Route Origin Authorization

$ rpki-client -vvf rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa
File:                     326130343a623930373a3a2f34382d3438203d3e2030.roa (raw, json)
Hash identifier:          g/P6/bjazXTPQ2zZ4hjx2lH8j7sT8qYq3wC8kE0iLvc=
Subject key identifier:   3E:B5:3A:95:E9:54:68:5B:B2:BE:D2:13:5D:64:43:BE:98:7D:F8:D8
Certificate issuer:       /CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
Certificate serial:       7F3E4FEEB2DFAECB9C54DCDD5FB635C99A51340F
Authority key identifier: A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
Subject info access:      rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa
Signing time:             Mon 26 Jun 2023 19:47:00 +0000
ROA not before:           Mon 26 Jun 2023 19:42:00 +0000
ROA not after:            Mon 24 Jun 2024 19:47:00 +0000
asID:                     0
IP address blocks:        2a04:b907::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl
                          rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 00:45:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:3e:4f:ee:b2:df:ae:cb:9c:54:dc:dd:5f:b6:35:c9:9a:51:34:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81eb3a5eb3df634551a90722bc63ad7e022cac4
        Validity
            Not Before: Jun 26 19:42:00 2023 GMT
            Not After : Jun 24 19:47:00 2024 GMT
        Subject: CN=3EB53A95E954685BB2BED2135D6443BE987DF8D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f5:c4:45:95:21:78:8d:1b:94:95:b9:07:71:
                    35:e4:2a:41:a5:5e:2b:d1:df:f8:f0:93:bc:0c:5c:
                    c3:1f:b2:bd:90:4e:30:78:27:53:a4:5e:be:11:38:
                    d4:6a:41:5d:44:d1:8e:45:9e:ee:b4:64:54:bd:9e:
                    b3:42:ae:30:97:27:a9:00:54:b8:d5:aa:a6:8d:ec:
                    a5:80:17:a5:98:36:a7:d2:e6:c2:83:b2:c9:6a:ba:
                    76:a5:e9:13:ec:05:cb:b7:57:ae:c2:10:36:3f:ff:
                    b1:c0:87:23:c7:a2:4c:08:b4:b8:0a:f6:f1:f5:2d:
                    4a:cb:39:0f:8a:32:ec:87:6a:8f:c5:01:11:50:5a:
                    36:f7:3c:21:50:c8:2b:bd:cb:2f:e4:49:90:4e:45:
                    d0:70:7c:32:7d:9a:b6:f0:cd:7b:56:1b:43:1e:ae:
                    5a:e4:f8:0e:fb:b0:60:c3:92:48:e8:48:7c:0a:03:
                    e2:52:18:9b:d6:71:a9:41:83:a8:9c:73:61:ab:e7:
                    f3:2f:6b:42:71:9a:36:8c:fa:71:1f:79:cc:b4:43:
                    9d:7f:b4:20:64:e0:c0:bd:b3:54:66:d3:fa:b8:13:
                    3a:be:b6:5c:d5:7a:57:b8:d1:99:09:c8:3b:03:ec:
                    47:65:6a:6f:af:88:18:fc:0f:03:6e:c9:45:88:a2:
                    d2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B5:3A:95:E9:54:68:5B:B2:BE:D2:13:5D:64:43:BE:98:7D:F8:D8
            X509v3 Authority Key Identifier:
                keyid:A8:1E:B3:A5:EB:3D:F6:34:55:1A:90:72:2B:C6:3A:D7:E0:22:CA:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/A81EB3A5EB3DF634551A90722BC63AD7E022CAC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qB6zpes99jRVGpByK8Y61-AiysQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.cloud/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b907::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:55:4f:0a:49:ca:cf:95:b8:8c:f7:ab:d0:a1:12:9f:3b:18:
         3a:7d:f5:18:00:8b:cb:db:d7:9c:8c:f4:e3:76:26:23:39:82:
         db:a1:34:c6:47:97:ed:14:b0:39:c9:aa:2d:04:b2:85:0c:2b:
         65:e6:33:0d:14:54:aa:d7:1a:62:e0:d1:e7:1c:d1:c9:91:8e:
         8e:78:d0:15:1a:89:a5:74:d5:92:a4:97:b2:56:1d:2f:36:d1:
         fe:62:49:38:40:eb:a7:de:61:5a:30:dd:20:51:e6:53:f7:b2:
         31:9f:91:a2:11:be:27:32:44:b3:5f:04:44:74:75:83:df:ab:
         8b:6c:31:11:42:7d:85:16:07:a6:44:28:28:51:38:83:cf:ed:
         f5:60:72:09:8e:ab:3f:75:a7:d8:36:fd:0b:35:c5:e0:f1:45:
         75:0d:d8:b0:64:ee:d6:a5:4a:7d:6a:66:d8:e0:e4:50:87:17:
         45:d6:be:47:c7:74:fb:6d:7f:d4:8e:ec:e1:98:75:dc:45:8b:
         4f:40:e1:99:e9:7a:8c:95:eb:e3:96:64:05:86:98:a2:1a:43:
         1a:7e:a6:22:85:0d:f1:b1:8f:01:22:d4:b1:5b:09:2f:af:69:
         0d:5a:2c:b5:d9:6d:ce:21:8b:4b:b2:14:71:26:33:63:e2:19:
         89:72:90:35
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUfz5P7rLfrsucVNzdX7Y1yZpRNA8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgxZWIzYTVlYjNkZjYzNDU1MWE5MDcyMmJjNjNhZDdl
MDIyY2FjNDAeFw0yMzA2MjYxOTQyMDBaFw0yNDA2MjQxOTQ3MDBaMDMxMTAvBgNV
BAMTKDNFQjUzQTk1RTk1NDY4NUJCMkJFRDIxMzVENjQ0M0JFOTg3REY4RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB9cRFlSF4jRuUlbkHcTXkKkGl
XivR3/jwk7wMXMMfsr2QTjB4J1OkXr4RONRqQV1E0Y5Fnu60ZFS9nrNCrjCXJ6kA
VLjVqqaN7KWAF6WYNqfS5sKDsslqunal6RPsBcu3V67CEDY//7HAhyPHokwItLgK
9vH1LUrLOQ+KMuyHao/FARFQWjb3PCFQyCu9yy/kSZBORdBwfDJ9mrbwzXtWG0Me
rlrk+A77sGDDkkjoSHwKA+JSGJvWcalBg6icc2Gr5/Mva0JxmjaM+nEfecy0Q51/
tCBk4MC9s1Rm0/q4Ezq+tlzVele40ZkJyDsD7Edlam+viBj8DwNuyUWIotIBAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUPrU6lelUaFuyvtITXWRDvph9+NgwHwYDVR0j
BBgwFoAUqB6zpes99jRVGpByK8Y61+AiysQwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5l
dGxhYnMvMS9BODFFQjNBNUVCM0RGNjM0NTUxQTkwNzIyQkM2M0FEN0UwMjJDQUM0
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcUI2enBlczk5alJWR3BCeUs4WTYx
LUFpeXNRLmNlcjB3BggrBgEFBQcBCwRrMGkwZwYIKwYBBQUHMAuGW3JzeW5jOi8v
cnN5bmMua3JpbGwuY2xvdWQvcmVwby9ubG5ldGxhYnMvMS8zMjYxMzAzNDNhNjIz
OTMwMzczYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoEuQcA
ADANBgkqhkiG9w0BAQsFAAOCAQEAkVVPCknKz5W4jPer0KESnzsYOn31GACLy9vX
nIz043YmIzmC26E0xkeX7RSwOcmqLQSyhQwrZeYzDRRUqtcaYuDR5xzRyZGOjnjQ
FRqJpXTVkqSXslYdLzbR/mJJOEDrp95hWjDdIFHmU/eyMZ+RohG+JzJEs18ERHR1
g9+ri2wxEUJ9hRYHpkQoKFE4g8/t9WByCY6rP3Wn2Db9CzXF4PFFdQ3YsGTu1qVK
fWpm2ODkUIcXRda+R8d0+21/1I7s4Zh13EWLT0Dhmel6jJXr45ZkBYaYohpDGn6m
IoUN8bGPASLUsVsJL69pDVostdltziGLS7IUcSYzY+IZiXKQNQ==
-----END CERTIFICATE-----