Route Origin Authorization

$ rpki-client -vvf rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa
File:                     326130343a623930343a3a2f34382d3438203d3e20323131333231.roa (raw, json)
Hash identifier:          A+dtJHk9x6wVW6MqVzvQjBJjP5URhPa7hwbl1on+wTQ=
Subject key identifier:   83:88:77:03:E0:20:96:D1:2B:19:2D:FD:B9:A7:A2:D0:43:6D:E5:FA
Certificate issuer:       /CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
Certificate serial:       2FF7B05003642A798431893E3A627AC4EC2B377F
Authority key identifier: A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
Subject info access:      rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa
Signing time:             Mon 26 Jun 2023 19:47:01 +0000
ROA not before:           Mon 26 Jun 2023 19:42:01 +0000
ROA not after:            Mon 24 Jun 2024 19:47:01 +0000
asID:                     211321
IP address blocks:        2a04:b904::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl
                          rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:f7:b0:50:03:64:2a:79:84:31:89:3e:3a:62:7a:c4:ec:2b:37:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
        Validity
            Not Before: Jun 26 19:42:01 2023 GMT
            Not After : Jun 24 19:47:01 2024 GMT
        Subject: CN=83887703E02096D12B192DFDB9A7A2D0436DE5FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:73:1c:ad:3b:1c:33:63:96:1d:2a:b2:8c:11:
                    90:3f:ee:12:8e:41:f9:77:e8:48:ab:f8:64:e0:ff:
                    dc:61:76:63:42:4d:c0:4e:a1:35:2e:2a:05:4c:f4:
                    5a:1d:41:7a:a9:4f:0c:07:29:e4:df:86:33:bd:83:
                    62:04:e5:d5:d9:15:8d:bb:61:c9:12:7c:70:a1:a7:
                    e7:a2:bc:09:74:48:f3:9f:e1:d4:33:7c:9d:5c:e7:
                    02:28:35:62:78:73:7c:fd:33:a1:07:7c:a2:a3:fc:
                    6a:20:71:8e:5e:64:10:81:43:a1:36:16:1f:6f:6d:
                    01:fb:35:e3:cd:bd:28:43:71:21:b4:dc:65:e1:15:
                    c7:02:bf:7a:8c:27:98:4e:78:69:ba:9f:f7:ec:2d:
                    d7:c1:04:30:06:06:db:0a:fc:46:35:59:de:0b:70:
                    fe:d5:c2:ae:86:d4:1f:5f:7b:0b:54:84:f7:7b:1b:
                    22:f6:74:4a:8b:f5:cc:8a:78:17:f6:ac:d4:67:03:
                    9e:11:07:bb:4e:ca:48:57:d3:56:67:f2:43:77:5a:
                    a5:dd:a1:f5:44:f6:78:77:58:c1:49:d8:cb:b1:d3:
                    e7:ee:6c:22:cf:fd:fd:72:b7:84:9d:79:a4:89:84:
                    d4:16:6c:23:37:11:b9:eb:d3:d4:b5:f6:88:fc:57:
                    39:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:88:77:03:E0:20:96:D1:2B:19:2D:FD:B9:A7:A2:D0:43:6D:E5:FA
            X509v3 Authority Key Identifier:
                keyid:A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b904::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:d8:e7:2a:b7:c6:79:a2:d7:52:a6:75:99:e8:05:81:f2:29:
         c0:be:3d:80:18:f4:21:dd:4e:ff:e8:79:04:73:c3:1f:15:20:
         7f:5b:c1:1e:d8:da:30:87:30:03:24:1d:f6:28:46:91:a2:30:
         ad:9d:84:af:cd:63:76:e1:c4:10:31:e3:3b:9d:e9:3b:66:a3:
         04:6d:c6:e9:20:52:f4:d7:dd:ef:c9:da:bc:b4:ff:01:18:f4:
         49:db:0d:09:c3:a9:71:62:f3:3c:ab:23:90:ba:8f:76:ef:88:
         4f:39:7c:9c:6e:7a:ef:05:ab:5f:42:3d:31:9e:32:bb:99:bc:
         05:ee:b6:c8:9c:58:b3:2f:e9:5a:36:e2:32:a8:dc:47:6f:cc:
         91:7e:c3:37:d0:25:37:91:aa:02:f8:c1:83:a3:0e:9e:d9:c6:
         4f:35:7e:8c:73:3d:75:cf:31:02:e1:d2:1d:70:2c:0a:1a:3b:
         c6:96:05:5d:b0:65:33:fa:1a:9e:50:ce:9d:63:1d:06:dc:94:
         c4:00:21:82:40:ed:af:71:7a:b5:6e:ea:11:f5:35:8d:2d:81:
         dd:26:a5:69:23:32:f6:4f:2c:0a:b0:b9:6d:b9:27:04:28:a6:
         ec:9e:5b:bc:87:de:7f:15:50:03:6b:0b:4a:8d:32:c3:c3:91:
         43:c8:32:4a
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUL/ewUANkKnmEMYk+OmJ6xOwrN38wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgxZWIzYTVlYjNkZjYzNDU1MWE5MDcyMmJjNjNhZDdl
MDIyY2FjNDAeFw0yMzA2MjYxOTQyMDFaFw0yNDA2MjQxOTQ3MDFaMDMxMTAvBgNV
BAMTKDgzODg3NzAzRTAyMDk2RDEyQjE5MkRGREI5QTdBMkQwNDM2REU1RkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBcxytOxwzY5YdKrKMEZA/7hKO
Qfl36Eir+GTg/9xhdmNCTcBOoTUuKgVM9FodQXqpTwwHKeTfhjO9g2IE5dXZFY27
YckSfHChp+eivAl0SPOf4dQzfJ1c5wIoNWJ4c3z9M6EHfKKj/GogcY5eZBCBQ6E2
Fh9vbQH7NePNvShDcSG03GXhFccCv3qMJ5hOeGm6n/fsLdfBBDAGBtsK/EY1Wd4L
cP7Vwq6G1B9fewtUhPd7GyL2dEqL9cyKeBf2rNRnA54RB7tOykhX01Zn8kN3WqXd
ofVE9nh3WMFJ2Mux0+fubCLP/f1yt4SdeaSJhNQWbCM3Ebnr09S19oj8VzlPAgMB
AAGjggHmMIIB4jAdBgNVHQ4EFgQUg4h3A+AgltErGS39uaei0ENt5fowHwYDVR0j
BBgwFoAUqB6zpes99jRVGpByK8Y61+AiysQwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5l
dGxhYnMvMS9BODFFQjNBNUVCM0RGNjM0NTUxQTkwNzIyQkM2M0FEN0UwMjJDQUM0
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcUI2enBlczk5alJWR3BCeUs4WTYx
LUFpeXNRLmNlcjCBgQYIKwYBBQUHAQsEdTBzMHEGCCsGAQUFBzALhmVyc3luYzov
L3JzeW5jLmtyaWxsLmNsb3VkL3JlcG8vbmxuZXRsYWJzLzEvMzI2MTMwMzQzYTYy
MzkzMDM0M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMTMxMzMzMjMxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAKgS5BAAAMA0GCSqGSIb3DQEBCwUAA4IBAQAG2Ocqt8Z5otdSpnWZ6AWB
8inAvj2AGPQh3U7/6HkEc8MfFSB/W8Ee2NowhzADJB32KEaRojCtnYSvzWN24cQQ
MeM7nek7ZqMEbcbpIFL0193vydq8tP8BGPRJ2w0Jw6lxYvM8qyOQuo9274hPOXyc
bnrvBatfQj0xnjK7mbwF7rbInFizL+laNuIyqNxHb8yRfsM30CU3kaoC+MGDow6e
2cZPNX6Mcz11zzEC4dIdcCwKGjvGlgVdsGUz+hqeUM6dYx0G3JTEACGCQO2vcXq1
buoR9TWNLYHdJqVpIzL2TywKsLltuScEKKbsnlu8h95/FVADawtKjTLDw5FDyDJK
-----END CERTIFICATE-----