Route Origin Authorization

$ rpki-client -vvf rsync.krill.cloud/repo/nlnetlabs/1/3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa
File:                     3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa (raw, json)
Hash identifier:          pjOVigVrZmwtH9ozJGSqaEAEoLWZgAZAg9DnN+uwLn8=
Subject key identifier:   9B:8A:85:3C:99:F3:70:B0:90:7E:C8:95:3C:E6:99:39:6B:36:AB:9A
Certificate issuer:       /CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
Certificate serial:       7A6C67764770C4D3EEB3388E800B2CDC9C1DD2C5
Authority key identifier: A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
Subject info access:      rsync://rsync.krill.cloud/repo/nlnetlabs/1/3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa
Signing time:             Mon 26 Jun 2023 19:47:01 +0000
ROA not before:           Mon 26 Jun 2023 19:42:01 +0000
ROA not after:            Mon 24 Jun 2024 19:47:01 +0000
asID:                     211321
IP address blocks:        185.49.142.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl
                          rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:6c:67:76:47:70:c4:d3:ee:b3:38:8e:80:0b:2c:dc:9c:1d:d2:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
        Validity
            Not Before: Jun 26 19:42:01 2023 GMT
            Not After : Jun 24 19:47:01 2024 GMT
        Subject: CN=9B8A853C99F370B0907EC8953CE699396B36AB9A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:06:a7:59:fe:a7:7c:81:51:88:31:e6:4a:6f:
                    ec:9b:b1:1c:6a:ba:b2:7a:21:cd:24:16:85:70:3b:
                    ad:a9:c2:16:71:e5:77:31:e1:81:6e:1f:bc:0c:d9:
                    fa:5d:35:6a:6d:df:bb:58:fe:98:50:c2:ad:63:ff:
                    34:e8:50:e5:f9:87:8b:34:fd:fa:97:17:6a:fe:b7:
                    8e:11:29:15:0f:fb:13:83:fc:63:1d:1a:57:77:f6:
                    36:7e:58:c9:57:8b:27:80:7b:c1:81:d4:c0:9e:5b:
                    b6:a1:10:86:5b:33:be:d1:e8:dc:09:9d:de:e9:e7:
                    f8:2f:28:8b:4a:f2:80:13:1d:db:15:e3:d5:0e:34:
                    0f:08:cd:40:05:c1:b0:25:c4:11:c2:68:7c:0d:0f:
                    9c:9b:82:a1:19:66:eb:b4:5d:61:65:db:9c:73:42:
                    e2:88:07:a0:7a:a1:ad:4b:39:b9:d7:10:a7:67:c4:
                    58:79:1b:7d:42:f1:bf:76:1f:6c:07:7c:2b:da:b1:
                    d9:02:e3:16:b7:83:cb:d3:30:a4:37:a1:ff:02:4b:
                    4c:19:fd:59:bc:92:1c:7d:8e:26:2c:aa:23:c7:df:
                    0b:a6:de:1a:e3:29:74:0f:0b:e5:79:d5:8f:dc:b7:
                    e5:8e:61:b2:34:63:37:81:a7:0a:db:1b:98:58:ec:
                    9c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:8A:85:3C:99:F3:70:B0:90:7E:C8:95:3C:E6:99:39:6B:36:AB:9A
            X509v3 Authority Key Identifier:
                keyid:A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:1b:8b:db:0f:9e:93:d4:d3:07:57:1e:8f:59:7c:e0:2b:29:
         28:81:a2:42:cb:bc:bb:56:d5:dc:96:6f:ad:3d:a3:90:79:95:
         96:41:03:b2:34:0f:24:b8:ef:c0:cc:47:86:15:77:18:3c:4f:
         6d:ca:a7:e3:07:c1:2c:c5:e3:46:59:9b:75:0d:ee:86:75:fd:
         00:1c:aa:9e:ed:37:52:f7:24:ba:27:71:32:2d:b9:43:51:7a:
         d5:d6:4a:fc:4c:b3:d5:03:a6:90:9d:8a:32:ab:7f:70:f6:a6:
         68:b0:3c:3c:4b:4b:53:e0:6f:4b:ef:59:27:f5:36:23:7f:d4:
         9c:2b:15:2f:c6:a7:cd:b8:16:c9:a2:ed:7a:e0:b1:12:fa:e7:
         21:b6:2c:b5:2a:a1:c7:7f:78:f0:ab:34:10:6d:38:98:fa:27:
         21:4b:c1:63:a7:bd:6c:3b:81:e7:90:2a:ac:f8:29:51:b6:9e:
         4c:9e:28:c1:b2:e3:d7:96:40:e6:51:58:1d:14:2c:20:6c:3e:
         e8:1f:33:22:3a:7b:a9:99:e7:32:36:ab:57:07:8b:08:6f:3c:
         95:e7:ff:f5:69:11:cc:79:38:ad:89:88:b6:18:fd:bf:3a:d4:
         26:0c:5d:d0:5c:dc:ed:08:69:e5:03:b9:7c:ed:d3:76:28:fd:
         7b:87:f5:1b
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgIUemxndkdwxNPusziOgAss3Jwd0sUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgxZWIzYTVlYjNkZjYzNDU1MWE5MDcyMmJjNjNhZDdl
MDIyY2FjNDAeFw0yMzA2MjYxOTQyMDFaFw0yNDA2MjQxOTQ3MDFaMDMxMTAvBgNV
BAMTKDlCOEE4NTNDOTlGMzcwQjA5MDdFQzg5NTNDRTY5OTM5NkIzNkFCOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnBqdZ/qd8gVGIMeZKb+ybsRxq
urJ6Ic0kFoVwO62pwhZx5Xcx4YFuH7wM2fpdNWpt37tY/phQwq1j/zToUOX5h4s0
/fqXF2r+t44RKRUP+xOD/GMdGld39jZ+WMlXiyeAe8GB1MCeW7ahEIZbM77R6NwJ
nd7p5/gvKItK8oATHdsV49UONA8IzUAFwbAlxBHCaHwND5ybgqEZZuu0XWFl25xz
QuKIB6B6oa1LObnXEKdnxFh5G31C8b92H2wHfCvasdkC4xa3g8vTMKQ3of8CS0wZ
/Vm8khx9jiYsqiPH3wum3hrjKXQPC+V51Y/ct+WOYbI0YzeBpwrbG5hY7Jw9AgMB
AAGjggHlMIIB4TAdBgNVHQ4EFgQUm4qFPJnzcLCQfsiVPOaZOWs2q5owHwYDVR0j
BBgwFoAUqB6zpes99jRVGpByK8Y61+AiysQwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5l
dGxhYnMvMS9BODFFQjNBNUVCM0RGNjM0NTUxQTkwNzIyQkM2M0FEN0UwMjJDQUM0
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcUI2enBlczk5alJWR3BCeUs4WTYx
LUFpeXNRLmNlcjCBgwYIKwYBBQUHAQsEdzB1MHMGCCsGAQUFBzALhmdyc3luYzov
L3JzeW5jLmtyaWxsLmNsb3VkL3JlcG8vbmxuZXRsYWJzLzEvMzEzODM1MmUzNDM5
MmUzMTM0MzIyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzMjMxMzEzMzMyMzEucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBAG5MY4wDQYJKoZIhvcNAQELBQADggEBAGQbi9sPnpPU0wdXHo9ZfOAr
KSiBokLLvLtW1dyWb609o5B5lZZBA7I0DyS478DMR4YVdxg8T23Kp+MHwSzF40ZZ
m3UN7oZ1/QAcqp7tN1L3JLoncTItuUNRetXWSvxMs9UDppCdijKrf3D2pmiwPDxL
S1Pgb0vvWSf1NiN/1JwrFS/Gp824Fsmi7XrgsRL65yG2LLUqocd/ePCrNBBtOJj6
JyFLwWOnvWw7geeQKqz4KVG2nkyeKMGy49eWQOZRWB0ULCBsPugfMyI6e6mZ5zI2
q1cHiwhvPJXn//VpEcx5OK2JiLYY/b861CYMXdBc3O0IaeUDuXzt03Yo/XuH9Rs=
-----END CERTIFICATE-----