Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa
File:                     3138352e34392e3134302e302f32332d3233203d3e2038353837.roa (raw, json)
Hash identifier:          CH2m9ZitLf7PD63u+NkvuD6/h3y7uT6CT5l3zpNBz9U=
Subject key identifier:   CB:BD:C2:D9:82:43:98:48:83:A1:95:36:0D:42:4A:73:CC:DD:8D:80
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       187E18D6E43F4838269CB30FECC62EA9DD9CD0AE
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa
Signing time:             Mon 10 Jun 2024 13:29:13 +0000
ROA not before:           Mon 10 Jun 2024 13:24:13 +0000
ROA not after:            Mon 09 Jun 2025 13:29:13 +0000
asID:                     8587
IP address blocks:        185.49.140.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:7e:18:d6:e4:3f:48:38:26:9c:b3:0f:ec:c6:2e:a9:dd:9c:d0:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:13 2024 GMT
            Not After : Jun  9 13:29:13 2025 GMT
        Subject: CN=CBBDC2D98243984883A195360D424A73CCDD8D80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:7c:01:1f:a3:1d:3f:a5:88:83:5b:5e:73:a6:
                    7a:cd:c2:4d:33:0e:43:30:f8:de:62:1c:be:93:d7:
                    c0:de:ad:1f:79:67:08:d5:8c:c2:36:16:94:c2:d5:
                    d6:07:fd:e0:91:8a:18:bf:08:e5:f7:b4:40:65:f0:
                    32:35:cb:40:d7:5c:33:79:08:26:ac:23:6e:1f:a0:
                    77:6a:9c:be:10:b3:07:20:f6:4c:f4:25:47:cd:78:
                    7e:31:6b:68:d8:04:68:22:d0:f7:f0:c6:c8:7b:d2:
                    cf:d6:8f:63:18:bb:56:7b:6b:05:c1:96:bf:2d:73:
                    e0:a7:e1:0f:6c:1a:85:c8:4d:6f:9b:91:26:f4:6f:
                    3e:9b:c1:c5:81:90:df:85:60:a3:57:80:57:76:88:
                    2b:d6:3a:ca:96:8f:4a:73:ea:d6:4c:72:1b:01:f3:
                    5c:d2:6f:3a:e0:d8:b3:d7:68:10:08:06:b0:d6:90:
                    85:7c:02:01:6c:f6:b9:bd:39:25:d2:a4:56:0c:a1:
                    6d:3b:8a:03:10:d3:47:4e:1f:1c:16:79:fa:6c:b7:
                    8f:5d:12:e5:52:aa:ea:5b:7f:e0:36:15:7b:20:ec:
                    17:1f:a4:69:df:16:21:c7:a2:74:ea:de:5c:89:58:
                    29:8e:c5:bf:e5:53:46:c0:ec:f1:67:4e:1e:e0:07:
                    e8:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:BD:C2:D9:82:43:98:48:83:A1:95:36:0D:42:4A:73:CC:DD:8D:80
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:79:50:92:62:f6:9e:98:17:63:d5:bb:ed:d7:db:33:c9:9b:
         a8:df:7c:61:ca:3b:cb:70:6a:ce:a6:ce:b9:45:d0:00:ea:d6:
         71:0c:76:48:32:ba:79:22:4f:36:8d:1b:a0:fd:f6:a1:36:36:
         03:44:aa:d8:02:2e:77:6a:ac:a9:ce:1f:80:cc:0e:57:bc:39:
         3f:66:95:cd:07:44:81:ef:1e:d9:96:e8:aa:3f:bc:a7:dc:48:
         bf:b1:a6:47:ca:94:0d:9b:2f:0a:7f:be:81:b3:49:a8:ae:89:
         70:31:71:d9:1e:65:54:a0:df:b6:93:af:92:57:f1:82:25:fa:
         88:e0:37:ff:00:6a:b1:2f:49:f1:d7:06:6a:e1:63:ae:b0:2d:
         c9:26:ab:f9:67:97:ab:5c:06:dc:a7:a1:e1:cd:6f:bb:6f:cf:
         38:51:83:36:51:1d:f0:36:5a:9c:65:26:40:ba:ef:13:9e:53:
         be:d5:98:11:db:e5:d4:1a:75:39:69:da:2a:2b:30:fe:6e:87:
         21:4d:25:96:18:f1:bc:b4:d1:65:02:22:b3:d8:d9:61:67:39:
         85:da:99:19:21:5d:a4:ba:0a:8b:5e:5c:5a:68:31:29:47:1d:
         95:f3:c2:2a:83:bd:61:ff:ea:54:92:a6:9f:c8:7e:1a:cf:10:
         ac:02:94:f7
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUGH4Y1uQ/SDgmnLMP7MYuqd2c0K4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTNaFw0yNTA2MDkxMzI5MTNaMDMxMTAvBgNV
BAMTKENCQkRDMkQ5ODI0Mzk4NDg4M0ExOTUzNjBENDI0QTczQ0NERDhEODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdfAEfox0/pYiDW15zpnrNwk0z
DkMw+N5iHL6T18DerR95ZwjVjMI2FpTC1dYH/eCRihi/COX3tEBl8DI1y0DXXDN5
CCasI24foHdqnL4Qswcg9kz0JUfNeH4xa2jYBGgi0Pfwxsh70s/Wj2MYu1Z7awXB
lr8tc+Cn4Q9sGoXITW+bkSb0bz6bwcWBkN+FYKNXgFd2iCvWOsqWj0pz6tZMchsB
81zSbzrg2LPXaBAIBrDWkIV8AgFs9rm9OSXSpFYMoW07igMQ00dOHxwWefpst49d
EuVSqupbf+A2FXsg7BcfpGnfFiHHonTq3lyJWCmOxb/lU0bA7PFnTh7gB+iHAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUy73C2YJDmEiDoZU2DUJKc8zdjYAwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYYGCCsGAQUFBwELBHoweDB2BggrBgEFBQcwC4Zq
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMTM4MzUyZTM0MzkyZTMxMzQzMDJlMzAyZjMyMzMyZDMyMzMyMDNkM2UyMDM4
MzUzODM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQBuTGMMA0GCSqGSIb3DQEBCwUAA4IBAQCkeVCSYvae
mBdj1bvt19szyZuo33xhyjvLcGrOps65RdAA6tZxDHZIMrp5Ik82jRug/fahNjYD
RKrYAi53aqypzh+AzA5XvDk/ZpXNB0SB7x7ZluiqP7yn3Ei/saZHypQNmy8Kf76B
s0morolwMXHZHmVUoN+2k6+SV/GCJfqI4Df/AGqxL0nx1wZq4WOusC3JJqv5Z5er
XAbcp6HhzW+7b884UYM2UR3wNlqcZSZAuu8TnlO+1ZgR2+XUGnU5adoqKzD+boch
TSWWGPG8tNFlAiKz2NlhZzmF2pkZIV2kugqLXlxaaDEpRx2V88Iqg71h/+pUkqaf
yH4azxCsApT3
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:59:12 2024 by rpki-client on console-ams.rpki-client.org