Route Origin Authorization

$ rpki-client -vvf rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa
File:                     326130343a623930353a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          SWUG37car5l0A/TpLhoLLdjzhGw06y1FDsQ3WqIFwrg=
Subject key identifier:   89:67:F5:D4:8A:28:8A:5F:66:05:38:58:56:72:54:F9:CF:34:B6:03
Certificate issuer:       /CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
Certificate serial:       0474D3629E7D6CA3CBE67C36A2E73BA443F6B596
Authority key identifier: A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
Subject info access:      rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa
Signing time:             Wed 13 Dec 2023 10:45:34 +0000
ROA not before:           Wed 13 Dec 2023 10:40:34 +0000
ROA not after:            Wed 11 Dec 2024 10:45:34 +0000
asID:                     16509
IP address blocks:        2a04:b905::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl
                          rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:74:d3:62:9e:7d:6c:a3:cb:e6:7c:36:a2:e7:3b:a4:43:f6:b5:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
        Validity
            Not Before: Dec 13 10:40:34 2023 GMT
            Not After : Dec 11 10:45:34 2024 GMT
        Subject: CN=8967F5D48A288A5F66053858567254F9CF34B603
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ed:a3:55:0a:a4:b4:43:14:32:e2:79:0a:43:
                    9b:86:19:65:10:ba:2c:e0:71:e4:ce:3a:eb:11:b5:
                    12:63:5b:ad:fb:75:a0:b2:31:b2:a6:1a:29:1d:79:
                    4a:57:ea:2f:3f:35:09:b3:64:ef:a5:59:31:f1:58:
                    bc:0d:66:85:1d:bd:c5:a0:24:bd:1d:7a:1c:a1:eb:
                    cb:a6:2a:4f:3c:cf:0c:f9:02:a3:ee:12:18:ae:9d:
                    dd:5e:3c:aa:dc:e6:6a:48:b2:68:34:c5:83:60:09:
                    6a:b6:5c:c4:45:b7:c2:38:b7:03:96:6c:c4:58:7c:
                    e2:9e:11:90:a3:ad:a4:19:35:06:a4:72:5b:aa:09:
                    31:47:65:f7:22:a1:3d:30:4b:57:72:72:23:62:6d:
                    82:a0:5e:a2:32:93:df:74:89:c2:fe:d4:f9:2a:d5:
                    33:73:13:67:c7:38:5f:b9:60:e9:a9:cf:1e:4b:d9:
                    1c:84:52:49:ea:43:12:29:a7:cf:62:bf:5c:71:11:
                    03:1e:56:32:7d:1c:77:28:2d:13:2e:6b:41:9c:bd:
                    ef:ff:47:d1:f5:4d:4a:66:96:b8:f5:cd:46:b7:62:
                    6f:2d:ab:1c:08:e4:a3:fc:49:60:02:6c:b6:36:b1:
                    04:7b:d4:de:88:dd:04:1d:a5:46:43:ff:e7:a3:36:
                    3e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:67:F5:D4:8A:28:8A:5F:66:05:38:58:56:72:54:F9:CF:34:B6:03
            X509v3 Authority Key Identifier:
                keyid:A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b905::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:17:72:87:33:a2:e4:bf:55:06:b0:e0:be:1f:1e:46:43:30:
         47:28:9f:d3:43:28:2e:d6:22:31:0f:5d:0a:57:54:6f:66:1b:
         2a:da:ae:4a:00:7c:f5:fb:eb:71:30:cc:7f:d5:d9:24:ef:d8:
         44:f9:ad:d3:e2:da:96:4e:1e:99:34:42:fa:a5:a8:c0:90:bf:
         16:c2:58:14:53:2d:77:fe:13:5b:22:f8:0a:8b:cb:5d:a7:6e:
         c4:57:bf:1a:dd:33:8b:d4:ef:0f:bb:8a:8a:65:45:be:7e:e4:
         17:e2:85:70:8a:05:23:22:8b:13:93:cc:ef:9e:1b:cc:a0:5c:
         bd:fd:08:1e:cf:23:83:5e:fa:b0:8b:26:73:08:91:20:8a:bb:
         e5:eb:12:22:58:c4:09:53:10:cb:74:f0:2e:8b:0a:83:4f:96:
         32:37:74:1a:78:9f:e3:ee:22:64:21:cd:39:00:ff:e9:24:63:
         a5:15:5d:39:c3:88:be:29:6d:cc:8e:a7:9d:e0:79:0d:1b:fb:
         68:1d:27:e0:98:9d:1e:ea:ce:ad:1b:9c:3c:a1:1b:d1:69:5d:
         a9:65:c6:49:65:bc:69:fb:b1:02:30:b0:19:5d:fd:d2:06:94:
         21:b0:b1:aa:31:9b:3e:b8:c7:90:30:5f:56:b4:c4:fc:db:b2:
         19:31:66:f0
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUBHTTYp59bKPL5nw2ouc7pEP2tZYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgxZWIzYTVlYjNkZjYzNDU1MWE5MDcyMmJjNjNhZDdl
MDIyY2FjNDAeFw0yMzEyMTMxMDQwMzRaFw0yNDEyMTExMDQ1MzRaMDMxMTAvBgNV
BAMTKDg5NjdGNUQ0OEEyODhBNUY2NjA1Mzg1ODU2NzI1NEY5Q0YzNEI2MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH7aNVCqS0QxQy4nkKQ5uGGWUQ
uizgceTOOusRtRJjW637daCyMbKmGikdeUpX6i8/NQmzZO+lWTHxWLwNZoUdvcWg
JL0dehyh68umKk88zwz5AqPuEhiund1ePKrc5mpIsmg0xYNgCWq2XMRFt8I4twOW
bMRYfOKeEZCjraQZNQakcluqCTFHZfcioT0wS1dyciNibYKgXqIyk990icL+1Pkq
1TNzE2fHOF+5YOmpzx5L2RyEUknqQxIpp89iv1xxEQMeVjJ9HHcoLRMua0Gcve//
R9H1TUpmlrj1zUa3Ym8tqxwI5KP8SWACbLY2sQR71N6I3QQdpUZD/+ejNj6JAgMB
AAGjggHjMIIB3zAdBgNVHQ4EFgQUiWf11Iooil9mBThYVnJU+c80tgMwHwYDVR0j
BBgwFoAUqB6zpes99jRVGpByK8Y61+AiysQwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5l
dGxhYnMvMS9BODFFQjNBNUVCM0RGNjM0NTUxQTkwNzIyQkM2M0FEN0UwMjJDQUM0
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcUI2enBlczk5alJWR3BCeUs4WTYx
LUFpeXNRLmNlcjB/BggrBgEFBQcBCwRzMHEwbwYIKwYBBQUHMAuGY3JzeW5jOi8v
cnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5ldGxhYnMvMS8zMjYxMzAzNDNhNjIz
OTMwMzUzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMTM2MzUzMDM5LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJ
AwcAKgS5BQAAMA0GCSqGSIb3DQEBCwUAA4IBAQBqF3KHM6Lkv1UGsOC+Hx5GQzBH
KJ/TQygu1iIxD10KV1RvZhsq2q5KAHz1++txMMx/1dkk79hE+a3T4tqWTh6ZNEL6
pajAkL8WwlgUUy13/hNbIvgKi8tdp27EV78a3TOL1O8Pu4qKZUW+fuQX4oVwigUj
IosTk8zvnhvMoFy9/QgezyODXvqwiyZzCJEgirvl6xIiWMQJUxDLdPAuiwqDT5Yy
N3QaeJ/j7iJkIc05AP/pJGOlFV05w4i+KW3Mjqed4HkNG/toHSfgmJ0e6s6tG5w8
oRvRaV2pZcZJZbxp+7ECMLAZXf3SBpQhsLGqMZs+uMeQMF9WtMT827IZMWbw
-----END CERTIFICATE-----