Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa
File:                     3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa (raw, json)
Hash identifier:          oZe7kx0dptbnk/pk09tmwpUTyeKrXYcrC32dA/P40Gk=
Subject key identifier:   B1:00:80:E9:A4:5D:D7:18:9F:7A:1C:1A:C8:68:B7:68:5F:3E:EE:C6
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       6EBC3DADF5F3C3853CA818350B186899CE61F09C
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa
Signing time:             Mon 12 May 2025 14:07:22 +0000
ROA not before:           Mon 12 May 2025 14:02:22 +0000
ROA not after:            Mon 11 May 2026 14:07:22 +0000
asID:                     211321
IP address blocks:        185.49.142.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:bc:3d:ad:f5:f3:c3:85:3c:a8:18:35:0b:18:68:99:ce:61:f0:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: May 12 14:02:22 2025 GMT
            Not After : May 11 14:07:22 2026 GMT
        Subject: CN=B10080E9A45DD7189F7A1C1AC868B7685F3EEEC6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:bf:87:23:45:f8:b4:26:06:cf:2f:a2:68:fb:
                    2b:16:00:be:e0:8a:ec:10:18:fa:fe:cc:3d:65:21:
                    72:cf:7c:93:d8:df:69:bf:70:05:59:3b:b0:6f:a3:
                    5b:94:87:a9:99:e9:0a:a6:87:1f:9d:18:67:37:fd:
                    78:4b:50:62:0b:9c:eb:0e:e8:b5:f0:dc:ca:dd:3a:
                    8d:76:a5:5e:cd:40:7d:6e:98:66:ed:c6:74:c4:ff:
                    59:a1:e5:14:50:27:8d:80:2c:b5:15:b0:9b:27:ea:
                    17:0c:dc:8f:89:37:6b:75:8e:1d:b8:74:68:3e:42:
                    5b:30:f6:d0:20:1a:d7:6a:c8:fc:54:c2:b2:fa:77:
                    7c:58:b8:df:8d:8f:ad:6a:de:f9:35:43:71:7f:1c:
                    ea:20:46:8b:f0:c6:5f:19:ff:fd:f3:11:8d:54:dc:
                    d3:b2:1c:ed:53:cf:91:40:90:1e:f2:84:22:b7:74:
                    bb:3d:f2:2b:1d:07:b3:57:10:60:98:51:4b:f8:e4:
                    d9:f4:0e:e8:6c:6d:f2:21:d6:b2:ab:65:8e:bb:19:
                    97:a0:0d:c9:e0:62:37:92:39:92:88:c2:7b:b1:34:
                    19:33:e3:72:ce:39:92:6b:3c:86:7e:10:4c:88:7f:
                    4a:4a:7c:2b:71:1a:2d:f5:ff:35:92:38:1a:c1:e2:
                    1a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:00:80:E9:A4:5D:D7:18:9F:7A:1C:1A:C8:68:B7:68:5F:3E:EE:C6
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:99:26:f1:fb:3f:d7:18:c0:f4:fd:5e:a9:2f:99:de:88:9a:
         b8:da:bb:35:03:87:b6:dd:07:a2:73:52:7a:81:3e:a2:b3:7f:
         ea:a8:f5:03:52:1e:3c:d6:44:14:7c:53:56:5e:27:e7:6b:61:
         03:63:b9:a8:49:54:cd:67:68:9d:c8:1a:33:8d:14:72:2a:82:
         e8:22:23:78:9c:43:5e:08:4b:f9:54:d1:45:76:76:a8:c2:b6:
         bc:7a:8e:f3:d1:74:c0:75:a6:55:53:4c:9c:9b:7a:5c:ba:54:
         23:d8:04:aa:9b:93:0f:05:65:27:a9:b4:90:74:db:6d:75:51:
         39:34:ec:99:d6:3b:17:37:72:57:f1:39:75:a4:e3:ff:26:0b:
         24:dd:a9:52:08:48:a7:8e:f3:6f:b4:6e:03:51:48:6a:e0:1c:
         cd:4a:e5:b8:bc:a2:a4:06:51:a5:60:bc:c8:49:e8:f6:d0:24:
         f1:5d:4f:c7:4a:03:02:c6:10:80:53:98:2b:9d:1a:45:d7:9a:
         af:30:c9:c6:10:20:1e:f6:a7:c6:41:39:71:87:a2:f4:8e:f1:
         d1:ee:a8:74:89:5d:50:50:33:5c:66:55:b4:05:63:4c:3c:75:
         bc:c2:60:ba:69:39:11:d4:f4:9f:c4:61:de:6d:94:b0:d6:58:
         e0:dc:90:10
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIUbrw9rfXzw4U8qBg1Cxhomc5h8JwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjJaFw0yNjA1MTExNDA3MjJaMDMxMTAvBgNV
BAMTKEIxMDA4MEU5QTQ1REQ3MTg5RjdBMUMxQUM4NjhCNzY4NUYzRUVFQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpv4cjRfi0JgbPL6Jo+ysWAL7g
iuwQGPr+zD1lIXLPfJPY32m/cAVZO7Bvo1uUh6mZ6Qqmhx+dGGc3/XhLUGILnOsO
6LXw3MrdOo12pV7NQH1umGbtxnTE/1mh5RRQJ42ALLUVsJsn6hcM3I+JN2t1jh24
dGg+Qlsw9tAgGtdqyPxUwrL6d3xYuN+Nj61q3vk1Q3F/HOogRovwxl8Z//3zEY1U
3NOyHO1Tz5FAkB7yhCK3dLs98isdB7NXEGCYUUv45Nn0DuhsbfIh1rKrZY67GZeg
DcngYjeSOZKIwnuxNBkz43LOOZJrPIZ+EEyIf0pKfCtxGi31/zWSOBrB4hqtAgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQUsQCA6aRd1xifehwayGi3aF8+7sYwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYoGCCsGAQUFBwELBH4wfDB6BggrBgEFBQcwC4Zu
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMTM4MzUyZTM0MzkyZTMxMzQzMjJlMzAyZjMyMzMyZDMyMzMyMDNkM2UyMDMy
MzEzMTMzMzIzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAbkxjjANBgkqhkiG9w0BAQsFAAOCAQEANpkm
8fs/1xjA9P1eqS+Z3oiauNq7NQOHtt0HonNSeoE+orN/6qj1A1IePNZEFHxTVl4n
52thA2O5qElUzWdoncgaM40UciqC6CIjeJxDXghL+VTRRXZ2qMK2vHqO89F0wHWm
VVNMnJt6XLpUI9gEqpuTDwVlJ6m0kHTbbXVROTTsmdY7FzdyV/E5daTj/yYLJN2p
UghIp47zb7RuA1FIauAczUrluLyipAZRpWC8yEno9tAk8V1Px0oDAsYQgFOYK50a
RdearzDJxhAgHvanxkE5cYei9I7x0e6odIldUFAzXGZVtAVjTDx1vMJgumk5EdT0
n8Rh3m2UsNZY4NyQEA==
-----END CERTIFICATE-----