Route Origin Authorization

$ rpki-client -vvf krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139312e302f32342d3234203d3e2033393730.roa
File:                     34352e3133322e3139312e302f32342d3234203d3e2033393730.roa (raw, json)
Hash identifier:          Oy1mSyisXYrn3vcoOGy6axMtnSIX1xCofVEIpBbtceA=
Subject key identifier:   30:D5:8B:95:CE:91:1A:40:32:85:F7:24:4D:45:03:B8:1A:EA:8B:16
Certificate issuer:       /CN=656E4422ABF129649200EB019A815F2B12236E92
Certificate serial:       443FD6AE2783EE90DA25E2E5F44DA1CB3EC4E6C3
Authority key identifier: 65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92
Authority info access:    rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
Subject info access:      rsync://krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139312e302f32342d3234203d3e2033393730.roa
Signing time:             Sat 09 May 2026 20:06:06 +0000
ROA not before:           Sat 09 May 2026 20:01:06 +0000
ROA not after:            Sat 08 May 2027 20:06:06 +0000
asID:                     3970
IP address blocks:        45.132.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl
                          rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.mft
                          rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 04:45:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:3f:d6:ae:27:83:ee:90:da:25:e2:e5:f4:4d:a1:cb:3e:c4:e6:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656E4422ABF129649200EB019A815F2B12236E92
        Validity
            Not Before: May  9 20:01:06 2026 GMT
            Not After : May  8 20:06:06 2027 GMT
        Subject: CN=30D58B95CE911A403285F7244D4503B81AEA8B16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:7b:67:52:76:95:94:a3:79:ea:16:fa:92:04:
                    ce:e4:72:cc:6e:03:4d:d6:c8:aa:db:fd:93:21:bb:
                    75:c9:dd:35:f8:6b:79:fd:5d:63:7e:e4:cc:27:95:
                    4a:7a:af:35:db:85:bd:b5:3e:99:1f:7c:c7:69:f7:
                    03:68:20:d8:ce:76:35:a9:24:95:69:00:cd:59:41:
                    5e:58:66:5f:00:de:a0:93:5c:d9:b6:4e:81:3f:e4:
                    3c:04:ee:f6:65:fe:e1:e7:9b:61:33:43:40:20:72:
                    1d:e7:c2:be:9e:2d:9d:ca:b7:ac:62:c7:10:dc:b9:
                    bd:46:cd:7d:36:1e:c7:83:bf:f0:3e:01:cd:46:84:
                    42:08:25:e8:70:bf:9b:d1:23:79:6c:5e:ec:68:e2:
                    6a:83:e4:f0:b3:d5:f3:45:96:6e:6b:ab:77:ac:aa:
                    74:28:58:0c:aa:d9:86:7e:60:66:4c:3a:5a:c2:57:
                    69:4e:f0:b3:f3:c1:0b:18:3c:87:5f:98:f5:98:f5:
                    18:69:61:7f:ad:7b:77:8a:93:8b:ca:7f:8c:32:ab:
                    30:75:97:cf:90:ad:ce:97:c3:17:51:26:5b:28:84:
                    0d:2d:6f:08:b0:78:32:2f:96:66:2d:58:08:64:c1:
                    ab:35:47:e9:18:30:56:b9:13:3b:60:7d:9d:70:15:
                    50:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:D5:8B:95:CE:91:1A:40:32:85:F7:24:4D:45:03:B8:1A:EA:8B:16
            X509v3 Authority Key Identifier:
                keyid:65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl

            Authority Information Access:
                CA Issuers - URI:rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/34352e3133322e3139312e302f32342d3234203d3e2033393730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:d8:ec:7d:b1:d9:a2:f3:e9:02:9e:fa:4b:b6:e2:b1:2f:7c:
         f3:27:ab:30:b0:33:46:e8:92:05:eb:8b:0f:93:de:1d:7f:3a:
         69:01:a9:fb:2d:a3:9f:2c:1f:ec:e6:c2:79:56:7b:7f:20:87:
         c7:c1:47:0d:9b:41:ca:e8:82:62:21:c9:c0:7c:f3:cd:9a:dc:
         26:b4:83:ad:6d:63:b8:18:20:4c:72:05:ae:a1:a5:d2:37:83:
         ad:30:35:aa:a5:35:23:2e:4d:38:0e:24:52:2d:bd:d9:a1:aa:
         70:bd:1e:ba:3c:4e:a2:61:c2:ef:6d:69:04:94:3e:92:31:8d:
         6a:e1:2c:92:c0:58:20:a6:62:5d:47:b2:f7:1c:74:7d:cd:90:
         d5:ed:2a:41:0c:bf:4d:26:26:59:94:c8:73:c2:59:09:81:bf:
         bd:13:2e:ec:a2:7b:e7:3b:bd:87:a7:6c:93:e2:f7:0e:8a:3c:
         0e:2b:fc:ad:66:1a:d4:3b:fe:6e:01:03:cf:c8:2b:4c:f1:5a:
         8c:12:3d:eb:9d:0c:d0:27:e4:7a:f4:8c:43:f5:89:7e:d3:53:
         65:b8:ed:cc:3b:b1:e1:8a:f4:fa:c0:c1:62:b8:4f:0d:c6:e0:
         5d:16:79:8b:d7:8d:57:f5:2f:84:8a:e4:48:19:9c:6a:83:6d:
         df:c5:25:ad
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIURD/WrieD7pDaJeLl9E2hyz7E5sMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIx
MjIzNkU5MjAeFw0yNjA1MDkyMDAxMDZaFw0yNzA1MDgyMDA2MDZaMDMxMTAvBgNV
BAMTKDMwRDU4Qjk1Q0U5MTFBNDAzMjg1RjcyNDRENDUwM0I4MUFFQThCMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDze2dSdpWUo3nqFvqSBM7kcsxu
A03WyKrb/ZMhu3XJ3TX4a3n9XWN+5MwnlUp6rzXbhb21PpkffMdp9wNoINjOdjWp
JJVpAM1ZQV5YZl8A3qCTXNm2ToE/5DwE7vZl/uHnm2EzQ0Agch3nwr6eLZ3Kt6xi
xxDcub1GzX02HseDv/A+Ac1GhEIIJehwv5vRI3lsXuxo4mqD5PCz1fNFlm5rq3es
qnQoWAyq2YZ+YGZMOlrCV2lO8LPzwQsYPIdfmPWY9RhpYX+te3eKk4vKf4wyqzB1
l8+Qrc6XwxdRJlsohA0tbwiweDIvlmYtWAhkwas1R+kYMFa5EztgfZ1wFVBXAgMB
AAGjggHaMIIB1jAdBgNVHQ4EFgQUMNWLlc6RGkAyhfckTUUDuBrqixYwHwYDVR0j
BBgwFoAUZW5EIqvxKWSSAOsBmoFfKxIjbpIwDgYDVR0PAQH/BAQDAgeAMGkGA1Ud
HwRiMGAwXqBcoFqGWHJzeW5jOi8va3JpbGwucmcubmV0L3JlcG8vcnBraS1iZWFj
b25zLWNhLzAvNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIxMjIzNkU5
Mi5jcmwwWwYIKwYBBQUHAQEETzBNMEsGCCsGAQUFBzAChj9yc3luYzovL2NhLnJn
Lm5ldC9ycGtpL1JHbmV0LU9VL1pXNUVJcXZ4S1dTU0FPc0Jtb0ZmS3hJamJwSS5j
ZXIwgYAGCCsGAQUFBwELBHQwcjBwBggrBgEFBQcwC4ZkcnN5bmM6Ly9rcmlsbC5y
Zy5uZXQvcmVwby9ycGtpLWJlYWNvbnMtY2EvMC8zNDM1MmUzMTMzMzIyZTMxMzkz
MTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzNzMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYS/
MA0GCSqGSIb3DQEBCwUAA4IBAQCE2Ox9sdmi8+kCnvpLtuKxL3zzJ6swsDNG6JIF
64sPk94dfzppAan7LaOfLB/s5sJ5Vnt/IIfHwUcNm0HK6IJiIcnAfPPNmtwmtIOt
bWO4GCBMcgWuoaXSN4OtMDWqpTUjLk04DiRSLb3ZoapwvR66PE6iYcLvbWkElD6S
MY1q4SySwFggpmJdR7L3HHR9zZDV7SpBDL9NJiZZlMhzwlkJgb+9Ey7sonvnO72H
p2yT4vcOijwOK/ytZhrUO/5uAQPPyCtM8VqMEj3rnQzQJ+R69IxD9Yl+01NluO3M
O7HhivT6wMFiuE8NxuBdFnmL141X9S+EiuRIGZxqg23fxSWt
-----END CERTIFICATE-----