Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa
File:                     3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa (raw, json)
Hash identifier:          1EpfRAU7kW2kv2/RfJoCDKIPQ6o226tRJYfE0DzmmiI=
Subject key identifier:   64:69:5A:84:10:27:A5:52:D0:5A:BF:AA:A0:91:89:F3:73:D5:44:E8
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       4158C5C473E07E3A13B619C4CFB1A5AC711E0CE0
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa
Signing time:             Mon 10 Jun 2024 13:29:13 +0000
ROA not before:           Mon 10 Jun 2024 13:24:13 +0000
ROA not after:            Mon 09 Jun 2025 13:29:13 +0000
asID:                     211321
IP address blocks:        185.49.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:58:c5:c4:73:e0:7e:3a:13:b6:19:c4:cf:b1:a5:ac:71:1e:0c:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:13 2024 GMT
            Not After : Jun  9 13:29:13 2025 GMT
        Subject: CN=64695A841027A552D05ABFAAA09189F373D544E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:14:31:a8:30:52:3b:e8:88:af:97:77:e0:31:
                    b6:6d:7b:16:cf:6b:30:65:82:7d:2b:60:1a:86:52:
                    f9:7d:ef:a0:cb:2d:e1:9d:19:d5:d8:f0:63:a7:08:
                    97:c5:26:ef:44:58:56:7a:28:d1:c6:30:da:53:b8:
                    df:36:2f:3e:38:74:6c:e7:d1:61:20:dd:d5:bb:e4:
                    20:c8:1d:a6:fd:7f:00:9c:e5:bf:c7:fb:ae:79:7c:
                    67:0f:be:8d:3c:e1:84:93:31:77:9b:1c:d6:fe:01:
                    25:8c:66:10:33:f7:ac:f6:d2:57:a8:55:c6:65:39:
                    b0:2e:82:07:17:15:8a:bc:52:5a:ef:f3:fc:b2:36:
                    f5:33:bf:c2:99:1e:2f:44:f8:e7:1c:03:4f:dc:d1:
                    ab:c5:65:67:53:37:78:7e:fc:77:73:90:28:5a:30:
                    3d:79:d5:d4:9f:0b:bf:0d:14:97:28:45:25:a6:82:
                    fa:1c:e4:11:ac:0f:d7:90:66:e2:a5:88:43:56:1d:
                    c6:32:1e:01:ae:64:40:c6:32:ca:d3:46:6b:9d:e3:
                    bb:74:83:21:1f:0c:21:2a:53:86:33:6b:ca:1d:f5:
                    1e:d7:c7:d2:41:90:d9:1f:14:eb:63:95:58:f0:d4:
                    22:54:02:9c:8d:ef:43:01:f0:93:19:fb:59:b2:5a:
                    2f:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:69:5A:84:10:27:A5:52:D0:5A:BF:AA:A0:91:89:F3:73:D5:44:E8
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:ec:21:aa:5c:d2:51:69:25:fa:df:86:fc:ce:c4:3f:4e:ec:
         83:3e:63:d8:cd:f1:68:56:51:3b:59:82:08:f5:02:3f:45:f9:
         4c:09:3d:82:6b:ee:10:d8:5c:40:e7:61:81:23:52:5a:ae:2e:
         37:0e:1e:69:c6:13:47:a5:b3:05:9b:dc:a1:5c:51:a7:65:38:
         d6:95:93:d2:4a:d1:ca:14:a3:55:29:87:3f:f6:53:d6:4b:c3:
         15:09:06:a4:30:b7:56:e7:97:e1:aa:1c:02:1e:32:19:98:e5:
         56:8d:9b:95:f8:b9:4c:bc:01:1d:a3:49:61:9e:9a:b1:d3:8d:
         4b:50:45:0b:a0:f2:d0:c8:38:5c:d9:8c:34:bb:b0:73:25:7d:
         0f:04:5f:2d:6c:93:94:68:5d:97:6b:4f:62:94:42:6f:0d:3d:
         1f:ad:15:2b:de:01:9f:b9:13:f8:07:01:21:89:62:d2:b2:d6:
         37:b1:6e:14:4c:b8:53:70:b8:fa:4b:2e:8a:52:05:66:78:1d:
         ac:18:4a:3e:3f:3b:be:5f:fa:c8:18:96:a7:99:e0:70:d6:8f:
         5e:75:68:4f:c9:e5:57:7f:f5:3b:4a:e5:92:d7:e6:f0:f9:99:
         ed:52:2f:e5:3a:65:18:cc:42:e0:2e:18:85:bc:45:0a:2f:ae:
         5a:8a:d9:17
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIUQVjFxHPgfjoTthnEz7GlrHEeDOAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTNaFw0yNTA2MDkxMzI5MTNaMDMxMTAvBgNV
BAMTKDY0Njk1QTg0MTAyN0E1NTJEMDVBQkZBQUEwOTE4OUYzNzNENTQ0RTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqFDGoMFI76Iivl3fgMbZtexbP
azBlgn0rYBqGUvl976DLLeGdGdXY8GOnCJfFJu9EWFZ6KNHGMNpTuN82Lz44dGzn
0WEg3dW75CDIHab9fwCc5b/H+655fGcPvo084YSTMXebHNb+ASWMZhAz96z20leo
VcZlObAuggcXFYq8Ulrv8/yyNvUzv8KZHi9E+OccA0/c0avFZWdTN3h+/HdzkCha
MD151dSfC78NFJcoRSWmgvoc5BGsD9eQZuKliENWHcYyHgGuZEDGMsrTRmud47t0
gyEfDCEqU4Yza8od9R7Xx9JBkNkfFOtjlVjw1CJUApyN70MB8JMZ+1myWi8fAgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQUZGlahBAnpVLQWr+qoJGJ83PVROgwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYoGCCsGAQUFBwELBH4wfDB6BggrBgEFBQcwC4Zu
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMTM4MzUyZTM0MzkyZTMxMzQzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMy
MzEzMTMzMzIzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEALkxjzANBgkqhkiG9w0BAQsFAAOCAQEAm+wh
qlzSUWkl+t+G/M7EP07sgz5j2M3xaFZRO1mCCPUCP0X5TAk9gmvuENhcQOdhgSNS
Wq4uNw4eacYTR6WzBZvcoVxRp2U41pWT0krRyhSjVSmHP/ZT1kvDFQkGpDC3VueX
4aocAh4yGZjlVo2blfi5TLwBHaNJYZ6asdONS1BFC6Dy0Mg4XNmMNLuwcyV9DwRf
LWyTlGhdl2tPYpRCbw09H60VK94Bn7kT+AcBIYli0rLWN7FuFEy4U3C4+ksuilIF
ZngdrBhKPj87vl/6yBiWp5ngcNaPXnVoT8nlV3/1O0rlktfm8PmZ7VIv5TplGMxC
4C4YhbxFCi+uWorZFw==
-----END CERTIFICATE-----