Route Origin Authorization

$ rpki-client -vvf rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203134363138.roa
File:                     326130343a623930323a3a2f33322d3332203d3e203134363138.roa (raw, json)
Hash identifier:          AUY26owpcyXy/fUm8K+N7VW1WAEzZ6zExFbyoLcHsl4=
Subject key identifier:   FF:F6:A1:76:A8:A4:6F:8C:49:58:F4:BB:EB:91:9B:24:2D:F6:66:AB
Certificate issuer:       /CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
Certificate serial:       1A6D0AA7436FBB2AFA26E4C0680C74274217DD02
Authority key identifier: A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
Subject info access:      rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203134363138.roa
Signing time:             Mon 26 Jun 2023 19:47:00 +0000
ROA not before:           Mon 26 Jun 2023 19:42:00 +0000
ROA not after:            Mon 24 Jun 2024 19:47:00 +0000
asID:                     14618
IP address blocks:        2a04:b902::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl
                          rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:6d:0a:a7:43:6f:bb:2a:fa:26:e4:c0:68:0c:74:27:42:17:dd:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
        Validity
            Not Before: Jun 26 19:42:00 2023 GMT
            Not After : Jun 24 19:47:00 2024 GMT
        Subject: CN=FFF6A176A8A46F8C4958F4BBEB919B242DF666AB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6a:83:7e:5a:6b:71:c8:96:2c:ff:65:fc:08:
                    e4:a5:f6:3a:eb:ca:eb:20:56:1d:b6:6b:8e:a5:ec:
                    bb:3b:1e:3e:64:1f:dd:27:e7:2c:02:8b:fa:f1:a8:
                    d7:28:fe:d5:f4:de:99:66:27:1c:1c:8b:10:aa:62:
                    13:ca:f3:c8:11:72:12:a3:88:b4:33:8e:de:e2:8f:
                    be:b1:36:b9:c9:9c:f8:bb:a5:72:a9:13:38:ec:51:
                    97:63:6a:7b:13:3a:ca:11:15:98:76:14:6f:6e:88:
                    ef:a5:33:ef:56:1e:5a:00:59:e0:9e:e1:c7:65:2f:
                    84:c8:59:90:90:fc:18:85:2e:04:e8:68:e8:b8:16:
                    21:85:2f:79:ec:73:0e:7c:9c:55:92:f9:c5:32:73:
                    78:73:fc:2a:aa:dc:5d:f4:16:36:77:25:1c:06:e0:
                    78:bb:03:3d:8f:6e:8b:29:d3:20:0f:55:41:f6:dc:
                    2b:85:81:29:73:9f:15:a5:c1:ba:fa:39:41:cf:ee:
                    ac:9c:7d:7c:fe:c5:8a:d6:1a:32:98:3b:69:05:50:
                    ae:cd:4e:fc:5d:8c:75:26:03:65:b2:5d:65:2b:d1:
                    b3:03:5b:d6:a4:31:61:f5:aa:99:4c:16:53:1e:c9:
                    a0:ca:6e:32:8d:84:12:2a:29:a5:a7:8d:f8:80:fc:
                    60:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F6:A1:76:A8:A4:6F:8C:49:58:F4:BB:EB:91:9B:24:2D:F6:66:AB
            X509v3 Authority Key Identifier:
                keyid:A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b902::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:2b:93:95:7b:42:6e:27:c7:fe:d7:e9:b6:52:00:a9:e2:40:
         fd:09:23:ad:80:2e:5f:dd:82:0c:de:f4:4b:e9:a9:b4:48:5f:
         fc:5e:85:e8:24:a1:ae:3f:86:98:11:45:b0:6d:29:5b:56:7b:
         2c:7a:ba:79:e0:5d:de:ac:bb:85:61:51:8e:4b:46:d0:49:33:
         c9:86:79:37:ea:e4:82:61:b2:86:93:b8:35:92:39:15:e2:94:
         aa:b7:e9:ee:4d:5f:b4:08:28:d7:cb:76:1b:73:16:9b:04:0a:
         96:f1:64:14:6b:47:29:f6:d4:8c:90:b5:c8:57:4c:74:99:aa:
         51:fe:52:da:2a:ec:32:fc:b6:31:1f:e9:e6:33:65:d3:6b:61:
         14:57:e6:16:8b:a2:8f:f0:20:3a:96:fe:2a:77:92:6e:99:89:
         fd:72:76:5c:d5:ec:ef:d6:82:3f:11:26:d1:ea:36:d9:1f:eb:
         a9:09:4b:2f:13:5e:a5:34:58:94:6f:6f:b3:d7:82:c1:56:7e:
         59:f9:83:ef:3a:bb:b4:23:e7:19:8f:e5:98:95:24:12:95:3d:
         05:b0:43:db:44:e6:c1:e3:bf:9f:8f:48:8b:45:6b:05:89:b9:
         ce:6d:7e:76:3a:81:94:49:cf:76:2a:c6:1b:a5:59:ef:18:51:
         44:ea:5f:d8
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgIUGm0Kp0Nvuyr6JuTAaAx0J0IX3QIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgxZWIzYTVlYjNkZjYzNDU1MWE5MDcyMmJjNjNhZDdl
MDIyY2FjNDAeFw0yMzA2MjYxOTQyMDBaFw0yNDA2MjQxOTQ3MDBaMDMxMTAvBgNV
BAMTKEZGRjZBMTc2QThBNDZGOEM0OTU4RjRCQkVCOTE5QjI0MkRGNjY2QUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBaoN+WmtxyJYs/2X8COSl9jrr
yusgVh22a46l7Ls7Hj5kH90n5ywCi/rxqNco/tX03plmJxwcixCqYhPK88gRchKj
iLQzjt7ij76xNrnJnPi7pXKpEzjsUZdjansTOsoRFZh2FG9uiO+lM+9WHloAWeCe
4cdlL4TIWZCQ/BiFLgToaOi4FiGFL3nscw58nFWS+cUyc3hz/Cqq3F30FjZ3JRwG
4Hi7Az2Pbosp0yAPVUH23CuFgSlznxWlwbr6OUHP7qycfXz+xYrWGjKYO2kFUK7N
TvxdjHUmA2WyXWUr0bMDW9akMWH1qplMFlMeyaDKbjKNhBIqKaWnjfiA/GBhAgMB
AAGjggHhMIIB3TAdBgNVHQ4EFgQU//ahdqikb4xJWPS765GbJC32ZqswHwYDVR0j
BBgwFoAUqB6zpes99jRVGpByK8Y61+AiysQwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5l
dGxhYnMvMS9BODFFQjNBNUVCM0RGNjM0NTUxQTkwNzIyQkM2M0FEN0UwMjJDQUM0
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcUI2enBlczk5alJWR3BCeUs4WTYx
LUFpeXNRLmNlcjB/BggrBgEFBQcBCwRzMHEwbwYIKwYBBQUHMAuGY3JzeW5jOi8v
cnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5ldGxhYnMvMS8zMjYxMzAzNDNhNjIz
OTMwMzIzYTNhMmYzMzMyMmQzMzMyMjAzZDNlMjAzMTM0MzYzMTM4LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKgS5AjANBgkqhkiG9w0BAQsFAAOCAQEAJSuTlXtCbifH/tfptlIAqeJA/Qkj
rYAuX92CDN70S+mptEhf/F6F6CShrj+GmBFFsG0pW1Z7LHq6eeBd3qy7hWFRjktG
0EkzyYZ5N+rkgmGyhpO4NZI5FeKUqrfp7k1ftAgo18t2G3MWmwQKlvFkFGtHKfbU
jJC1yFdMdJmqUf5S2irsMvy2MR/p5jNl02thFFfmFouij/AgOpb+KneSbpmJ/XJ2
XNXs79aCPxEm0eo22R/rqQlLLxNepTRYlG9vs9eCwVZ+WfmD7zq7tCPnGY/lmJUk
EpU9BbBD20TmweO/n49Ii0VrBYm5zm1+djqBlEnPdirGG6VZ7xhRROpf2A==
-----END CERTIFICATE-----
Generated at Thu Mar 28 10:06:03 2024 by rpki-client on console-ams.rpki-client.org