Route Origin Authorization

$ rpki-client -vvf krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e2039343334.roa
File:                     3134372e32382e31302e302f32332d3234203d3e2039343334.roa (raw, json)
Hash identifier:          JX8MZMidVpDvMl1kvP+85ppT/iMcv1vVMBW6voLjwXs=
Subject key identifier:   D5:4C:7B:37:23:3E:BD:38:AF:01:1C:38:1F:4E:51:4F:86:E4:14:6A
Certificate issuer:       /CN=656E4422ABF129649200EB019A815F2B12236E92
Certificate serial:       1D2A1E15C43EBBA54AF579749E2F337318ABD1F2
Authority key identifier: 65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92
Authority info access:    rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
Subject info access:      rsync://krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e2039343334.roa
Signing time:             Wed 18 Mar 2026 22:06:06 +0000
ROA not before:           Wed 18 Mar 2026 22:01:06 +0000
ROA not after:            Wed 17 Mar 2027 22:06:06 +0000
asID:                     9434
IP address blocks:        147.28.10.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl
                          rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.mft
                          rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.crl
                          rsync://ca.rg.net/rpki/RGnet-OU/bW-_qXU9uNhGQz21NR2ansB8lr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bW-_qXU9uNhGQz21NR2ansB8lr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 25 Mar 2026 10:15:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:2a:1e:15:c4:3e:bb:a5:4a:f5:79:74:9e:2f:33:73:18:ab:d1:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656E4422ABF129649200EB019A815F2B12236E92
        Validity
            Not Before: Mar 18 22:01:06 2026 GMT
            Not After : Mar 17 22:06:06 2027 GMT
        Subject: CN=D54C7B37233EBD38AF011C381F4E514F86E4146A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d9:ed:14:1e:a6:fb:6c:aa:c9:56:b3:aa:fd:
                    85:46:53:7c:24:09:15:86:42:9f:b1:ab:a4:88:84:
                    96:98:33:ca:1b:f0:94:09:89:c6:63:f4:a2:c8:d9:
                    13:4f:cc:23:22:30:5a:80:b5:26:c2:26:ba:76:12:
                    48:ff:da:97:1e:16:b0:e5:0f:2e:e2:5b:db:bf:8a:
                    5e:93:46:df:3b:28:f3:46:8a:7e:c5:14:fa:37:b6:
                    78:c3:7a:15:68:13:e1:9e:4a:e0:e5:6b:cc:9e:99:
                    b2:5d:56:5d:35:b1:f4:af:51:aa:cf:88:99:75:21:
                    79:46:42:ae:f2:17:0d:d8:ac:08:66:88:e6:d0:53:
                    03:2d:9c:e9:95:de:bc:09:65:7b:6d:c5:d3:f0:27:
                    ed:a2:63:28:00:4f:f6:e2:08:ef:29:8b:d9:5b:95:
                    79:0e:7b:67:33:80:1f:77:d1:7a:55:df:1c:27:12:
                    83:df:23:3f:00:73:87:b1:56:38:ef:bc:e1:fa:80:
                    6f:bd:d1:1a:1a:3b:ae:50:3f:7d:23:8d:e1:e6:30:
                    84:26:7c:24:a0:da:af:1b:2e:f4:89:4b:df:21:a0:
                    35:81:44:e1:1d:b1:9b:78:18:0b:90:d9:73:3a:62:
                    75:56:8d:a3:cf:9d:c0:de:f4:af:7a:f1:57:40:55:
                    0c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:4C:7B:37:23:3E:BD:38:AF:01:1C:38:1F:4E:51:4F:86:E4:14:6A
            X509v3 Authority Key Identifier:
                keyid:65:6E:44:22:AB:F1:29:64:92:00:EB:01:9A:81:5F:2B:12:23:6E:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/656E4422ABF129649200EB019A815F2B12236E92.crl

            Authority Information Access:
                CA Issuers - URI:rsync://ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.rg.net/repo/rpki-beacons-ca/0/3134372e32382e31302e302f32332d3234203d3e2039343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:d1:f0:0e:fd:59:5c:d4:b9:9c:64:73:57:7e:95:85:98:95:
         20:b0:8d:d8:18:c2:be:68:a3:b4:29:1b:74:e7:b0:00:c2:3d:
         84:23:1c:12:a2:1b:8b:7b:2f:73:e3:89:e0:bc:20:87:51:01:
         ba:18:f9:75:e7:61:b3:24:43:57:25:80:0f:c8:1e:10:45:09:
         46:e9:13:ed:06:a8:46:da:7f:27:5b:e5:df:94:e4:d0:09:d1:
         22:64:0e:fb:ae:74:a1:dd:cb:11:e4:d0:11:3f:07:69:ed:88:
         62:ea:4c:82:64:bf:2f:a1:95:77:0b:dc:74:bf:da:73:fd:a7:
         33:ec:97:9f:46:b0:36:e6:55:0b:e1:78:99:cd:9b:af:6b:68:
         dc:c2:71:bf:12:05:b9:5f:6b:00:9d:de:64:9a:b7:a3:b7:d2:
         b1:75:1c:4c:56:6d:8e:eb:03:dc:a2:a7:49:05:01:6d:f0:f0:
         b9:c9:52:c0:7c:7f:17:b5:9b:62:ea:33:32:03:1b:86:09:2c:
         ba:85:2b:5e:cf:bd:d2:c4:e0:fd:c0:c4:2f:55:aa:91:9c:75:
         98:77:7a:9f:0b:70:be:bf:69:36:54:5f:fe:6d:5d:c5:80:f9:
         bc:2b:e3:c1:91:a3:a9:45:13:fa:13:33:bf:1f:44:b1:42:ac:
         e3:93:33:82
-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgIUHSoeFcQ+u6VK9Xl0ni8zcxir0fIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIx
MjIzNkU5MjAeFw0yNjAzMTgyMjAxMDZaFw0yNzAzMTcyMjA2MDZaMDMxMTAvBgNV
BAMTKEQ1NEM3QjM3MjMzRUJEMzhBRjAxMUMzODFGNEU1MTRGODZFNDE0NkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC02e0UHqb7bKrJVrOq/YVGU3wk
CRWGQp+xq6SIhJaYM8ob8JQJicZj9KLI2RNPzCMiMFqAtSbCJrp2Ekj/2pceFrDl
Dy7iW9u/il6TRt87KPNGin7FFPo3tnjDehVoE+GeSuDla8yembJdVl01sfSvUarP
iJl1IXlGQq7yFw3YrAhmiObQUwMtnOmV3rwJZXttxdPwJ+2iYygAT/biCO8pi9lb
lXkOe2czgB930XpV3xwnEoPfIz8Ac4exVjjvvOH6gG+90RoaO65QP30jjeHmMIQm
fCSg2q8bLvSJS98hoDWBROEdsZt4GAuQ2XM6YnVWjaPPncDe9K968VdAVQxRAgMB
AAGjggHXMIIB0zAdBgNVHQ4EFgQU1Ux7NyM+vTivARw4H05RT4bkFGowHwYDVR0j
BBgwFoAUZW5EIqvxKWSSAOsBmoFfKxIjbpIwDgYDVR0PAQH/BAQDAgeAMGkGA1Ud
HwRiMGAwXqBcoFqGWHJzeW5jOi8va3JpbGwucmcubmV0L3JlcG8vcnBraS1iZWFj
b25zLWNhLzAvNjU2RTQ0MjJBQkYxMjk2NDkyMDBFQjAxOUE4MTVGMkIxMjIzNkU5
Mi5jcmwwWwYIKwYBBQUHAQEETzBNMEsGCCsGAQUFBzAChj9yc3luYzovL2NhLnJn
Lm5ldC9ycGtpL1JHbmV0LU9VL1pXNUVJcXZ4S1dTU0FPc0Jtb0ZmS3hJamJwSS5j
ZXIwfgYIKwYBBQUHAQsEcjBwMG4GCCsGAQUFBzALhmJyc3luYzovL2tyaWxsLnJn
Lm5ldC9yZXBvL3Jwa2ktYmVhY29ucy1jYS8wLzMxMzQzNzJlMzIzODJlMzEzMDJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM5MzQzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkxwKMA0G
CSqGSIb3DQEBCwUAA4IBAQAH0fAO/Vlc1LmcZHNXfpWFmJUgsI3YGMK+aKO0KRt0
57AAwj2EIxwSohuLey9z44ngvCCHUQG6GPl152GzJENXJYAPyB4QRQlG6RPtBqhG
2n8nW+XflOTQCdEiZA77rnSh3csR5NARPwdp7Yhi6kyCZL8voZV3C9x0v9pz/acz
7JefRrA25lUL4XiZzZuva2jcwnG/EgW5X2sAnd5kmrejt9KxdRxMVm2O6wPcoqdJ
BQFt8PC5yVLAfH8XtZti6jMyAxuGCSy6hStez73SxOD9wMQvVaqRnHWYd3qfC3C+
v2k2VF/+bV3FgPm8K+PBkaOpRRP6EzO/H0SxQqzjkzOC
-----END CERTIFICATE-----