Route Origin Authorization

$ rpki-client -vvf rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930373a3a2f34372d3437203d3e20323131333231.roa
File:                     326130343a623930373a3a2f34372d3437203d3e20323131333231.roa (raw, json)
Hash identifier:          y+knOuhafLtEBuxaPCS6EE6OUDRji6/1V8kQ78sToLg=
Subject key identifier:   74:F1:0F:97:AB:EC:C0:D1:DC:8D:81:0E:14:B1:39:05:1E:28:CD:30
Certificate issuer:       /CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
Certificate serial:       490252D513A2DCA817DB74706DE8D8DBFCFB18B5
Authority key identifier: A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
Subject info access:      rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930373a3a2f34372d3437203d3e20323131333231.roa
Signing time:             Mon 26 Jun 2023 19:47:00 +0000
ROA not before:           Mon 26 Jun 2023 19:42:00 +0000
ROA not after:            Mon 24 Jun 2024 19:47:00 +0000
asID:                     211321
IP address blocks:        2a04:b907::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl
                          rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:02:52:d5:13:a2:dc:a8:17:db:74:70:6d:e8:d8:db:fc:fb:18:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
        Validity
            Not Before: Jun 26 19:42:00 2023 GMT
            Not After : Jun 24 19:47:00 2024 GMT
        Subject: CN=74F10F97ABECC0D1DC8D810E14B139051E28CD30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a8:04:82:54:f9:62:bf:e9:dd:0f:8a:0b:66:
                    dd:f5:de:6a:48:0e:80:e7:c5:b8:dd:84:7c:10:df:
                    95:2a:d4:12:64:f7:b0:43:5b:c3:04:c5:77:b1:b5:
                    95:04:b1:9a:98:63:98:30:30:a5:49:16:d4:f4:38:
                    25:7d:fe:03:90:6f:4d:41:23:5f:c1:9d:24:63:8f:
                    2c:df:eb:b6:01:a9:77:6f:97:99:a3:ea:5b:b6:62:
                    8e:cf:f4:2e:5c:f7:31:3d:11:03:66:87:5c:62:37:
                    96:c9:df:a4:f3:8f:32:93:50:6e:83:30:a9:17:db:
                    95:f3:3b:a2:64:40:62:7c:f4:87:00:a1:94:e8:1f:
                    32:e3:7b:14:e5:51:fa:be:2a:7a:83:46:9d:a8:01:
                    01:0a:34:1c:68:c7:2b:c2:e8:79:4d:8c:a9:ae:e8:
                    75:89:e2:87:03:18:00:b6:2f:18:6f:a7:99:8c:1d:
                    99:97:45:28:98:95:b7:7f:5d:9f:e6:3d:29:87:5b:
                    ee:b4:f3:39:d1:b0:f7:02:58:32:70:bc:8e:79:3c:
                    39:59:33:80:8b:65:eb:ab:fb:2c:cf:de:13:83:02:
                    70:fb:29:bb:4a:58:f0:e9:26:99:9e:92:19:0d:06:
                    96:92:da:3e:11:e5:6b:4f:45:de:05:c0:14:65:1c:
                    e8:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F1:0F:97:AB:EC:C0:D1:DC:8D:81:0E:14:B1:39:05:1E:28:CD:30
            X509v3 Authority Key Identifier:
                keyid:A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930373a3a2f34372d3437203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b907::/47

    Signature Algorithm: sha256WithRSAEncryption
         0d:fa:82:9b:35:c0:66:f8:04:a1:cb:00:3a:77:ad:09:32:b0:
         31:bc:e7:e0:49:db:b2:d2:94:fa:4e:ad:b5:7b:03:ab:77:ba:
         b6:d3:a5:23:69:69:ca:b6:10:93:81:19:ed:07:e7:ce:26:41:
         5d:96:be:89:7a:07:c3:8a:9d:38:e2:48:fd:7d:ce:f7:5c:9b:
         a1:ad:f8:76:44:06:8e:61:ec:45:16:24:ec:dc:38:33:e3:7b:
         a7:66:19:d6:7a:70:18:b1:4f:b1:26:5f:72:76:03:47:8f:be:
         0a:7c:2b:c8:a3:9e:22:b4:99:23:d7:0a:bf:81:e5:29:1a:7d:
         5f:bc:c4:0c:38:7e:5e:77:0c:99:ed:a2:2f:a6:18:90:13:fc:
         0e:23:fa:18:e1:d0:6d:57:5b:4e:15:80:df:ca:da:f4:ad:75:
         6b:68:58:dc:98:e4:c0:ce:38:16:2f:61:70:7c:79:c7:5c:a3:
         79:50:29:f0:1b:49:09:3d:4a:76:ee:38:e7:11:d5:32:50:27:
         46:b4:cb:76:71:7e:49:6c:29:71:9f:ab:6f:87:24:47:25:f2:
         03:ee:aa:41:2e:f8:db:94:44:ec:99:94:26:82:09:77:ec:f1:
         f5:99:6c:91:0a:a3:d2:62:5a:5c:5a:44:48:8f:df:42:1a:49:
         ba:2a:35:f8
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUSQJS1ROi3KgX23RwbejY2/z7GLUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgxZWIzYTVlYjNkZjYzNDU1MWE5MDcyMmJjNjNhZDdl
MDIyY2FjNDAeFw0yMzA2MjYxOTQyMDBaFw0yNDA2MjQxOTQ3MDBaMDMxMTAvBgNV
BAMTKDc0RjEwRjk3QUJFQ0MwRDFEQzhEODEwRTE0QjEzOTA1MUUyOENEMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDqASCVPliv+ndD4oLZt313mpI
DoDnxbjdhHwQ35Uq1BJk97BDW8MExXextZUEsZqYY5gwMKVJFtT0OCV9/gOQb01B
I1/BnSRjjyzf67YBqXdvl5mj6lu2Yo7P9C5c9zE9EQNmh1xiN5bJ36TzjzKTUG6D
MKkX25XzO6JkQGJ89IcAoZToHzLjexTlUfq+KnqDRp2oAQEKNBxoxyvC6HlNjKmu
6HWJ4ocDGAC2Lxhvp5mMHZmXRSiYlbd/XZ/mPSmHW+608znRsPcCWDJwvI55PDlZ
M4CLZeur+yzP3hODAnD7KbtKWPDpJpmekhkNBpaS2j4R5WtPRd4FwBRlHOhZAgMB
AAGjggHmMIIB4jAdBgNVHQ4EFgQUdPEPl6vswNHcjYEOFLE5BR4ozTAwHwYDVR0j
BBgwFoAUqB6zpes99jRVGpByK8Y61+AiysQwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5l
dGxhYnMvMS9BODFFQjNBNUVCM0RGNjM0NTUxQTkwNzIyQkM2M0FEN0UwMjJDQUM0
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcUI2enBlczk5alJWR3BCeUs4WTYx
LUFpeXNRLmNlcjCBgQYIKwYBBQUHAQsEdTBzMHEGCCsGAQUFBzALhmVyc3luYzov
L3JzeW5jLmtyaWxsLmNsb3VkL3JlcG8vbmxuZXRsYWJzLzEvMzI2MTMwMzQzYTYy
MzkzMDM3M2EzYTJmMzQzNzJkMzQzNzIwM2QzZTIwMzIzMTMxMzMzMjMxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcBKgS5BwAAMA0GCSqGSIb3DQEBCwUAA4IBAQAN+oKbNcBm+AShywA6d60J
MrAxvOfgSduy0pT6Tq21ewOrd7q206UjaWnKthCTgRntB+fOJkFdlr6JegfDip04
4kj9fc73XJuhrfh2RAaOYexFFiTs3Dgz43unZhnWenAYsU+xJl9ydgNHj74KfCvI
o54itJkj1wq/geUpGn1fvMQMOH5edwyZ7aIvphiQE/wOI/oY4dBtV1tOFYDfytr0
rXVraFjcmOTAzjgWL2FwfHnHXKN5UCnwG0kJPUp27jjnEdUyUCdGtMt2cX5JbClx
n6tvhyRHJfID7qpBLvjblETsmZQmggl37PH1mWyRCqPSYlpcWkRIj99CGkm6KjX4
-----END CERTIFICATE-----