWSSAOsBmoFfKxIjbpIwDgYDVR0PAQH/BAQDAgeAMGkGA1Ud
HwRiMGAwXqBcoFqGWHJzeW5jOi8va3JpbGwucmcubmV0L3JlcG8vcnBraS1iZWFj
b25zLWNhLzAvNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIxMjIzNkU5
Mi5jcmwwWwYIKwYBBQUHAQEETzBNMEsGCCsGAQUFBzAChj9yc3luYzovL2NhLnJn
Lm5ldC9ycGtpL1JHbmV0LU9VL1pXNUVJcXZ4S1dTU0FPc0Jtb0ZmS3hJamJwSS5j
ZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL2tyaWxsLnJn
Lm5ldC9yZXBvL3Jwa2ktYmVhY29ucy1jYS8wLzM0MzUyZTMxMzMzMjJlMzEzOTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAthL4wDQYJKoZI
hvcNAQELBQADggEBANMy88kfXaeuntdwK0MHvJhRIVRPdZAsPTp02HQMWbA5jgqV
cfM42xtAA6ppmMDPy7oKiKd7xDgD91f1E60d70TQtry02FH7WAagxorCpAyKr/IY
EIVB0cUC7bdnAKwZ3vFRgwJervmglM70owIq5QoaeyqluKJjAN8Spu4JOVlNuHMO
QNEqnSQYnlgEcNJZo6qZiG0oaPkQMg+NcVQZpJ3cdjtOXMGPaX6wANN94cDTkfi0
f8G4pt77ifpVYQmiLJa1lEfmmInFNnpqasVvPcsW+yQ3ZlHz9JOTH11fmxzhMQWq
sTHxqdRqC/pVJGo0bziCh3tSYfzA22YztAwma5c=
-----END CERTIFICATE-----