Route Origin Authorization

$ rpki-client -vvf krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e203437303635.roa
File:                     3134372e32382e31302e302f32332d3234203d3e203437303635.roa (raw, json)
Hash identifier:          +6IGfj4KE5Fon357Mz4hY46Lj0lkrQVIhXV3Upqg2+Y=
Subject key identifier:   A1:32:12:98:0F:0B:93:62:34:1F:36:62:8F:A2:38:B5:5F:AD:57:F5
Certificate issuer:       /CN=656E4422ABF129649200EB019A815F2B12236E92
Certificate serial:       0FA9FBB20B9287381D9943E093DF269AE975CB08
Authority key identifier: 65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92
Authority info access:    rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
Subject info access:      rsync://krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e203437303635.roa
Signing time:             Wed 18 Mar 2026 22:06:06 +0000
ROA not before:           Wed 18 Mar 2026 22:01:06 +0000
ROA not after:            Wed 17 Mar 2027 22:06:06 +0000
asID:                     47065
IP address blocks:        147.28.10.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl
                          rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.mft
                          rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 25 Mar 2026 10:15:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:a9:fb:b2:0b:92:87:38:1d:99:43:e0:93:df:26:9a:e9:75:cb:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656E4422ABF129649200EB019A815F2B12236E92
        Validity
            Not Before: Mar 18 22:01:06 2026 GMT
            Not After : Mar 17 22:06:06 2027 GMT
        Subject: CN=A13212980F0B9362341F36628FA238B55FAD57F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0e:92:65:bd:d4:dd:e1:07:4b:4d:79:1c:2c:
                    e5:4b:b2:f8:29:f9:dc:c9:6f:75:3c:39:b8:16:6d:
                    ff:38:06:d4:82:d9:1e:dc:f0:52:9c:b4:55:b3:87:
                    5e:55:4a:f0:df:d1:47:14:42:5c:a3:9c:c6:fe:17:
                    9c:2a:a6:04:18:be:4c:b9:5c:04:01:4f:4b:87:da:
                    e9:9b:52:70:26:0d:d3:df:ee:70:3e:1d:4c:d2:0e:
                    6b:47:3a:d2:54:e2:6a:12:e4:f8:a6:cc:00:df:c3:
                    8c:c2:b8:cd:64:2c:b6:99:d8:3c:6a:33:6c:7d:66:
                    ec:8a:16:09:ce:78:4c:09:cb:2a:33:76:d8:14:0e:
                    39:01:ea:d5:2f:92:b9:10:3d:5a:a4:ff:b3:bd:ba:
                    47:b9:ce:1d:62:a8:79:f9:d9:f4:c1:4e:8c:52:09:
                    82:06:0e:54:b7:a2:9c:a5:e8:fb:16:98:64:68:f7:
                    d6:1a:51:32:70:04:46:19:4b:3b:9f:5e:74:fc:05:
                    be:c7:38:61:ad:99:c6:a6:3e:ff:d6:32:f6:95:44:
                    f7:f3:05:a9:be:ec:e3:c6:e8:b3:b5:ed:66:8b:54:
                    84:46:c7:54:ad:04:50:99:9f:eb:d8:63:5f:19:c2:
                    3d:3b:61:5f:4f:78:b9:7a:29:d0:2a:73:05:32:d3:
                    db:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:32:12:98:0F:0B:93:62:34:1F:36:62:8F:A2:38:B5:5F:AD:57:F5
            X509v3 Authority Key Identifier:
                keyid:65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl

            Authority Information Access:
                CA Issuers - URI:rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e203437303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d6:84:97:6a:c2:15:43:9e:ce:0a:26:9b:19:0e:ad:ca:06:26:
         4e:b5:12:ac:d4:4b:5b:1e:8c:91:19:de:38:5a:df:09:c2:63:
         6d:56:36:be:c6:4e:2f:71:6f:9f:eb:84:56:07:ad:49:b0:40:
         c7:5b:a1:db:86:94:cd:f1:86:9c:87:34:c8:03:9d:55:b0:39:
         86:0a:f4:be:a6:36:62:07:3c:3c:7d:ce:f8:e6:d0:a0:c1:1e:
         f1:3f:c2:63:d4:4d:a1:84:e8:6c:29:f0:63:b2:8d:68:51:67:
         a6:80:d0:e5:45:25:ec:b9:9c:2e:74:46:da:dc:77:b3:50:6f:
         d4:d9:7a:7a:a6:91:e6:a3:4d:6d:f9:75:d5:9b:d3:2b:e8:4c:
         59:31:5f:77:78:f9:ca:01:8a:e7:ef:db:5d:05:9d:72:e0:f5:
         e2:dc:7e:91:bf:06:b9:2c:76:78:c4:32:a7:83:48:8a:58:b4:
         99:61:8e:57:7b:fb:ec:56:bd:ea:fa:0f:16:c7:85:6f:f4:9e:
         b9:75:88:d6:07:fe:9e:c4:f2:16:af:10:a0:f7:3a:a1:06:dc:
         1d:6f:81:2b:69:de:c2:af:ad:ac:90:55:6e:c6:4c:03:86:6d:
         a0:8b:f9:77:d7:d2:98:23:44:4d:5f:2d:38:d6:b3:92:64:bf:
         7f:6c:1c:a5
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIUD6n7sguShzgdmUPgk98mmul1ywgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIx
MjIzNkU5MjAeFw0yNjAzMTgyMjAxMDZaFw0yNzAzMTcyMjA2MDZaMDMxMTAvBgNV
BAMTKEExMzIxMjk4MEYwQjkzNjIzNDFGMzY2MjhGQTIzOEI1NUZBRDU3RjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzDpJlvdTd4QdLTXkcLOVLsvgp
+dzJb3U8ObgWbf84BtSC2R7c8FKctFWzh15VSvDf0UcUQlyjnMb+F5wqpgQYvky5
XAQBT0uH2umbUnAmDdPf7nA+HUzSDmtHOtJU4moS5PimzADfw4zCuM1kLLaZ2Dxq
M2x9ZuyKFgnOeEwJyyozdtgUDjkB6tUvkrkQPVqk/7O9uke5zh1iqHn52fTBToxS
CYIGDlS3opyl6PsWmGRo99YaUTJwBEYZSzufXnT8Bb7HOGGtmcamPv/WMvaVRPfz
Bam+7OPG6LO17WaLVIRGx1StBFCZn+vYY18Zwj07YV9PeLl6KdAqcwUy09t3AgMB
AAGjggHaMIIB1jAdBgNVHQ4EFgQUoTISmA8Lk2I0HzZij6I4tV+tV/UwHwYDVR0j
BBgwFoAUZW5EIqvxKWSSAOsBmoFfKxIjbpIwDgYDVR0PAQH/BAQDAgeAMGkGA1Ud
HwRiMGAwXqBcoFqGWHJzeW5jOi8va3JpbGwucmcubmV0L3JlcG8vcnBraS1iZWFj
b25zLWNhLzAvNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIxMjIzNkU5
Mi5jcmwwWwYIKwYBBQUHAQEETzBNMEsGCCsGAQUFBzAChj9yc3luYzovL2NhLnJn
Lm5ldC9ycGtpL1JHbmV0LU9VL1pXNUVJcXZ4S1dTU0FPc0Jtb0ZmS3hJamJwSS5j
ZXIwgYAGCCsGAQUFBwELBHQwcjBwBggrBgEFBQcwC4ZkcnN5bmM6Ly9rcmlsbC5y
Zy5uZXQvcmVwby9ycGtpLWJlYWNvbnMtY2EvMC8zMTM0MzcyZTMyMzgyZTMxMzAy
ZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzNDM3MzAzNjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkxwK
MA0GCSqGSIb3DQEBCwUAA4IBAQDWhJdqwhVDns4KJpsZDq3KBiZOtRKs1EtbHoyR
Gd44Wt8JwmNtVja+xk4vcW+f64RWB61JsEDHW6HbhpTN8YachzTIA51VsDmGCvS+
pjZiBzw8fc745tCgwR7xP8Jj1E2hhOhsKfBjso1oUWemgNDlRSXsuZwudEba3Hez
UG/U2Xp6ppHmo01t+XXVm9Mr6ExZMV93ePnKAYrn79tdBZ1y4PXi3H6Rvwa5LHZ4
xDKng0iKWLSZYY5Xe/vsVr3q+g8Wx4Vv9J65dYjWB/6exPIWrxCg9zqhBtwdb4Er
ad7Cr62skFVuxkwDhm2gi/l319KYI0RNXy041rOSZL9/bByl
-----END CERTIFICATE-----