Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa
File:                     3138352e34392e3134302e302f32332d3233203d3e2038353837.roa (raw, json)
Hash identifier:          5N/Wd0YuxRMcEUpk/fmXDUj02n81dTqVqyb1T4P+ixA=
Subject key identifier:   80:18:EC:05:A9:5F:D3:D1:A2:00:D9:9F:32:69:65:C6:93:D5:EE:92
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       3E2C24BDAA696C74B2F44D3D1030252EC63C3EC4
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa
Signing time:             Mon 12 May 2025 14:07:22 +0000
ROA not before:           Mon 12 May 2025 14:02:22 +0000
ROA not after:            Mon 11 May 2026 14:07:22 +0000
asID:                     8587
IP address blocks:        185.49.140.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:2c:24:bd:aa:69:6c:74:b2:f4:4d:3d:10:30:25:2e:c6:3c:3e:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: May 12 14:02:22 2025 GMT
            Not After : May 11 14:07:22 2026 GMT
        Subject: CN=8018EC05A95FD3D1A200D99F326965C693D5EE92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9e:e1:3d:f2:2e:26:b4:c6:0d:41:8e:4f:1e:
                    57:77:d6:5a:fd:bf:2c:7e:0c:0a:57:b2:32:bf:f9:
                    ae:14:f3:1a:1c:1f:f1:de:1f:70:c8:f1:fd:35:27:
                    ce:c8:a8:87:95:3e:de:d8:59:3a:b2:92:d8:6c:cd:
                    77:c8:cc:4b:c2:f7:1b:0c:de:fd:bd:1a:b6:fa:de:
                    aa:b5:5f:ab:09:d9:de:3b:28:f2:8d:b1:60:06:79:
                    c8:a4:ff:f5:65:91:f9:db:6c:9a:3c:d4:ed:f4:8a:
                    5c:f9:10:40:d8:af:90:f3:63:3d:ff:af:2c:bb:35:
                    60:4f:bd:af:11:c4:a6:45:97:d0:70:e8:54:46:32:
                    77:e8:b9:f6:73:e1:d2:cd:36:e8:0a:0c:59:71:24:
                    30:47:c1:88:c9:a6:f2:21:02:69:da:6f:d2:36:d4:
                    db:2e:12:1e:25:b6:ff:4a:70:99:e1:5b:e5:2f:7a:
                    69:a4:f1:ec:a2:af:47:b3:df:f0:51:6f:65:8a:5d:
                    d3:18:12:45:0c:80:5d:6c:bd:35:02:d9:d9:ce:f5:
                    8c:9e:c9:42:b9:6b:0d:70:03:e8:be:27:07:4e:3c:
                    70:4f:75:bf:1e:97:60:a6:78:cd:b8:15:0d:45:0a:
                    58:0a:a9:0e:30:ff:18:65:b5:c4:57:60:46:aa:b9:
                    a4:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:18:EC:05:A9:5F:D3:D1:A2:00:D9:9F:32:69:65:C6:93:D5:EE:92
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:8f:32:29:e7:1a:b5:56:6c:4d:84:5b:c4:1c:77:93:93:14:
         b7:64:d6:ab:05:61:ed:6b:d8:9f:6c:a3:ce:7a:91:4d:a1:75:
         81:50:d2:6e:4e:33:95:96:b1:df:23:01:ad:c6:49:a2:d5:0a:
         b8:5c:1d:29:81:d4:57:d8:21:f5:97:b4:e7:f9:a2:6f:61:e7:
         0d:aa:4b:ad:ce:d9:26:5f:4a:51:41:04:fb:bb:31:b2:28:51:
         76:c2:01:06:43:ad:2d:7e:d5:15:85:f3:98:8c:7e:4d:5e:aa:
         8d:19:74:7f:94:b6:ff:c7:6d:e0:9b:e5:a5:5c:77:11:c0:39:
         bb:f6:97:b0:e9:66:00:de:f6:5b:cf:a0:b5:81:1a:0b:6c:55:
         8d:16:e2:50:db:47:8c:4d:5e:43:19:b9:6b:6c:4b:56:8f:f4:
         6a:0f:99:c5:99:3b:ad:64:3a:cf:f7:55:14:3d:c0:89:74:9b:
         ed:af:0f:aa:0c:1f:80:18:6d:cc:b7:83:03:dd:bb:f4:de:e7:
         54:ce:dc:ec:14:2c:3b:5b:29:79:01:c5:d1:39:34:44:26:57:
         f4:46:bf:e2:8f:b1:70:0c:d8:d1:98:5e:75:30:1f:09:6f:b0:
         0d:d7:2b:c4:b0:37:7d:b3:1b:e5:e9:83:65:7e:be:11:37:3c:
         76:71:5a:1b
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUPiwkvappbHSy9E09EDAlLsY8PsQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjJaFw0yNjA1MTExNDA3MjJaMDMxMTAvBgNV
BAMTKDgwMThFQzA1QTk1RkQzRDFBMjAwRDk5RjMyNjk2NUM2OTNENUVFOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1nuE98i4mtMYNQY5PHld31lr9
vyx+DApXsjK/+a4U8xocH/HeH3DI8f01J87IqIeVPt7YWTqykthszXfIzEvC9xsM
3v29Grb63qq1X6sJ2d47KPKNsWAGecik//VlkfnbbJo81O30ilz5EEDYr5DzYz3/
ryy7NWBPva8RxKZFl9Bw6FRGMnfoufZz4dLNNugKDFlxJDBHwYjJpvIhAmnab9I2
1NsuEh4ltv9KcJnhW+Uvemmk8eyir0ez3/BRb2WKXdMYEkUMgF1svTUC2dnO9Yye
yUK5aw1wA+i+JwdOPHBPdb8el2CmeM24FQ1FClgKqQ4w/xhltcRXYEaquaQ1AgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUgBjsBalf09GiANmfMmllxpPV7pIwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYYGCCsGAQUFBwELBHoweDB2BggrBgEFBQcwC4Zq
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMTM4MzUyZTM0MzkyZTMxMzQzMDJlMzAyZjMyMzMyZDMyMzMyMDNkM2UyMDM4
MzUzODM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQBuTGMMA0GCSqGSIb3DQEBCwUAA4IBAQABjzIp5xq1
VmxNhFvEHHeTkxS3ZNarBWHta9ifbKPOepFNoXWBUNJuTjOVlrHfIwGtxkmi1Qq4
XB0pgdRX2CH1l7Tn+aJvYecNqkutztkmX0pRQQT7uzGyKFF2wgEGQ60tftUVhfOY
jH5NXqqNGXR/lLb/x23gm+WlXHcRwDm79pew6WYA3vZbz6C1gRoLbFWNFuJQ20eM
TV5DGblrbEtWj/RqD5nFmTutZDrP91UUPcCJdJvtrw+qDB+AGG3Mt4MD3bv03udU
ztzsFCw7Wyl5AcXROTREJlf0Rr/ij7FwDNjRmF51MB8Jb7AN1yvEsDd9sxvl6YNl
fr4RNzx2cVob
-----END CERTIFICATE-----