Route Origin Authorization

$ rpki-client -vvf rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203136353039.roa
File:                     326130343a623930323a3a2f33322d3332203d3e203136353039.roa (raw, json)
Hash identifier:          BQCC+OKMuk81Faj07ZZjx2P7SDBKongtQ84ip8lkEDw=
Subject key identifier:   42:D6:AE:0F:38:7E:54:CA:91:62:98:2C:7F:1F:C5:D7:C8:1E:DC:E7
Certificate issuer:       /CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
Certificate serial:       3D33C7884D53A64320FCD09A0228D8A0A1D6A499
Authority key identifier: A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
Subject info access:      rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203136353039.roa
Signing time:             Mon 27 May 2024 20:11:44 +0000
ROA not before:           Mon 27 May 2024 20:06:44 +0000
ROA not after:            Mon 26 May 2025 20:11:44 +0000
asID:                     16509
IP address blocks:        2a04:b902::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:33:c7:88:4d:53:a6:43:20:fc:d0:9a:02:28:d8:a0:a1:d6:a4:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
        Validity
            Not Before: May 27 20:06:44 2024 GMT
            Not After : May 26 20:11:44 2025 GMT
        Subject: CN=42D6AE0F387E54CA9162982C7F1FC5D7C81EDCE7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0c:2d:14:dc:6e:36:0f:b1:28:54:e4:3d:55:
                    cb:d8:3f:ec:08:5e:92:28:25:95:c2:94:00:c6:30:
                    c3:29:78:c2:c5:56:db:3e:a9:23:75:14:88:5e:6f:
                    ef:71:4c:b3:d2:20:ea:09:d0:38:f1:d0:9e:de:02:
                    c6:70:a8:a3:c2:4a:4d:0c:12:45:fb:cd:53:93:91:
                    4c:65:aa:92:18:61:74:d8:51:8c:63:be:41:53:e9:
                    1d:c4:85:d3:3f:0c:86:e9:79:02:c4:66:ed:b2:6d:
                    60:86:92:f0:1e:b9:03:9b:d4:35:5b:81:2f:7a:ed:
                    46:c0:f4:c0:3b:33:0c:1a:9d:b3:ff:44:d4:21:e6:
                    6d:ac:04:1d:6f:90:1a:d4:0b:df:46:3f:7e:08:19:
                    8c:65:ad:89:d8:48:22:ae:a3:c8:5f:2e:48:3c:7a:
                    aa:d0:76:b5:31:b2:00:f8:b8:a7:8a:fc:41:ce:01:
                    80:88:16:e7:15:48:c9:ef:e1:e4:d6:ff:d7:70:66:
                    43:d3:d8:e8:dc:31:8a:f0:84:e6:b3:86:3d:84:5d:
                    30:39:86:33:17:e8:98:5f:84:3b:d3:37:71:38:13:
                    66:8b:68:14:ec:ab:15:3f:06:c0:50:3e:66:aa:1d:
                    8a:56:35:27:11:3d:b4:ef:16:ec:49:ac:f7:63:16:
                    e7:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:D6:AE:0F:38:7E:54:CA:91:62:98:2C:7F:1F:C5:D7:C8:1E:DC:E7
            X509v3 Authority Key Identifier:
                keyid:A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b902::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:cf:1d:8b:7b:ed:69:00:7e:3d:0a:bc:f8:1f:d5:c6:69:9c:
         0c:59:b8:be:90:6d:92:44:24:77:77:aa:5b:aa:3c:da:98:b6:
         31:10:92:98:13:52:3e:79:97:f3:0f:fc:57:02:0f:30:67:cb:
         ba:0b:26:5d:44:45:ab:96:c9:91:b7:70:4b:54:76:b9:ef:91:
         bb:bb:e7:ca:b1:2a:31:6f:f4:cf:b5:1d:3a:f9:c7:d0:4d:6d:
         5e:fc:0a:fc:21:f7:8b:52:19:69:4e:4b:7e:c1:72:b3:69:da:
         ba:8a:2b:bc:47:0a:d5:6d:9f:b4:37:58:7a:80:df:ea:5d:c5:
         6e:4d:c4:33:8e:05:16:6c:67:cc:07:01:2c:34:c8:a6:ff:d4:
         00:51:d6:51:5f:dc:b1:8d:e7:a4:42:eb:10:8c:71:50:30:7d:
         e0:5f:d8:5b:49:e7:1c:70:17:38:df:55:41:ff:58:eb:89:33:
         50:0e:bc:22:11:90:ce:36:cc:a8:3b:17:89:54:31:f6:e5:ad:
         23:fc:1f:89:93:ad:05:08:0e:6e:68:36:cb:a5:ce:17:8c:1f:
         37:bf:08:2e:df:e7:e1:0b:5c:20:67:8a:7c:9d:b0:29:07:52:
         55:1a:1c:ae:34:b6:95:a1:11:05:90:ee:e9:2b:31:3b:63:16:
         6e:95:91:c3
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgIUPTPHiE1TpkMg/NCaAijYoKHWpJkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgxZWIzYTVlYjNkZjYzNDU1MWE5MDcyMmJjNjNhZDdl
MDIyY2FjNDAeFw0yNDA1MjcyMDA2NDRaFw0yNTA1MjYyMDExNDRaMDMxMTAvBgNV
BAMTKDQyRDZBRTBGMzg3RTU0Q0E5MTYyOTgyQzdGMUZDNUQ3QzgxRURDRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIDC0U3G42D7EoVOQ9VcvYP+wI
XpIoJZXClADGMMMpeMLFVts+qSN1FIheb+9xTLPSIOoJ0Djx0J7eAsZwqKPCSk0M
EkX7zVOTkUxlqpIYYXTYUYxjvkFT6R3EhdM/DIbpeQLEZu2ybWCGkvAeuQOb1DVb
gS967UbA9MA7MwwanbP/RNQh5m2sBB1vkBrUC99GP34IGYxlrYnYSCKuo8hfLkg8
eqrQdrUxsgD4uKeK/EHOAYCIFucVSMnv4eTW/9dwZkPT2OjcMYrwhOazhj2EXTA5
hjMX6JhfhDvTN3E4E2aLaBTsqxU/BsBQPmaqHYpWNScRPbTvFuxJrPdjFucfAgMB
AAGjggHhMIIB3TAdBgNVHQ4EFgQUQtauDzh+VMqRYpgsfx/F18ge3OcwHwYDVR0j
BBgwFoAUqB6zpes99jRVGpByK8Y61+AiysQwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5l
dGxhYnMvMS9BODFFQjNBNUVCM0RGNjM0NTUxQTkwNzIyQkM2M0FEN0UwMjJDQUM0
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcUI2enBlczk5alJWR3BCeUs4WTYx
LUFpeXNRLmNlcjB/BggrBgEFBQcBCwRzMHEwbwYIKwYBBQUHMAuGY3JzeW5jOi8v
cnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5ldGxhYnMvMS8zMjYxMzAzNDNhNjIz
OTMwMzIzYTNhMmYzMzMyMmQzMzMyMjAzZDNlMjAzMTM2MzUzMDM5LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKgS5AjANBgkqhkiG9w0BAQsFAAOCAQEAeM8di3vtaQB+PQq8+B/VxmmcDFm4
vpBtkkQkd3eqW6o82pi2MRCSmBNSPnmX8w/8VwIPMGfLugsmXURFq5bJkbdwS1R2
ue+Ru7vnyrEqMW/0z7UdOvnH0E1tXvwK/CH3i1IZaU5LfsFys2nauoorvEcK1W2f
tDdYeoDf6l3Fbk3EM44FFmxnzAcBLDTIpv/UAFHWUV/csY3npELrEIxxUDB94F/Y
W0nnHHAXON9VQf9Y64kzUA68IhGQzjbMqDsXiVQx9uWtI/wfiZOtBQgObmg2y6XO
F4wfN78ILt/n4QtcIGeKfJ2wKQdSVRocrjS2laERBZDu6SsxO2MWbpWRww==
-----END CERTIFICATE-----
Generated at Mon Jun 10 14:02:08 2024 by rpki-client on console-fra.rpki-client.org