Route Origin Authorization

$ rpki-client -vvf rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa
File:                     326130343a623930303a3a2f33302d3330203d3e2038353837.roa (raw, json)
Hash identifier:          ivgkesCiMtIOryuo40vk9UC66yTXU489Jmz03jm+zKE=
Subject key identifier:   59:E5:65:C2:FA:3D:51:A5:B7:7F:25:90:2B:14:4D:76:A3:D0:20:24
Certificate issuer:       /CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
Certificate serial:       193CA3BD82777B0E250B72AD7E3CACBE1DB0261B
Authority key identifier: A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
Subject info access:      rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa
Signing time:             Mon 26 Jun 2023 19:47:00 +0000
ROA not before:           Mon 26 Jun 2023 19:42:00 +0000
ROA not after:            Mon 24 Jun 2024 19:47:00 +0000
asID:                     8587
IP address blocks:        2a04:b900::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl
                          rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:3c:a3:bd:82:77:7b:0e:25:0b:72:ad:7e:3c:ac:be:1d:b0:26:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
        Validity
            Not Before: Jun 26 19:42:00 2023 GMT
            Not After : Jun 24 19:47:00 2024 GMT
        Subject: CN=59E565C2FA3D51A5B77F25902B144D76A3D02024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ec:78:92:b0:f5:63:9f:11:53:ff:41:3e:3a:
                    dd:c1:6c:67:11:73:da:cd:a4:c9:2c:5f:09:cb:5c:
                    d2:29:3d:8d:21:a4:11:d6:f8:5d:7d:94:d9:d1:a2:
                    bd:ab:a6:04:a1:47:87:82:6b:03:92:4e:19:27:eb:
                    0e:4d:25:21:09:fe:32:65:8a:f9:c8:72:e3:c1:7b:
                    de:af:60:f5:d8:81:14:ed:a5:f6:3d:e7:82:ae:bb:
                    34:2c:53:12:c6:38:cd:19:c2:2c:2c:01:be:98:f1:
                    dc:3e:82:8f:1b:cb:59:ac:43:6a:d5:c6:db:a1:db:
                    a8:f4:4a:a4:6f:bc:cb:40:9f:24:4a:be:22:70:06:
                    bc:6e:5c:03:e9:50:8a:21:5e:9f:76:56:cd:6c:6e:
                    ba:af:dd:e1:1c:15:a4:a0:2f:a2:5b:7f:08:4c:9f:
                    b7:32:26:a4:bf:80:76:e2:71:33:c5:9a:35:5b:fd:
                    0a:30:85:c3:b5:9f:e1:22:6c:ec:4a:af:38:97:da:
                    d2:e2:07:8d:67:b3:bc:ac:5d:32:7f:6d:e1:1c:e4:
                    a4:9e:de:5a:6e:26:79:ba:ee:c6:a9:82:f5:9e:64:
                    b9:63:50:24:23:40:21:68:4a:d9:af:74:e0:c8:fc:
                    98:9a:cb:9d:dc:fa:4c:13:c7:d6:52:f5:ec:66:51:
                    a0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E5:65:C2:FA:3D:51:A5:B7:7F:25:90:2B:14:4D:76:A3:D0:20:24
            X509v3 Authority Key Identifier:
                keyid:A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b900::/30

    Signature Algorithm: sha256WithRSAEncryption
         b1:0c:3d:c7:42:f7:4e:ae:4c:05:99:90:47:7d:be:6c:32:b6:
         d2:0f:54:c4:71:12:33:b8:e8:97:f3:fc:5e:e7:27:2f:3e:3e:
         04:9e:71:68:7a:84:8b:e4:a0:20:e5:a1:8b:9d:91:03:ed:8e:
         a0:42:ee:62:3d:e4:97:9e:b8:f8:f3:32:23:d2:33:ac:d0:ae:
         c8:fa:e8:ed:b1:f6:a9:8d:e2:22:6b:89:c5:02:1c:32:97:03:
         6f:3f:ed:f7:7e:54:fd:38:7c:89:ac:65:a0:96:0d:3e:e7:8d:
         80:55:82:16:0e:b1:dd:93:70:30:7c:a1:9f:55:99:fd:a5:59:
         04:eb:10:09:13:9a:dd:25:cb:4d:17:9c:66:11:09:a4:f3:f5:
         26:7a:f9:b8:0a:23:2b:55:b8:6a:34:52:e0:fe:8d:e8:55:4f:
         c8:2b:43:9b:a1:8b:80:e1:fc:0c:f8:d2:d2:e0:12:b9:37:57:
         5d:cc:be:dc:4d:3a:22:28:e2:ab:a8:19:9b:65:1a:90:1d:47:
         fc:c3:9e:aa:ae:df:57:01:64:1b:40:ce:82:c6:f1:2d:f8:d6:
         32:32:48:70:5b:56:d3:87:2a:b5:a9:a0:d6:ad:fe:a8:0f:ed:
         90:37:19:f1:b0:85:65:c9:38:13:eb:a3:7d:0f:22:71:8f:af:
         c0:e9:a2:0a
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUGTyjvYJ3ew4lC3Ktfjysvh2wJhswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgxZWIzYTVlYjNkZjYzNDU1MWE5MDcyMmJjNjNhZDdl
MDIyY2FjNDAeFw0yMzA2MjYxOTQyMDBaFw0yNDA2MjQxOTQ3MDBaMDMxMTAvBgNV
BAMTKDU5RTU2NUMyRkEzRDUxQTVCNzdGMjU5MDJCMTQ0RDc2QTNEMDIwMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo7HiSsPVjnxFT/0E+Ot3BbGcR
c9rNpMksXwnLXNIpPY0hpBHW+F19lNnRor2rpgShR4eCawOSThkn6w5NJSEJ/jJl
ivnIcuPBe96vYPXYgRTtpfY954KuuzQsUxLGOM0ZwiwsAb6Y8dw+go8by1msQ2rV
xtuh26j0SqRvvMtAnyRKviJwBrxuXAPpUIohXp92Vs1sbrqv3eEcFaSgL6JbfwhM
n7cyJqS/gHbicTPFmjVb/QowhcO1n+EibOxKrziX2tLiB41ns7ysXTJ/beEc5KSe
3lpuJnm67sapgvWeZLljUCQjQCFoStmvdODI/Jiay53c+kwTx9ZS9exmUaAjAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUWeVlwvo9UaW3fyWQKxRNdqPQICQwHwYDVR0j
BBgwFoAUqB6zpes99jRVGpByK8Y61+AiysQwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5l
dGxhYnMvMS9BODFFQjNBNUVCM0RGNjM0NTUxQTkwNzIyQkM2M0FEN0UwMjJDQUM0
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcUI2enBlczk5alJWR3BCeUs4WTYx
LUFpeXNRLmNlcjB9BggrBgEFBQcBCwRxMG8wbQYIKwYBBQUHMAuGYXJzeW5jOi8v
cnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5ldGxhYnMvMS8zMjYxMzAzNDNhNjIz
OTMwMzAzYTNhMmYzMzMwMmQzMzMwMjAzZDNlMjAzODM1MzgzNy5yb2EwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMF
AioEuQAwDQYJKoZIhvcNAQELBQADggEBALEMPcdC906uTAWZkEd9vmwyttIPVMRx
EjO46Jfz/F7nJy8+PgSecWh6hIvkoCDloYudkQPtjqBC7mI95JeeuPjzMiPSM6zQ
rsj66O2x9qmN4iJricUCHDKXA28/7fd+VP04fImsZaCWDT7njYBVghYOsd2TcDB8
oZ9Vmf2lWQTrEAkTmt0ly00XnGYRCaTz9SZ6+bgKIytVuGo0UuD+jehVT8grQ5uh
i4Dh/Az40tLgErk3V13MvtxNOiIo4quoGZtlGpAdR/zDnqqu31cBZBtAzoLG8S34
1jIySHBbVtOHKrWpoNat/qgP7ZA3GfGwhWXJOBPro30PInGPr8Dpogo=
-----END CERTIFICATE-----