Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32342d3234203d3e2030.roa
File:                     3138352e34392e3134322e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier:          wZqhyYMlFnMxPXGy2swOtIb6clVA4BnPUsg46ZKHyzg=
Subject key identifier:   29:08:43:A6:96:79:75:6D:3A:E7:21:BD:ED:63:22:25:51:A1:93:1E
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       1617E93266DA34B914BF349E8D6FF1894EB0631A
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32342d3234203d3e2030.roa
Signing time:             Mon 12 May 2025 14:07:22 +0000
ROA not before:           Mon 12 May 2025 14:02:22 +0000
ROA not after:            Mon 11 May 2026 14:07:22 +0000
asID:                     0
IP address blocks:        185.49.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 01 Jun 2025 22:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:17:e9:32:66:da:34:b9:14:bf:34:9e:8d:6f:f1:89:4e:b0:63:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: May 12 14:02:22 2025 GMT
            Not After : May 11 14:07:22 2026 GMT
        Subject: CN=290843A69679756D3AE721BDED63222551A1931E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a8:b4:61:52:33:37:a0:cc:4f:9e:38:13:c2:
                    46:d2:bd:0a:ee:d8:aa:7b:c2:7e:ca:88:f3:c2:c2:
                    23:a8:a4:a8:03:43:aa:65:8b:18:7e:f8:89:f7:44:
                    3d:ed:35:10:17:a5:88:b2:b6:f2:68:28:ed:d6:54:
                    8f:17:0c:04:15:0d:d2:43:4b:f4:19:86:7f:5a:59:
                    2d:7f:e6:ee:35:3f:91:08:3b:6e:3c:cc:9f:c2:dd:
                    be:5a:af:c1:85:4b:7c:88:07:21:ff:65:67:6a:5e:
                    ba:75:e6:fd:2e:e8:19:85:0e:ad:44:ec:b2:15:48:
                    30:0a:71:19:0e:09:2a:55:ea:71:a5:07:a9:3e:b5:
                    eb:cf:16:74:0f:8d:c7:c0:37:48:cf:78:65:49:54:
                    bb:0f:a7:8b:ab:5d:52:b6:df:33:00:33:f6:7b:0b:
                    73:1a:5e:47:88:9f:55:14:4c:10:90:c8:7b:86:ad:
                    3c:79:cb:0d:84:0d:27:6d:70:3e:71:b7:bf:d4:0f:
                    67:63:3f:62:01:44:33:19:cc:80:11:05:81:88:8d:
                    48:cf:84:52:a5:63:e4:ac:df:b2:28:e3:99:4d:28:
                    83:00:7f:79:cc:dc:1d:dd:80:8a:bb:af:12:70:ce:
                    19:f7:7b:ae:65:e0:b6:f1:d7:35:db:48:2a:18:a9:
                    56:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:08:43:A6:96:79:75:6D:3A:E7:21:BD:ED:63:22:25:51:A1:93:1E
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32342d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:c8:2d:a8:c2:f4:fa:a3:ae:33:ed:92:9d:b5:f2:cc:7e:ad:
         09:54:0d:2a:99:14:ba:6b:58:68:d6:35:2a:12:0a:ab:d4:23:
         5b:0f:43:4b:de:fa:e6:d1:91:eb:cc:d7:14:de:75:28:9d:50:
         bb:5e:a0:4a:27:69:f9:0f:50:40:56:38:7f:9b:ed:74:4e:06:
         15:00:71:ba:d0:56:de:06:e7:8f:15:fc:db:10:5c:17:60:48:
         d4:15:d7:74:76:db:c5:6c:63:ab:ac:7e:55:b3:da:0c:fc:74:
         08:8c:e9:ec:b0:78:7f:e6:9a:a4:9b:57:f6:c6:0a:f4:3f:99:
         93:a9:30:42:00:ef:6a:9e:b6:1e:5a:69:74:d0:82:03:9a:30:
         a6:0f:0d:00:ba:de:df:c1:9b:a1:ec:c0:31:52:c0:21:e8:3f:
         a4:82:90:bc:3a:be:0c:7e:af:15:bd:99:72:1c:6d:6a:ff:36:
         28:34:68:5d:c6:01:c9:a1:25:cd:89:a4:3a:56:64:10:c2:3f:
         9f:b0:80:70:74:e9:1c:fb:ed:3e:a5:4d:f5:ad:19:30:13:b8:
         c4:f1:1b:f0:f6:7c:93:f6:db:d1:2b:d9:82:d0:f1:49:e8:41:
         35:64:af:37:a5:bc:fa:a0:a0:83:e6:1a:b2:bb:a8:2e:20:84:
         96:dd:f0:ab
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIUFhfpMmbaNLkUvzSejW/xiU6wYxowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjJaFw0yNjA1MTExNDA3MjJaMDMxMTAvBgNV
BAMTKDI5MDg0M0E2OTY3OTc1NkQzQUU3MjFCREVENjMyMjI1NTFBMTkzMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbqLRhUjM3oMxPnjgTwkbSvQru
2Kp7wn7KiPPCwiOopKgDQ6plixh++In3RD3tNRAXpYiytvJoKO3WVI8XDAQVDdJD
S/QZhn9aWS1/5u41P5EIO248zJ/C3b5ar8GFS3yIByH/ZWdqXrp15v0u6BmFDq1E
7LIVSDAKcRkOCSpV6nGlB6k+tevPFnQPjcfAN0jPeGVJVLsPp4urXVK23zMAM/Z7
C3MaXkeIn1UUTBCQyHuGrTx5yw2EDSdtcD5xt7/UD2djP2IBRDMZzIARBYGIjUjP
hFKlY+Ss37Io45lNKIMAf3nM3B3dgIq7rxJwzhn3e65l4Lbx1zXbSCoYqVYlAgMB
AAGjggHpMIIB5TAdBgNVHQ4EFgQUKQhDppZ5dW065yG97WMiJVGhkx4wHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYAGCCsGAQUFBwELBHQwcjBwBggrBgEFBQcwC4Zk
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMTM4MzUyZTM0MzkyZTMxMzQzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMw
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAw
DjAMBAIAATAGAwQAuTGOMA0GCSqGSIb3DQEBCwUAA4IBAQAgyC2owvT6o64z7ZKd
tfLMfq0JVA0qmRS6a1ho1jUqEgqr1CNbD0NL3vrm0ZHrzNcU3nUonVC7XqBKJ2n5
D1BAVjh/m+10TgYVAHG60FbeBuePFfzbEFwXYEjUFdd0dtvFbGOrrH5Vs9oM/HQI
jOnssHh/5pqkm1f2xgr0P5mTqTBCAO9qnrYeWml00IIDmjCmDw0Aut7fwZuh7MAx
UsAh6D+kgpC8Or4Mfq8VvZlyHG1q/zYoNGhdxgHJoSXNiaQ6VmQQwj+fsIBwdOkc
++0+pU31rRkwE7jE8Rvw9nyT9tvRK9mC0PFJ6EE1ZK83pbz6oKCD5hqyu6guIISW
3fCr
-----END CERTIFICATE-----