Route Origin Authorization

$ rpki-client -vvf krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e203437303635.roa
File:                     3134372e32382e31302e302f32332d3234203d3e203437303635.roa (raw, json)
Hash identifier:          InllrUkC+i/L8Vq1qSaFZSxY2gcH0Pb1ZOihADOfZw0=
Subject key identifier:   23:54:E5:8E:E9:92:AB:C6:5F:E3:21:B3:51:1B:4F:34:BA:4A:9C:60
Certificate issuer:       /CN=656E4422ABF129649200EB019A815F2B12236E92
Certificate serial:       643B63773D6AD56D8826942212D88E8B6BD3EAC4
Authority key identifier: 65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92
Authority info access:    rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
Subject info access:      rsync://krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e203437303635.roa
Signing time:             Mon 31 Mar 2025 09:53:24 +0000
ROA not before:           Mon 31 Mar 2025 09:48:24 +0000
ROA not after:            Mon 30 Mar 2026 09:53:24 +0000
asID:                     47065
IP address blocks:        147.28.10.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl
                          rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.mft
                          rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 05:42:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:3b:63:77:3d:6a:d5:6d:88:26:94:22:12:d8:8e:8b:6b:d3:ea:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656E4422ABF129649200EB019A815F2B12236E92
        Validity
            Not Before: Mar 31 09:48:24 2025 GMT
            Not After : Mar 30 09:53:24 2026 GMT
        Subject: CN=2354E58EE992ABC65FE321B3511B4F34BA4A9C60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:79:22:07:62:8a:c7:c6:f7:3c:8e:5f:5a:e0:
                    f5:e0:23:45:71:34:4f:d2:b6:e1:a4:f0:2f:e6:c7:
                    e3:64:e8:a9:f1:e3:98:ea:70:ff:4f:9d:95:b9:0b:
                    79:47:6a:b7:cb:0c:94:36:26:59:6d:d4:86:03:05:
                    56:1f:db:06:32:89:7f:69:c1:93:2a:44:9d:d6:e5:
                    d2:88:d6:5a:5b:e9:9a:a1:e4:b8:91:55:09:cd:45:
                    69:c9:c7:4b:0e:35:75:a9:fc:e6:46:ad:e4:09:77:
                    35:9f:63:ce:cf:ba:f7:87:cc:17:3f:61:a2:2d:5b:
                    42:fe:45:00:8e:8f:f7:3f:89:2d:24:a6:b5:9e:56:
                    e3:62:32:31:23:8d:21:61:32:42:aa:ea:94:15:13:
                    ba:40:61:ce:ed:5f:e2:01:76:5b:ab:71:6a:f6:38:
                    18:b7:76:40:5b:aa:28:45:be:96:b1:6f:64:c4:ce:
                    8f:08:f4:70:bc:23:47:be:22:11:df:b2:a0:ab:05:
                    a8:99:36:6e:44:ab:ae:a2:1b:98:6d:f3:7b:34:65:
                    5e:05:36:1a:59:98:da:03:91:e1:3d:1a:35:18:77:
                    e8:e0:7c:de:d7:98:87:6b:a3:9a:42:fe:51:10:10:
                    ab:f7:f8:1c:1f:21:71:bc:ca:1c:45:65:a4:66:a9:
                    14:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:54:E5:8E:E9:92:AB:C6:5F:E3:21:B3:51:1B:4F:34:BA:4A:9C:60
            X509v3 Authority Key Identifier:
                keyid:65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl

            Authority Information Access:
                CA Issuers - URI:rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e203437303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         dd:bc:7b:71:17:7c:7f:8c:b5:da:b4:84:b1:16:4f:a3:52:8e:
         15:2a:20:da:eb:10:ea:e9:9c:e4:de:27:fd:7f:80:f6:04:e7:
         5d:72:4b:8a:c5:fe:63:32:1c:cb:80:5d:87:56:4b:33:b5:69:
         25:dc:cb:28:30:a3:5b:80:49:0c:d0:70:22:00:37:5b:a1:58:
         99:74:7b:75:2d:7b:5c:71:92:da:d0:0b:22:f6:31:1f:ee:16:
         29:f1:40:40:66:06:8b:3c:06:60:50:70:e9:e1:83:85:1c:0d:
         de:8e:50:28:95:48:2e:d1:7f:f4:64:14:fc:04:8e:fc:59:e2:
         58:c3:68:39:f3:73:c4:18:ed:64:e9:cd:cf:2d:44:1e:b4:b6:
         11:ae:d6:cd:61:c6:76:c0:dc:47:84:0d:c2:d1:10:c1:da:ae:
         97:30:88:6e:43:46:51:85:78:6c:7b:f8:93:a5:2b:cc:06:39:
         fd:39:fe:bd:35:ba:79:ea:68:d5:0d:51:70:97:eb:ed:99:f5:
         a1:52:10:ac:42:93:ee:9d:77:8d:72:f3:95:77:10:7c:04:bf:
         5a:79:03:a4:4e:31:43:03:7a:53:5d:57:7c:ce:fd:16:94:c9:
         88:4a:ad:18:cf:81:54:58:57:55:15:cc:74:17:45:04:bf:aa:
         1e:7b:11:8b
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIUZDtjdz1q1W2IJpQiEtiOi2vT6sQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIx
MjIzNkU5MjAeFw0yNTAzMzEwOTQ4MjRaFw0yNjAzMzAwOTUzMjRaMDMxMTAvBgNV
BAMTKDIzNTRFNThFRTk5MkFCQzY1RkUzMjFCMzUxMUI0RjM0QkE0QTlDNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyeSIHYorHxvc8jl9a4PXgI0Vx
NE/StuGk8C/mx+Nk6Knx45jqcP9PnZW5C3lHarfLDJQ2Jllt1IYDBVYf2wYyiX9p
wZMqRJ3W5dKI1lpb6Zqh5LiRVQnNRWnJx0sONXWp/OZGreQJdzWfY87PuveHzBc/
YaItW0L+RQCOj/c/iS0kprWeVuNiMjEjjSFhMkKq6pQVE7pAYc7tX+IBdlurcWr2
OBi3dkBbqihFvpaxb2TEzo8I9HC8I0e+IhHfsqCrBaiZNm5Eq66iG5ht83s0ZV4F
NhpZmNoDkeE9GjUYd+jgfN7XmIdro5pC/lEQEKv3+BwfIXG8yhxFZaRmqRRpAgMB
AAGjggHaMIIB1jAdBgNVHQ4EFgQUI1TljumSq8Zf4yGzURtPNLpKnGAwHwYDVR0j
BBgwFoAUZW5EIqvxKWSSAOsBmoFfKxIjbpIwDgYDVR0PAQH/BAQDAgeAMGkGA1Ud
HwRiMGAwXqBcoFqGWHJzeW5jOi8va3JpbGwucmcubmV0L3JlcG8vcnBraS1iZWFj
b25zLWNhLzAvNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIxMjIzNkU5
Mi5jcmwwWwYIKwYBBQUHAQEETzBNMEsGCCsGAQUFBzAChj9yc3luYzovL2NhLnJn
Lm5ldC9ycGtpL1JHbmV0LU9VL1pXNUVJcXZ4S1dTU0FPc0Jtb0ZmS3hJamJwSS5j
ZXIwgYAGCCsGAQUFBwELBHQwcjBwBggrBgEFBQcwC4ZkcnN5bmM6Ly9rcmlsbC5y
Zy5uZXQvcmVwby9ycGtpLWJlYWNvbnMtY2EvMC8zMTM0MzcyZTMyMzgyZTMxMzAy
ZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzNDM3MzAzNjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkxwK
MA0GCSqGSIb3DQEBCwUAA4IBAQDdvHtxF3x/jLXatISxFk+jUo4VKiDa6xDq6Zzk
3if9f4D2BOddckuKxf5jMhzLgF2HVksztWkl3MsoMKNbgEkM0HAiADdboViZdHt1
LXtccZLa0Asi9jEf7hYp8UBAZgaLPAZgUHDp4YOFHA3ejlAolUgu0X/0ZBT8BI78
WeJYw2g583PEGO1k6c3PLUQetLYRrtbNYcZ2wNxHhA3C0RDB2q6XMIhuQ0ZRhXhs
e/iTpSvMBjn9Of69Nbp56mjVDVFwl+vtmfWhUhCsQpPunXeNcvOVdxB8BL9aeQOk
TjFDA3pTXVd8zv0WlMmISq0Yz4FUWFdVFcx0F0UEv6oeexGL
-----END CERTIFICATE-----