Route Origin Authorization

$ rpki-client -vvf krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e2039343334.roa
File:                     3134372e32382e31302e302f32332d3234203d3e2039343334.roa (raw, json)
Hash identifier:          VtH6E5X9bla/lP/1oDgzLC/IGBeO4Y+MgLQlG/MHRAA=
Subject key identifier:   5F:03:86:34:34:B0:F1:5A:0A:D3:84:1C:7C:8B:17:6C:DF:24:60:59
Certificate issuer:       /CN=656E4422ABF129649200EB019A815F2B12236E92
Certificate serial:       56E1A8D03EED3133E6438EFF6EF7AF77B8FB9F74
Authority key identifier: 65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92
Authority info access:    rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
Subject info access:      rsync://krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e2039343334.roa
Signing time:             Fri 14 Mar 2025 17:23:53 +0000
ROA not before:           Fri 14 Mar 2025 17:18:53 +0000
ROA not after:            Fri 13 Mar 2026 17:23:53 +0000
asID:                     9434
IP address blocks:        147.28.10.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl
                          rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.mft
                          rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 10:26:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:e1:a8:d0:3e:ed:31:33:e6:43:8e:ff:6e:f7:af:77:b8:fb:9f:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656E4422ABF129649200EB019A815F2B12236E92
        Validity
            Not Before: Mar 14 17:18:53 2025 GMT
            Not After : Mar 13 17:23:53 2026 GMT
        Subject: CN=5F03863434B0F15A0AD3841C7C8B176CDF246059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ae:c3:28:f0:7a:20:ec:f7:b1:f8:87:e8:ad:
                    b0:9e:e5:26:21:2f:bf:74:37:e1:84:7a:11:8c:4e:
                    89:8b:54:73:e8:ff:92:c7:4b:cf:28:a3:5a:85:83:
                    59:07:5d:ec:fc:63:e9:45:41:c7:ce:b8:47:c8:f7:
                    41:9c:36:d5:bd:ce:61:32:80:14:ab:95:72:8a:c0:
                    d1:da:62:d5:0b:35:e9:b6:83:43:c3:be:d8:4f:0f:
                    00:23:7d:24:4b:d5:7f:32:35:c2:83:1c:7e:9a:14:
                    8d:4b:dc:39:3c:04:a1:fe:ba:a5:a3:86:2a:d4:af:
                    2f:ff:59:a1:a9:b6:45:6f:b3:34:c0:aa:3f:bb:dd:
                    ac:8c:9e:fe:05:70:10:d2:b1:ca:9b:c6:c9:2f:a0:
                    88:36:3c:e7:5f:86:1b:93:41:80:55:8b:c8:fc:50:
                    bd:ea:fd:68:6f:05:a5:1a:4e:e0:f7:c8:21:c7:91:
                    25:0d:5d:78:c6:66:e9:fb:d9:57:7d:b3:2c:21:8d:
                    de:42:a1:b5:5c:e0:b6:09:3d:b1:e6:30:14:f8:34:
                    93:0b:ab:1b:89:8f:a8:51:19:24:b3:ff:cb:0d:59:
                    b4:b0:9d:a1:12:b4:cf:14:04:04:ef:c2:ec:6e:7f:
                    74:4c:cb:b1:c9:60:33:7a:1b:63:8a:da:01:c5:6d:
                    ab:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:03:86:34:34:B0:F1:5A:0A:D3:84:1C:7C:8B:17:6C:DF:24:60:59
            X509v3 Authority Key Identifier:
                keyid:65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl

            Authority Information Access:
                CA Issuers - URI:rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e2039343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:18:af:63:40:ce:d7:9e:d0:82:d3:97:b2:53:05:1b:1b:27:
         58:e3:46:4d:61:05:ec:b1:f1:27:8f:41:a5:e7:06:84:90:02:
         b6:31:cb:93:b3:53:a4:eb:2a:d2:7f:ec:b3:38:7f:d5:d9:88:
         d9:2a:74:97:c0:a5:48:cf:4d:c9:1f:74:10:1b:4a:ee:b2:5d:
         60:65:be:e7:5c:00:50:dc:a6:91:6d:36:6c:00:21:e1:01:3e:
         db:5c:f1:9e:7d:32:63:d4:cf:b9:4e:e0:98:ad:03:b6:04:0e:
         16:5f:bd:c4:5b:5a:5e:49:c9:1e:bc:03:84:43:bf:1a:b7:98:
         01:44:d3:5c:d8:3a:2c:72:ec:73:c9:6d:7a:06:a2:ad:2b:69:
         a9:14:7e:c3:1d:37:f3:b1:a9:be:52:1c:b7:36:a2:39:ad:ce:
         65:5b:9a:69:3e:b4:4d:f7:3c:fe:41:3f:7f:31:dc:4a:48:ab:
         79:5a:d2:fa:08:91:07:95:a1:ab:ab:84:40:ad:d0:ef:20:45:
         72:6c:44:14:1c:d9:72:ae:05:f6:bd:23:2e:80:6f:36:6d:53:
         d2:2f:8c:57:f2:ed:6e:ed:1e:71:ea:14:aa:51:27:4d:a5:5c:
         b8:c7:18:4c:50:ff:c2:9b:1e:12:1a:ed:04:3f:c0:f2:1c:1d:
         a4:61:a8:61
-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgIUVuGo0D7tMTPmQ47/bvevd7j7n3QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIx
MjIzNkU5MjAeFw0yNTAzMTQxNzE4NTNaFw0yNjAzMTMxNzIzNTNaMDMxMTAvBgNV
BAMTKDVGMDM4NjM0MzRCMEYxNUEwQUQzODQxQzdDOEIxNzZDREYyNDYwNTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDrsMo8Hog7Pex+IforbCe5SYh
L790N+GEehGMTomLVHPo/5LHS88oo1qFg1kHXez8Y+lFQcfOuEfI90GcNtW9zmEy
gBSrlXKKwNHaYtULNem2g0PDvthPDwAjfSRL1X8yNcKDHH6aFI1L3Dk8BKH+uqWj
hirUry//WaGptkVvszTAqj+73ayMnv4FcBDSscqbxskvoIg2POdfhhuTQYBVi8j8
UL3q/WhvBaUaTuD3yCHHkSUNXXjGZun72Vd9sywhjd5CobVc4LYJPbHmMBT4NJML
qxuJj6hRGSSz/8sNWbSwnaEStM8UBATvwuxuf3RMy7HJYDN6G2OK2gHFbauNAgMB
AAGjggHXMIIB0zAdBgNVHQ4EFgQUXwOGNDSw8VoK04QcfIsXbN8kYFkwHwYDVR0j
BBgwFoAUZW5EIqvxKWSSAOsBmoFfKxIjbpIwDgYDVR0PAQH/BAQDAgeAMGkGA1Ud
HwRiMGAwXqBcoFqGWHJzeW5jOi8va3JpbGwucmcubmV0L3JlcG8vcnBraS1iZWFj
b25zLWNhLzAvNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIxMjIzNkU5
Mi5jcmwwWwYIKwYBBQUHAQEETzBNMEsGCCsGAQUFBzAChj9yc3luYzovL2NhLnJn
Lm5ldC9ycGtpL1JHbmV0LU9VL1pXNUVJcXZ4S1dTU0FPc0Jtb0ZmS3hJamJwSS5j
ZXIwfgYIKwYBBQUHAQsEcjBwMG4GCCsGAQUFBzALhmJyc3luYzovL2tyaWxsLnJn
Lm5ldC9yZXBvL3Jwa2ktYmVhY29ucy1jYS8wLzMxMzQzNzJlMzIzODJlMzEzMDJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM5MzQzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkxwKMA0G
CSqGSIb3DQEBCwUAA4IBAQATGK9jQM7XntCC05eyUwUbGydY40ZNYQXssfEnj0Gl
5waEkAK2McuTs1Ok6yrSf+yzOH/V2YjZKnSXwKVIz03JH3QQG0rusl1gZb7nXABQ
3KaRbTZsACHhAT7bXPGefTJj1M+5TuCYrQO2BA4WX73EW1peSckevAOEQ78at5gB
RNNc2DoscuxzyW16BqKtK2mpFH7DHTfzsam+Uhy3NqI5rc5lW5ppPrRN9zz+QT9/
MdxKSKt5WtL6CJEHlaGrq4RArdDvIEVybEQUHNlyrgX2vSMugG82bVPSL4xX8u1u
7R5x6hSqUSdNpVy4xxhMUP/Cmx4SGu0EP8DyHB2kYahh
-----END CERTIFICATE-----