Route Origin Authorization

$ rpki-client -vvf rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203136353039.roa
File:                     326130343a623930323a3a2f33322d3332203d3e203136353039.roa (raw, json)
Hash identifier:          17p8tCrH2OQv6xPOIrX/oE0xrvRLHpB045zI9Rxvdjc=
Subject key identifier:   64:C3:96:DD:AE:DF:5E:E2:FB:35:BC:0B:17:B6:EA:D9:22:3A:BA:8C
Certificate issuer:       /CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
Certificate serial:       48EF8B552CB11D9E568CBEF19A763AE9953BCC58
Authority key identifier: A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
Subject info access:      rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203136353039.roa
Signing time:             Mon 26 Jun 2023 19:47:01 +0000
ROA not before:           Mon 26 Jun 2023 19:42:01 +0000
ROA not after:            Mon 24 Jun 2024 19:47:01 +0000
asID:                     16509
IP address blocks:        2a04:b902::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl
                          rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:ef:8b:55:2c:b1:1d:9e:56:8c:be:f1:9a:76:3a:e9:95:3b:cc:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
        Validity
            Not Before: Jun 26 19:42:01 2023 GMT
            Not After : Jun 24 19:47:01 2024 GMT
        Subject: CN=64C396DDAEDF5EE2FB35BC0B17B6EAD9223ABA8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9d:97:eb:c6:c0:cd:d2:cb:8b:fb:da:31:15:
                    e6:2e:64:c6:4b:79:43:a4:ad:1b:da:33:94:18:df:
                    71:29:2b:d9:2e:22:73:a5:10:5e:af:d1:00:39:40:
                    b7:e2:de:64:82:9d:e2:5e:39:06:dd:f2:b7:e4:b6:
                    32:f1:ce:ba:76:71:9b:a6:04:5f:b8:fa:a7:21:f6:
                    cf:0f:40:56:f1:33:fd:8d:8a:a6:84:6c:3f:d5:a8:
                    38:99:80:91:03:f4:11:f1:55:dd:4b:99:15:dc:0e:
                    14:88:95:66:72:1f:38:9a:07:d7:37:da:75:b6:78:
                    9a:34:a2:f7:01:99:da:db:90:06:3a:0a:ac:29:c7:
                    d6:1f:16:5a:db:1a:f0:9a:10:51:7c:88:97:2e:d3:
                    87:7e:ca:2d:4b:ea:5d:40:77:f0:8e:e5:00:51:b4:
                    d7:d6:48:56:f0:d0:74:7e:3a:b7:bd:e8:56:3b:01:
                    11:99:e8:31:bb:33:e9:f8:b1:58:23:4d:c8:06:0c:
                    f2:65:35:f8:d8:a2:30:1f:3a:06:e1:9e:41:96:ff:
                    ce:14:11:60:41:a9:0f:51:d6:b0:da:6a:6d:9a:41:
                    02:ce:20:f2:24:a3:1a:73:b5:c1:a8:32:9a:66:4b:
                    e3:75:87:51:4b:fe:77:3d:b8:f3:bc:6f:17:f6:61:
                    b8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:C3:96:DD:AE:DF:5E:E2:FB:35:BC:0B:17:B6:EA:D9:22:3A:BA:8C
            X509v3 Authority Key Identifier:
                keyid:A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b902::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:af:db:2a:cd:7f:84:c8:ce:69:7c:6a:7d:00:f1:37:99:c7:
         c4:8c:1d:25:ec:d6:74:d1:1f:3e:18:e9:6c:de:d8:6b:5c:5c:
         86:e5:18:d3:9e:85:17:77:2f:3d:4f:59:1a:77:a4:5f:f2:c8:
         71:39:1b:21:d0:23:67:86:0e:6a:7c:13:fe:22:d0:1e:35:b7:
         6b:a5:61:7b:08:b2:8e:47:3f:5d:9a:78:d4:bb:8c:e4:58:28:
         4e:06:9b:2a:04:8b:69:35:76:2f:8b:ae:0b:4e:f7:9b:fe:10:
         12:22:1c:ff:d2:9a:a3:f1:7a:87:28:bf:b1:2b:ea:3b:44:fc:
         c7:0d:23:0c:07:2f:de:79:b3:a7:ac:aa:06:57:36:64:b5:52:
         bf:86:10:5e:37:63:c0:4d:b3:ad:ee:e8:02:70:f5:49:5f:70:
         e9:7a:8e:ba:c5:c0:e8:5a:1c:c9:95:0a:51:c1:06:93:a8:ee:
         13:d8:ba:f4:89:ba:d5:10:8f:74:7a:0c:58:47:f8:10:f8:37:
         49:43:fe:b1:93:43:3c:a8:51:d1:d5:97:be:ba:29:de:34:19:
         31:da:23:8d:d5:8b:27:ff:90:7a:f5:21:f9:1f:fd:1d:89:f1:
         a5:89:76:16:01:11:79:42:04:10:dc:ca:4d:c2:e6:76:53:47:
         98:c6:a2:74
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgIUSO+LVSyxHZ5WjL7xmnY66ZU7zFgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgxZWIzYTVlYjNkZjYzNDU1MWE5MDcyMmJjNjNhZDdl
MDIyY2FjNDAeFw0yMzA2MjYxOTQyMDFaFw0yNDA2MjQxOTQ3MDFaMDMxMTAvBgNV
BAMTKDY0QzM5NkREQUVERjVFRTJGQjM1QkMwQjE3QjZFQUQ5MjIzQUJBOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6nZfrxsDN0suL+9oxFeYuZMZL
eUOkrRvaM5QY33EpK9kuInOlEF6v0QA5QLfi3mSCneJeOQbd8rfktjLxzrp2cZum
BF+4+qch9s8PQFbxM/2NiqaEbD/VqDiZgJED9BHxVd1LmRXcDhSIlWZyHziaB9c3
2nW2eJo0ovcBmdrbkAY6Cqwpx9YfFlrbGvCaEFF8iJcu04d+yi1L6l1Ad/CO5QBR
tNfWSFbw0HR+Ore96FY7ARGZ6DG7M+n4sVgjTcgGDPJlNfjYojAfOgbhnkGW/84U
EWBBqQ9R1rDaam2aQQLOIPIkoxpztcGoMppmS+N1h1FL/nc9uPO8bxf2YbjRAgMB
AAGjggHhMIIB3TAdBgNVHQ4EFgQUZMOW3a7fXuL7NbwLF7bq2SI6uowwHwYDVR0j
BBgwFoAUqB6zpes99jRVGpByK8Y61+AiysQwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5l
dGxhYnMvMS9BODFFQjNBNUVCM0RGNjM0NTUxQTkwNzIyQkM2M0FEN0UwMjJDQUM0
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcUI2enBlczk5alJWR3BCeUs4WTYx
LUFpeXNRLmNlcjB/BggrBgEFBQcBCwRzMHEwbwYIKwYBBQUHMAuGY3JzeW5jOi8v
cnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5ldGxhYnMvMS8zMjYxMzAzNDNhNjIz
OTMwMzIzYTNhMmYzMzMyMmQzMzMyMjAzZDNlMjAzMTM2MzUzMDM5LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKgS5AjANBgkqhkiG9w0BAQsFAAOCAQEAXK/bKs1/hMjOaXxqfQDxN5nHxIwd
JezWdNEfPhjpbN7Ya1xchuUY056FF3cvPU9ZGnekX/LIcTkbIdAjZ4YOanwT/iLQ
HjW3a6Vhewiyjkc/XZp41LuM5FgoTgabKgSLaTV2L4uuC073m/4QEiIc/9Kao/F6
hyi/sSvqO0T8xw0jDAcv3nmzp6yqBlc2ZLVSv4YQXjdjwE2zre7oAnD1SV9w6XqO
usXA6FocyZUKUcEGk6juE9i69Im61RCPdHoMWEf4EPg3SUP+sZNDPKhR0dWXvrop
3jQZMdojjdWLJ/+QevUh+R/9HYnxpYl2FgEReUIEENzKTcLmdlNHmMaidA==
-----END CERTIFICATE-----