Route Origin Authorization

$ rpki-client -vvf rsync.krill.cloud/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa
File:                     3138352e34392e3134302e302f32332d3233203d3e2038353837.roa (raw, json)
Hash identifier:          SMSZB8wpVtSRYl1+06KZK/0op6J/ghngBhBk+x0FC1U=
Subject key identifier:   F2:8F:8E:65:BA:21:6F:9D:B4:2B:C8:A1:EF:FC:3F:6E:15:14:9E:05
Certificate issuer:       /CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
Certificate serial:       6543EA7E4618718DAB05A2024DA6DF98A6798A30
Authority key identifier: A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
Subject info access:      rsync://rsync.krill.cloud/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa
Signing time:             Mon 26 Jun 2023 19:47:01 +0000
ROA not before:           Mon 26 Jun 2023 19:42:01 +0000
ROA not after:            Mon 24 Jun 2024 19:47:01 +0000
asID:                     8587
IP address blocks:        185.49.140.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl
                          rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:43:ea:7e:46:18:71:8d:ab:05:a2:02:4d:a6:df:98:a6:79:8a:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
        Validity
            Not Before: Jun 26 19:42:01 2023 GMT
            Not After : Jun 24 19:47:01 2024 GMT
        Subject: CN=F28F8E65BA216F9DB42BC8A1EFFC3F6E15149E05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c3:b4:3f:df:68:16:87:4c:9b:40:01:ff:7d:
                    44:64:5e:86:58:72:d5:0d:fd:09:10:89:ff:ec:dd:
                    77:6f:73:83:c4:f1:7b:53:11:e3:b6:23:8d:ff:f7:
                    f8:d8:48:98:2f:37:43:63:40:76:e9:37:73:cc:83:
                    98:cc:27:ed:ff:ee:2e:b0:8d:35:8d:ee:eb:b8:39:
                    f7:68:fd:ea:0e:17:d0:34:7c:ad:7a:b2:b6:8d:51:
                    03:a7:5b:c0:c9:0d:8f:07:e9:0f:71:63:ec:4e:99:
                    25:4b:fe:ac:25:7b:94:8e:5b:0e:b2:6e:fc:01:d5:
                    0e:a4:c1:26:54:c7:3c:fd:46:bf:5e:37:1a:b1:87:
                    30:bc:af:6f:93:5a:97:3c:91:fa:22:ac:68:05:b2:
                    39:60:c7:58:a5:6a:af:64:f1:10:16:f8:f2:cd:0c:
                    3f:2b:c1:6f:aa:a2:53:6e:a9:41:f8:9a:af:1b:51:
                    1b:39:d0:04:ea:c3:62:ea:63:c0:54:4c:2f:ff:4a:
                    78:20:a2:bf:e1:5c:47:13:f8:52:31:4c:95:43:13:
                    1a:c4:45:96:0b:d4:68:5f:41:57:e2:c3:7f:24:49:
                    30:6d:a4:59:e7:ea:0f:07:51:cb:07:ab:65:a9:1f:
                    87:78:fd:c4:4c:6b:df:b4:77:a5:0c:06:10:bd:93:
                    5d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:8F:8E:65:BA:21:6F:9D:B4:2B:C8:A1:EF:FC:3F:6E:15:14:9E:05
            X509v3 Authority Key Identifier:
                keyid:A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:e9:32:c5:a5:a6:78:de:17:8e:72:e0:fd:81:d7:7d:3c:48:
         52:88:40:25:75:f3:bd:e1:be:d1:70:87:4b:39:21:a7:83:a9:
         8d:de:16:b7:50:d0:e5:0a:cb:a2:c0:08:25:15:60:96:10:50:
         63:b9:88:5d:32:c9:39:32:78:41:83:1f:da:f3:08:20:64:45:
         14:b0:df:74:da:c2:78:09:07:19:b4:ab:58:34:f9:1c:a3:51:
         56:fe:a5:78:56:2e:48:a5:2b:a9:f6:3d:95:9a:ca:4b:b8:c2:
         41:dc:89:7f:94:d9:19:69:d0:5c:8f:4c:8a:be:99:4a:df:57:
         3c:66:80:7b:4d:3a:7b:c2:ea:a5:b1:9c:f7:cc:ab:c8:bd:b0:
         42:31:fe:1a:b9:db:63:a1:92:c3:98:dd:6d:a9:05:8e:3a:49:
         e5:dd:cc:5a:0b:84:0c:62:fd:8c:57:e3:9c:5a:64:2c:1e:d0:
         4a:11:46:bf:43:fe:fb:77:f0:83:dd:1c:46:04:88:6a:35:73:
         16:18:d3:d6:48:b5:3d:6b:d5:7d:a3:ce:22:e4:a2:dd:07:d1:
         65:cf:ac:a7:de:1b:18:d7:3e:20:31:1f:75:13:e0:ef:d1:94:
         81:46:06:88:b8:ce:df:c4:22:ae:d3:e6:d2:79:15:c4:f5:c6:
         16:8b:11:4e
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgIUZUPqfkYYcY2rBaICTabfmKZ5ijAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgxZWIzYTVlYjNkZjYzNDU1MWE5MDcyMmJjNjNhZDdl
MDIyY2FjNDAeFw0yMzA2MjYxOTQyMDFaFw0yNDA2MjQxOTQ3MDFaMDMxMTAvBgNV
BAMTKEYyOEY4RTY1QkEyMTZGOURCNDJCQzhBMUVGRkMzRjZFMTUxNDlFMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuw7Q/32gWh0ybQAH/fURkXoZY
ctUN/QkQif/s3Xdvc4PE8XtTEeO2I43/9/jYSJgvN0NjQHbpN3PMg5jMJ+3/7i6w
jTWN7uu4Ofdo/eoOF9A0fK16sraNUQOnW8DJDY8H6Q9xY+xOmSVL/qwle5SOWw6y
bvwB1Q6kwSZUxzz9Rr9eNxqxhzC8r2+TWpc8kfoirGgFsjlgx1ilaq9k8RAW+PLN
DD8rwW+qolNuqUH4mq8bURs50ATqw2LqY8BUTC//Snggor/hXEcT+FIxTJVDExrE
RZYL1GhfQVfiw38kSTBtpFnn6g8HUcsHq2WpH4d4/cRMa9+0d6UMBhC9k13XAgMB
AAGjggHgMIIB3DAdBgNVHQ4EFgQU8o+OZbohb520K8ih7/w/bhUUngUwHwYDVR0j
BBgwFoAUqB6zpes99jRVGpByK8Y61+AiysQwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5l
dGxhYnMvMS9BODFFQjNBNUVCM0RGNjM0NTUxQTkwNzIyQkM2M0FEN0UwMjJDQUM0
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcUI2enBlczk5alJWR3BCeUs4WTYx
LUFpeXNRLmNlcjB/BggrBgEFBQcBCwRzMHEwbwYIKwYBBQUHMAuGY3JzeW5jOi8v
cnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5ldGxhYnMvMS8zMTM4MzUyZTM0Mzky
ZTMxMzQzMDJlMzAyZjMyMzMyZDMyMzMyMDNkM2UyMDM4MzUzODM3LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQBuTGMMA0GCSqGSIb3DQEBCwUAA4IBAQCB6TLFpaZ43heOcuD9gdd9PEhSiEAl
dfO94b7RcIdLOSGng6mN3ha3UNDlCsuiwAglFWCWEFBjuYhdMsk5MnhBgx/a8wgg
ZEUUsN902sJ4CQcZtKtYNPkco1FW/qV4Vi5IpSup9j2VmspLuMJB3Il/lNkZadBc
j0yKvplK31c8ZoB7TTp7wuqlsZz3zKvIvbBCMf4audtjoZLDmN1tqQWOOknl3cxa
C4QMYv2MV+OcWmQsHtBKEUa/Q/77d/CD3RxGBIhqNXMWGNPWSLU9a9V9o84i5KLd
B9Flz6yn3hsY1z4gMR91E+Dv0ZSBRgaIuM7fxCKu0+bSeRXE9cYWixFO
-----END CERTIFICATE-----