Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32342d3234203d3e2030.roa
File:                     3138352e34392e3134322e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier:          W2qRy9ddX7Xp81mc3K5+FrYJ8ie6RIhNH5at+Z0oViE=
Subject key identifier:   79:C3:B9:A6:4E:E8:38:0F:21:08:39:F5:E7:82:3B:EA:49:57:21:4F
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       7AA954CF7B93F59A6A66CD4135E64B07304298CF
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32342d3234203d3e2030.roa
Signing time:             Mon 10 Jun 2024 13:29:10 +0000
ROA not before:           Mon 10 Jun 2024 13:24:10 +0000
ROA not after:            Mon 09 Jun 2025 13:29:10 +0000
asID:                     0
IP address blocks:        185.49.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:a9:54:cf:7b:93:f5:9a:6a:66:cd:41:35:e6:4b:07:30:42:98:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:10 2024 GMT
            Not After : Jun  9 13:29:10 2025 GMT
        Subject: CN=79C3B9A64EE8380F210839F5E7823BEA4957214F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:91:32:7a:9a:35:f5:91:25:89:d6:68:23:c8:
                    f1:56:96:16:df:0d:15:32:c2:88:e3:64:88:93:54:
                    09:21:b7:5e:1c:e6:ac:82:02:18:35:5f:d9:a0:ea:
                    fb:db:1f:4e:9d:55:06:2e:eb:45:cd:68:00:35:09:
                    af:f7:ac:c1:5a:6d:2d:83:98:ce:2f:af:71:97:93:
                    6b:0b:9b:13:83:14:f9:4e:1a:63:51:20:59:2d:39:
                    2b:53:9e:ed:ef:d8:36:94:c8:ee:93:e9:6a:3a:fd:
                    07:3c:7a:f7:f1:09:e4:3b:ec:8a:1a:a6:75:f4:39:
                    86:05:d3:3b:61:d2:67:b9:75:9d:45:07:e9:8a:dd:
                    5a:29:b0:f4:cb:c0:9c:6d:b3:20:3f:ed:d3:8b:04:
                    39:f7:38:6b:c4:53:77:bd:40:b6:af:f7:2e:7b:e6:
                    5c:97:04:4f:3d:5e:08:87:c1:06:b2:6b:c3:6d:1f:
                    d5:95:9c:aa:5d:b7:b3:9c:61:37:98:ff:3e:0d:a1:
                    aa:e0:f1:88:27:56:c5:8e:af:28:52:27:9e:2b:9e:
                    24:8d:bb:36:b2:72:0c:97:b9:af:4e:f1:be:9f:21:
                    a6:59:a3:5b:41:ec:5f:5d:09:67:15:20:0b:cd:76:
                    db:4f:81:7d:43:a8:d7:5b:dc:87:a8:3e:0c:84:b0:
                    35:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C3:B9:A6:4E:E8:38:0F:21:08:39:F5:E7:82:3B:EA:49:57:21:4F
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134322e302f32342d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:f5:5f:db:bf:f1:a1:ae:79:5b:a3:e5:85:7f:c2:d9:0c:79:
         37:a0:2c:98:03:38:c2:01:83:aa:19:b7:04:2e:27:8c:2c:46:
         83:22:8e:79:22:5e:16:9f:ff:ee:9d:cd:b8:1a:d6:57:7c:e5:
         16:fb:91:96:7b:f9:91:58:32:d3:6b:db:42:79:02:1f:7a:1f:
         18:c7:78:07:77:0f:b4:fd:ce:8d:df:0e:0a:78:41:02:6b:7c:
         69:50:0e:a1:3e:64:5f:1e:d0:06:14:6f:41:29:aa:26:cd:1b:
         b7:73:db:5f:3c:b2:37:b7:3f:0e:f5:72:1c:4f:f5:47:ce:af:
         c4:1a:de:fe:e0:8b:4e:cb:26:63:69:04:e3:58:4d:b2:94:f2:
         3c:08:ec:db:5c:e5:bd:98:c0:c4:ff:29:a7:50:34:24:93:0f:
         87:1a:61:15:31:d8:e2:38:b9:a8:f1:ff:b9:ee:59:8e:f9:d6:
         9b:73:36:be:6a:fb:e0:9f:79:00:14:7b:16:83:7e:81:15:3c:
         c7:3b:c9:f2:25:9e:a5:7b:6c:c3:58:6d:e5:1e:ad:24:a5:c2:
         13:03:64:8d:fd:d1:75:d6:e0:28:a5:ae:79:ce:c1:1a:4f:8c:
         f5:e4:c8:55:fe:d9:88:66:96:cd:dd:c4:6b:7c:21:cb:46:55:
         89:8b:c9:e4
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIUeqlUz3uT9ZpqZs1BNeZLBzBCmM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTBaFw0yNTA2MDkxMzI5MTBaMDMxMTAvBgNV
BAMTKDc5QzNCOUE2NEVFODM4MEYyMTA4MzlGNUU3ODIzQkVBNDk1NzIxNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJkTJ6mjX1kSWJ1mgjyPFWlhbf
DRUywojjZIiTVAkht14c5qyCAhg1X9mg6vvbH06dVQYu60XNaAA1Ca/3rMFabS2D
mM4vr3GXk2sLmxODFPlOGmNRIFktOStTnu3v2DaUyO6T6Wo6/Qc8evfxCeQ77Ioa
pnX0OYYF0zth0me5dZ1FB+mK3VopsPTLwJxtsyA/7dOLBDn3OGvEU3e9QLav9y57
5lyXBE89XgiHwQaya8NtH9WVnKpdt7OcYTeY/z4Noarg8YgnVsWOryhSJ54rniSN
uzaycgyXua9O8b6fIaZZo1tB7F9dCWcVIAvNdttPgX1DqNdb3IeoPgyEsDXHAgMB
AAGjggHpMIIB5TAdBgNVHQ4EFgQUecO5pk7oOA8hCDn154I76klXIU8wHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYAGCCsGAQUFBwELBHQwcjBwBggrBgEFBQcwC4Zk
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMTM4MzUyZTM0MzkyZTMxMzQzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMw
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAw
DjAMBAIAATAGAwQAuTGOMA0GCSqGSIb3DQEBCwUAA4IBAQA29V/bv/Ghrnlbo+WF
f8LZDHk3oCyYAzjCAYOqGbcELieMLEaDIo55Il4Wn//unc24GtZXfOUW+5GWe/mR
WDLTa9tCeQIfeh8Yx3gHdw+0/c6N3w4KeEECa3xpUA6hPmRfHtAGFG9BKaomzRu3
c9tfPLI3tz8O9XIcT/VHzq/EGt7+4ItOyyZjaQTjWE2ylPI8COzbXOW9mMDE/ymn
UDQkkw+HGmEVMdjiOLmo8f+57lmO+dabcza+avvgn3kAFHsWg36BFTzHO8nyJZ6l
e2zDWG3lHq0kpcITA2SN/dF11uAopa55zsEaT4z15MhV/tmIZpbN3cRrfCHLRlWJ
i8nk
-----END CERTIFICATE-----