Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa
File:                     3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa (raw, json)
Hash identifier:          3YH32z1pX8kitA9NiLHWwrgMRTfRtB0C1VTCrZwpHGI=
Subject key identifier:   02:64:CA:0A:FF:42:02:46:47:EE:5A:FE:4D:F9:3D:7B:4D:59:44:CC
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       5E4B131DE31D8FCA772254F8560398C3767D82B2
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa
Signing time:             Mon 10 Jun 2024 13:29:13 +0000
ROA not before:           Mon 10 Jun 2024 13:24:13 +0000
ROA not after:            Mon 09 Jun 2025 13:29:13 +0000
asID:                     211321
IP address blocks:        185.49.142.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:4b:13:1d:e3:1d:8f:ca:77:22:54:f8:56:03:98:c3:76:7d:82:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:13 2024 GMT
            Not After : Jun  9 13:29:13 2025 GMT
        Subject: CN=0264CA0AFF42024647EE5AFE4DF93D7B4D5944CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:69:58:39:30:e0:15:a1:91:25:49:04:1e:e8:
                    19:b4:46:27:6f:54:87:b2:69:32:25:31:f1:3c:de:
                    ef:fd:d2:9b:9e:b7:35:6c:5a:f4:0b:87:0c:67:32:
                    4a:8e:c2:8f:c8:e9:7f:23:e7:76:3e:23:26:34:40:
                    64:82:97:21:4e:55:e6:52:32:46:f6:71:41:b1:c6:
                    86:cb:e3:fc:82:2e:a3:2f:6f:56:82:f6:2f:82:7b:
                    80:fd:e4:49:f9:1d:15:2b:7b:cd:43:b2:e2:94:89:
                    60:e3:88:9a:b7:e8:e5:78:dc:bc:f5:3c:62:cf:be:
                    37:8b:52:98:cf:68:14:d2:1a:d1:99:e4:60:77:9c:
                    c0:16:c1:d4:c8:f7:53:8c:15:cc:71:56:33:d0:9e:
                    f5:93:81:eb:38:26:1d:e1:b4:3c:b0:ba:48:eb:8a:
                    66:b6:e3:29:47:94:ff:4c:71:bc:bb:3f:68:85:27:
                    de:7d:4c:73:ca:78:c7:fc:9b:11:68:97:2c:55:da:
                    f8:17:27:cf:01:12:2d:5b:75:a2:c0:9f:d4:c6:a2:
                    68:b1:e1:f9:6b:be:ba:90:97:85:ed:01:e4:35:a6:
                    50:ac:64:14:db:00:3a:a1:f4:1f:21:3a:bc:8e:49:
                    f1:da:3f:76:6b:b0:61:28:f4:20:58:7e:41:7b:9f:
                    5a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:64:CA:0A:FF:42:02:46:47:EE:5A:FE:4D:F9:3D:7B:4D:59:44:CC
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:a5:cd:62:59:35:6d:17:cd:89:dc:19:94:7c:7b:f7:67:01:
         64:40:87:6b:60:fa:54:6d:b6:af:98:87:0e:5a:37:24:3a:6c:
         eb:5b:d8:41:c6:e5:34:5f:b9:1f:bb:16:1a:6a:6b:81:58:c6:
         72:13:97:52:c9:b2:60:6f:f7:7b:c4:66:c8:4e:e8:e2:32:d3:
         c4:63:2c:fd:c8:d4:31:ae:33:36:b6:a7:a2:51:7f:f1:5a:ae:
         e1:54:86:ac:ec:49:4c:c0:c6:cc:5e:38:b2:5b:78:2d:6f:15:
         d7:be:77:9a:d6:7f:48:ca:92:e1:74:59:e7:5e:8e:d2:b4:28:
         5f:98:4b:45:d5:34:92:54:22:22:85:18:f2:f4:e5:5b:12:d0:
         bd:04:51:9c:37:e9:e0:44:d9:85:cf:25:0b:73:bd:45:44:16:
         db:fa:6f:72:49:e4:37:2f:79:eb:c4:23:ea:27:3f:fc:1c:51:
         2f:43:43:34:bf:50:50:3a:4e:ed:96:8c:4e:34:f4:f2:b0:32:
         02:57:93:20:a0:ee:e9:2f:76:a0:17:bc:e8:33:aa:0c:b8:14:
         2c:23:ae:e6:7c:9a:94:79:bf:a5:40:d9:85:da:11:67:89:5d:
         25:99:2c:d2:f7:20:cb:f0:94:96:55:7a:01:4b:01:e9:ba:05:
         ca:66:e9:e0
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIUXksTHeMdj8p3IlT4VgOYw3Z9grIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTNaFw0yNTA2MDkxMzI5MTNaMDMxMTAvBgNV
BAMTKDAyNjRDQTBBRkY0MjAyNDY0N0VFNUFGRTRERjkzRDdCNEQ1OTQ0Q0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAaVg5MOAVoZElSQQe6Bm0Ridv
VIeyaTIlMfE83u/90puetzVsWvQLhwxnMkqOwo/I6X8j53Y+IyY0QGSClyFOVeZS
Mkb2cUGxxobL4/yCLqMvb1aC9i+Ce4D95En5HRUre81DsuKUiWDjiJq36OV43Lz1
PGLPvjeLUpjPaBTSGtGZ5GB3nMAWwdTI91OMFcxxVjPQnvWTges4Jh3htDywukjr
ima24ylHlP9Mcby7P2iFJ959THPKeMf8mxFolyxV2vgXJ88BEi1bdaLAn9TGomix
4flrvrqQl4XtAeQ1plCsZBTbADqh9B8hOryOSfHaP3ZrsGEo9CBYfkF7n1pjAgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQUAmTKCv9CAkZH7lr+Tfk9e01ZRMwwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYoGCCsGAQUFBwELBH4wfDB6BggrBgEFBQcwC4Zu
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMTM4MzUyZTM0MzkyZTMxMzQzMjJlMzAyZjMyMzMyZDMyMzMyMDNkM2UyMDMy
MzEzMTMzMzIzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAbkxjjANBgkqhkiG9w0BAQsFAAOCAQEABaXN
Ylk1bRfNidwZlHx792cBZECHa2D6VG22r5iHDlo3JDps61vYQcblNF+5H7sWGmpr
gVjGchOXUsmyYG/3e8RmyE7o4jLTxGMs/cjUMa4zNranolF/8Vqu4VSGrOxJTMDG
zF44slt4LW8V1753mtZ/SMqS4XRZ516O0rQoX5hLRdU0klQiIoUY8vTlWxLQvQRR
nDfp4ETZhc8lC3O9RUQW2/pvcknkNy9568Qj6ic//BxRL0NDNL9QUDpO7ZaMTjT0
8rAyAleTIKDu6S92oBe86DOqDLgULCOu5nyalHm/pUDZhdoRZ4ldJZks0vcgy/CU
llV6AUsB6boFymbp4A==
-----END CERTIFICATE-----