Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3332203d3e2038353837.roa
File:                     326130343a623930303a3a2f33302d3332203d3e2038353837.roa (raw, json)
Hash identifier:          /gK7sT8vO6oSb1xKhSKHO77+weY6Y7CXtqogLjBhWSo=
Subject key identifier:   9A:B5:8C:B8:DC:0D:6F:D0:9D:A1:E7:24:A6:31:3E:10:00:15:4B:F0
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       50FE627944A9600A9D7614290A423887AA4EFE49
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3332203d3e2038353837.roa
Signing time:             Mon 10 Jun 2024 13:29:14 +0000
ROA not before:           Mon 10 Jun 2024 13:24:14 +0000
ROA not after:            Mon 09 Jun 2025 13:29:14 +0000
asID:                     8587
IP address blocks:        2a04:b900::/30 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:fe:62:79:44:a9:60:0a:9d:76:14:29:0a:42:38:87:aa:4e:fe:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:14 2024 GMT
            Not After : Jun  9 13:29:14 2025 GMT
        Subject: CN=9AB58CB8DC0D6FD09DA1E724A6313E1000154BF0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ca:2c:a8:64:1e:65:c0:4d:05:96:9d:e4:44:
                    51:cd:76:62:ab:88:65:2b:4b:d2:78:ad:30:16:74:
                    02:0e:ee:ae:02:7e:e5:4f:0d:2f:10:f6:fa:4f:66:
                    bf:58:50:8f:0e:6c:64:a8:52:48:c8:6e:b1:ee:57:
                    f9:f2:47:30:4e:69:6c:01:ef:a6:39:ad:3a:8a:9b:
                    ef:53:02:7c:5c:76:b9:51:93:32:79:9a:63:8d:0b:
                    71:dd:df:e6:16:db:64:d1:f4:95:61:7a:d4:ef:7c:
                    d4:0d:c8:54:60:ea:44:9e:b6:90:4d:25:36:ac:c3:
                    2a:79:6c:3a:06:d9:78:0a:79:a8:7b:4a:58:1d:a0:
                    5b:9d:b2:f4:ff:af:cd:fb:26:83:41:76:2d:52:33:
                    57:38:ff:ea:8b:aa:2b:39:22:9a:35:dc:32:82:df:
                    c8:07:85:b3:cd:b8:51:f8:fc:9d:69:e3:5d:60:27:
                    12:34:ef:fc:7c:9e:1c:74:a3:62:f1:44:bd:97:83:
                    6e:05:11:57:c8:53:82:3a:76:9c:e8:50:43:dc:5e:
                    83:c3:26:3b:de:30:35:ee:16:73:b6:0e:b6:58:6a:
                    d3:9a:3e:64:58:aa:34:e2:9c:2a:49:1f:29:20:9b:
                    03:77:70:fa:63:71:d9:7c:29:be:b0:d5:72:2b:30:
                    34:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:B5:8C:B8:DC:0D:6F:D0:9D:A1:E7:24:A6:31:3E:10:00:15:4B:F0
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3332203d3e2038353837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b900::/30

    Signature Algorithm: sha256WithRSAEncryption
         58:c1:df:32:76:ce:50:67:26:2a:50:8e:b4:7c:7e:b2:10:16:
         c1:81:31:2c:c8:36:10:1a:77:25:64:2f:a6:e0:be:b2:99:2d:
         17:10:0d:5d:e3:11:44:ab:80:a0:41:85:da:4f:95:94:ae:3e:
         2b:84:7c:8f:6a:9c:77:d3:35:89:fd:8c:4a:76:07:f4:b3:79:
         95:23:d1:ef:66:d6:08:88:05:78:7d:a2:e0:bc:b3:28:f2:a0:
         59:d0:8a:46:eb:6d:90:e1:df:a6:76:fe:ab:2a:b7:bb:16:45:
         83:0d:82:f4:f4:3f:d2:bb:b6:e2:83:1b:ec:78:ee:51:09:03:
         02:50:2d:95:27:96:46:e6:a9:dc:1a:4d:0c:84:b7:37:1e:ff:
         be:d3:e0:b3:33:ca:b0:ca:ad:5b:ff:61:94:19:39:f7:00:8a:
         2f:03:01:c7:a6:c0:80:69:69:e2:3a:bf:5d:0f:b5:bc:87:55:
         9f:66:e4:a8:d8:13:1d:3f:a8:c4:17:8f:26:5e:cc:3b:a5:6d:
         39:12:9e:27:f6:cc:c6:28:cb:ce:55:4b:4a:24:5b:90:b5:21:
         1e:39:9b:f5:af:02:eb:ce:c6:7f:a1:0a:c7:84:6a:02:d4:b3:
         8e:c2:29:4a:32:80:54:46:bd:86:dd:94:8f:db:25:f1:44:14:
         b0:0f:eb:29
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUUP5ieUSpYAqddhQpCkI4h6pO/kkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTRaFw0yNTA2MDkxMzI5MTRaMDMxMTAvBgNV
BAMTKDlBQjU4Q0I4REMwRDZGRDA5REExRTcyNEE2MzEzRTEwMDAxNTRCRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYyiyoZB5lwE0Flp3kRFHNdmKr
iGUrS9J4rTAWdAIO7q4CfuVPDS8Q9vpPZr9YUI8ObGSoUkjIbrHuV/nyRzBOaWwB
76Y5rTqKm+9TAnxcdrlRkzJ5mmONC3Hd3+YW22TR9JVhetTvfNQNyFRg6kSetpBN
JTaswyp5bDoG2XgKeah7SlgdoFudsvT/r837JoNBdi1SM1c4/+qLqis5Ipo13DKC
38gHhbPNuFH4/J1p411gJxI07/x8nhx0o2LxRL2Xg24FEVfIU4I6dpzoUEPcXoPD
JjveMDXuFnO2DrZYatOaPmRYqjTinCpJHykgmwN3cPpjcdl8Kb6w1XIrMDSZAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUmrWMuNwNb9CdoeckpjE+EAAVS/AwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYQGCCsGAQUFBwELBHgwdjB0BggrBgEFBQcwC4Zo
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzAzYTNhMmYzMzMwMmQzMzMyMjAzZDNlMjAzODM1
MzgzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB
/wQRMA8wDQQCAAIwBwMFAioEuQAwDQYJKoZIhvcNAQELBQADggEBAFjB3zJ2zlBn
JipQjrR8frIQFsGBMSzINhAadyVkL6bgvrKZLRcQDV3jEUSrgKBBhdpPlZSuPiuE
fI9qnHfTNYn9jEp2B/SzeZUj0e9m1giIBXh9ouC8syjyoFnQikbrbZDh36Z2/qsq
t7sWRYMNgvT0P9K7tuKDG+x47lEJAwJQLZUnlkbmqdwaTQyEtzce/77T4LMzyrDK
rVv/YZQZOfcAii8DAcemwIBpaeI6v10PtbyHVZ9m5KjYEx0/qMQXjyZezDulbTkS
nif2zMYoy85VS0okW5C1IR45m/WvAuvOxn+hCseEagLUs47CKUoygFRGvYbdlI/b
JfFEFLAP6yk=
-----END CERTIFICATE-----