Route Origin Authorization

$ rpki-client -vvf krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139312e302f32342d3234203d3e2033393730.roa
File:                     34352e3133322e3139312e302f32342d3234203d3e2033393730.roa (raw, json)
Hash identifier:          piR0xY2W/Fg7dFVRqqqeApVksNlAZNhoOxCqAZQ09I0=
Subject key identifier:   66:CE:4D:B6:14:42:EF:4C:17:85:54:93:4D:4C:7F:2A:B9:97:BE:9C
Certificate issuer:       /CN=656E4422ABF129649200EB019A815F2B12236E92
Certificate serial:       7052ADA18B8292FD7FAEDA25E53668152DE8E99A
Authority key identifier: 65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92
Authority info access:    rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
Subject info access:      rsync://krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139312e302f32342d3234203d3e2033393730.roa
Signing time:             Sat 07 Jun 2025 19:27:31 +0000
ROA not before:           Sat 07 Jun 2025 19:22:31 +0000
ROA not after:            Sat 06 Jun 2026 19:27:31 +0000
asID:                     3970
IP address blocks:        45.132.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl
                          rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.mft
                          rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Jun 2025 18:26:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:52:ad:a1:8b:82:92:fd:7f:ae:da:25:e5:36:68:15:2d:e8:e9:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656E4422ABF129649200EB019A815F2B12236E92
        Validity
            Not Before: Jun  7 19:22:31 2025 GMT
            Not After : Jun  6 19:27:31 2026 GMT
        Subject: CN=66CE4DB61442EF4C178554934D4C7F2AB997BE9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:39:e5:12:55:99:18:c1:35:fd:88:46:12:3d:
                    ec:fd:51:f8:0d:a2:63:13:dd:30:b0:15:28:01:7e:
                    1f:37:53:30:af:24:b4:42:4d:47:cc:dc:33:d4:78:
                    af:b0:d7:43:1e:5d:80:d3:89:4b:13:c0:6f:eb:2c:
                    99:aa:06:d6:c6:43:45:25:83:1d:bb:46:c7:7a:6f:
                    f4:29:f2:a0:3d:8e:85:f3:f2:95:23:f0:18:b5:56:
                    8d:b3:df:d6:eb:27:fd:05:94:b8:be:d8:5e:50:2d:
                    b4:d9:a3:63:53:40:b5:31:5f:c6:96:58:b1:af:3e:
                    27:83:47:84:69:99:37:b9:77:4b:8a:44:ee:84:d4:
                    15:6e:30:6b:22:a9:59:68:1c:7c:2d:be:12:0e:b3:
                    bf:54:1b:86:7b:a7:f2:b3:a8:01:17:27:84:31:53:
                    4c:06:c2:01:75:4a:84:4c:7e:91:79:40:7f:b6:b8:
                    dc:fb:25:72:74:93:c7:e1:a8:93:44:94:c0:60:fd:
                    e7:d9:33:06:fe:63:45:1c:dd:25:e0:21:c9:98:ca:
                    d0:ac:38:c6:a8:d4:8c:3f:98:62:5f:c5:8a:d6:fb:
                    7a:75:a1:21:db:1b:fd:6c:ef:9c:9b:a7:7d:12:9c:
                    6b:58:f0:69:18:84:01:1f:76:f0:83:53:e8:ec:a1:
                    8c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:CE:4D:B6:14:42:EF:4C:17:85:54:93:4D:4C:7F:2A:B9:97:BE:9C
            X509v3 Authority Key Identifier:
                keyid:65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl

            Authority Information Access:
                CA Issuers - URI:rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139312e302f32342d3234203d3e2033393730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:78:26:5c:bf:e8:49:b2:ca:e5:e1:a3:0d:23:43:4d:c9:12:
         e3:61:d4:b7:6a:aa:b8:c4:f8:8e:81:51:f5:5b:b0:b5:6c:d7:
         05:6b:95:20:ef:79:6c:f3:4a:b2:a6:e7:f8:e6:2b:51:3f:99:
         fb:f6:94:cf:66:bf:a6:54:bf:7f:70:39:d8:39:4d:f4:81:e1:
         85:d0:00:a3:cf:83:70:23:01:01:7f:ca:f2:ce:1a:0f:2e:05:
         1c:21:91:6b:9d:9e:29:7e:c3:65:2e:ae:c5:ac:82:87:f3:08:
         8c:2b:8d:e3:6b:38:67:b8:0e:46:bb:42:0f:7c:78:e9:3d:49:
         d3:d9:88:b1:fe:c4:0e:2a:98:fe:61:e1:cd:b9:91:79:66:c2:
         ab:9e:24:a0:0c:cf:b9:f9:d8:6c:9b:66:1b:59:19:d0:e8:3d:
         8e:8f:01:99:00:fb:9d:b6:5d:6f:9e:87:07:ea:d4:90:ef:da:
         95:a7:bd:71:92:ee:79:4c:a4:42:2f:de:b8:f2:ff:a5:25:1e:
         07:64:3d:0d:4c:0e:34:ed:da:dd:93:86:dd:b5:97:7b:a5:a5:
         2e:97:58:55:b2:a5:6a:49:c7:bb:14:6f:8e:55:80:42:dd:a7:
         80:47:99:31:b7:41:c5:c7:38:87:b2:7c:38:78:30:df:d6:d0:
         94:24:d7:02
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIUcFKtoYuCkv1/rtol5TZoFS3o6ZowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIx
MjIzNkU5MjAeFw0yNTA2MDcxOTIyMzFaFw0yNjA2MDYxOTI3MzFaMDMxMTAvBgNV
BAMTKDY2Q0U0REI2MTQ0MkVGNEMxNzg1NTQ5MzRENEM3RjJBQjk5N0JFOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqOeUSVZkYwTX9iEYSPez9UfgN
omMT3TCwFSgBfh83UzCvJLRCTUfM3DPUeK+w10MeXYDTiUsTwG/rLJmqBtbGQ0Ul
gx27Rsd6b/Qp8qA9joXz8pUj8Bi1Vo2z39brJ/0FlLi+2F5QLbTZo2NTQLUxX8aW
WLGvPieDR4RpmTe5d0uKRO6E1BVuMGsiqVloHHwtvhIOs79UG4Z7p/KzqAEXJ4Qx
U0wGwgF1SoRMfpF5QH+2uNz7JXJ0k8fhqJNElMBg/efZMwb+Y0Uc3SXgIcmYytCs
OMao1Iw/mGJfxYrW+3p1oSHbG/1s75ybp30SnGtY8GkYhAEfdvCDU+jsoYxVAgMB
AAGjggHaMIIB1jAdBgNVHQ4EFgQUZs5NthRC70wXhVSTTUx/KrmXvpwwHwYDVR0j
BBgwFoAUZW5EIqvxKWSSAOsBmoFfKxIjbpIwDgYDVR0PAQH/BAQDAgeAMGkGA1Ud
HwRiMGAwXqBcoFqGWHJzeW5jOi8va3JpbGwucmcubmV0L3JlcG8vcnBraS1iZWFj
b25zLWNhLzAvNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIxMjIzNkU5
Mi5jcmwwWwYIKwYBBQUHAQEETzBNMEsGCCsGAQUFBzAChj9yc3luYzovL2NhLnJn
Lm5ldC9ycGtpL1JHbmV0LU9VL1pXNUVJcXZ4S1dTU0FPc0Jtb0ZmS3hJamJwSS5j
ZXIwgYAGCCsGAQUFBwELBHQwcjBwBggrBgEFBQcwC4ZkcnN5bmM6Ly9rcmlsbC5y
Zy5uZXQvcmVwby9ycGtpLWJlYWNvbnMtY2EvMC8zNDM1MmUzMTMzMzIyZTMxMzkz
MTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzNzMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYS/
MA0GCSqGSIb3DQEBCwUAA4IBAQBGeCZcv+hJssrl4aMNI0NNyRLjYdS3aqq4xPiO
gVH1W7C1bNcFa5Ug73ls80qypuf45itRP5n79pTPZr+mVL9/cDnYOU30geGF0ACj
z4NwIwEBf8ryzhoPLgUcIZFrnZ4pfsNlLq7FrIKH8wiMK43jazhnuA5Gu0IPfHjp
PUnT2Yix/sQOKpj+YeHNuZF5ZsKrniSgDM+5+dhsm2YbWRnQ6D2OjwGZAPudtl1v
nocH6tSQ79qVp71xku55TKRCL9648v+lJR4HZD0NTA407drdk4bdtZd7paUul1hV
sqVqSce7FG+OVYBC3aeAR5kxt0HFxziHsnw4eDDf1tCUJNcC
-----END CERTIFICATE-----