Route Origin Authorization
$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa
File: 326130343a623930303a3a2f33302d3330203d3e2038353837.roa (raw, json)
Hash identifier: 3NgMpZV5LRLe09p3vkec7ImeUr6zl+R4GEX1WforxJc=
Subject key identifier: 24:3B:51:4E:B1:C3:3F:2D:63:EB:13:8D:EB:EC:CF:D1:0C:A2:02:D5
Certificate issuer: /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial: 71902B691B5C57AA52A01E8A8CAF55A978561A9A
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa
Signing time: Mon 12 May 2025 14:07:24 +0000
ROA not before: Mon 12 May 2025 14:02:24 +0000
ROA not after: Mon 11 May 2026 14:07:24 +0000
asID: 8587
IP address blocks: 2a04:b900::/30 maxlen: 30
Validation: OK
Signature path: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 05 Jun 2025 00:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:90:2b:69:1b:5c:57:aa:52:a0:1e:8a:8c:af:55:a9:78:56:1a:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
Validity
Not Before: May 12 14:02:24 2025 GMT
Not After : May 11 14:07:24 2026 GMT
Subject: CN=243B514EB1C33F2D63EB138DEBECCFD10CA202D5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:97:ef:37:bf:3d:90:be:2c:09:42:42:cb:14:
f6:74:c5:fe:51:15:e4:59:85:dc:30:0e:7a:1a:77:
f7:06:a4:bf:cf:e2:8a:9b:45:a5:13:d1:05:1d:55:
23:c1:52:df:08:01:63:65:35:74:35:d6:67:17:2b:
ad:7a:6a:0b:03:03:f1:f0:8f:7f:0a:25:b7:8e:70:
ef:51:a8:db:93:69:07:6d:eb:08:ad:04:8b:f9:0f:
f8:48:9a:6b:bb:c0:ed:77:2b:5e:35:58:8e:56:0c:
b7:26:ef:82:06:b7:f9:a8:a1:85:5d:4f:da:47:1e:
bf:a0:83:7e:20:82:f7:82:23:b1:b5:2d:c6:22:30:
ac:03:f7:bc:72:65:ca:4e:c1:a4:4a:f5:54:51:16:
e6:16:b4:07:8c:8c:57:a9:7c:cf:c6:bf:06:34:20:
1d:b4:40:49:81:e5:fb:74:70:ef:60:cb:ff:f0:39:
6b:89:69:19:9f:02:85:47:79:c8:25:33:3c:24:d1:
89:8e:ef:a2:ff:e1:93:c0:7b:07:2b:92:26:09:99:
6f:4a:4f:e4:07:61:5e:ca:3a:d8:82:8f:f7:2a:a5:
3b:cd:4f:d2:f7:18:aa:42:93:01:09:bf:8f:bd:61:
19:12:8a:78:84:fc:11:d4:1b:3c:40:f3:59:33:46:
01:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:3B:51:4E:B1:C3:3F:2D:63:EB:13:8D:EB:EC:CF:D1:0C:A2:02:D5
X509v3 Authority Key Identifier:
keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a04:b900::/30
Signature Algorithm: sha256WithRSAEncryption
71:48:86:a8:65:53:25:0b:73:e7:13:3f:ce:9b:36:b6:a3:c8:
1e:9f:82:e2:b4:a1:e1:32:2f:df:9c:aa:80:99:93:39:95:25:
8e:99:3c:9e:99:fe:f2:62:39:90:96:08:df:bf:18:35:82:6d:
cf:6f:c8:76:3a:57:fe:bd:00:df:5d:ae:3d:67:fb:d9:15:31:
d6:cf:72:35:19:22:bc:05:56:f5:82:d1:e0:c5:48:74:cd:31:
09:17:d4:a2:d2:ea:31:88:dc:7a:3c:42:29:ec:88:f6:3b:cd:
31:52:fd:61:dc:23:e8:02:55:e5:70:7d:bb:69:de:e9:d7:5b:
7a:63:60:36:41:07:71:05:a0:4e:97:e8:b1:eb:dc:8b:1b:17:
25:6a:e7:86:48:d2:d6:ae:ee:39:f0:4d:d4:31:9d:e3:f0:46:
bd:e2:bc:10:59:de:e3:e9:7d:12:ea:87:74:ab:88:c1:71:2a:
ae:32:61:4d:69:98:11:17:fb:cc:dd:48:a3:b6:35:27:c4:5b:
ec:41:5f:58:e7:e2:53:01:4d:77:b4:d6:8c:80:11:5a:7a:15:
57:46:e1:c2:31:a0:6c:54:b4:55:b9:19:66:9d:7a:90:fc:a6:
b3:b6:7c:11:55:e8:56:a5:8a:35:3a:3c:aa:37:30:72:28:21:
22:2c:1d:d6
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUcZAraRtcV6pSoB6KjK9VqXhWGpowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjRaFw0yNjA1MTExNDA3MjRaMDMxMTAvBgNV
BAMTKDI0M0I1MTRFQjFDMzNGMkQ2M0VCMTM4REVCRUNDRkQxMENBMjAyRDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6l+83vz2QviwJQkLLFPZ0xf5R
FeRZhdwwDnoad/cGpL/P4oqbRaUT0QUdVSPBUt8IAWNlNXQ11mcXK616agsDA/Hw
j38KJbeOcO9RqNuTaQdt6witBIv5D/hImmu7wO13K141WI5WDLcm74IGt/mooYVd
T9pHHr+gg34ggveCI7G1LcYiMKwD97xyZcpOwaRK9VRRFuYWtAeMjFepfM/GvwY0
IB20QEmB5ft0cO9gy//wOWuJaRmfAoVHecglMzwk0YmO76L/4ZPAewcrkiYJmW9K
T+QHYV7KOtiCj/cqpTvNT9L3GKpCkwEJv4+9YRkSiniE/BHUGzxA81kzRgGZAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUJDtRTrHDPy1j6xON6+zP0QyiAtUwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYQGCCsGAQUFBwELBHgwdjB0BggrBgEFBQcwC4Zo
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzAzYTNhMmYzMzMwMmQzMzMwMjAzZDNlMjAzODM1
MzgzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB
/wQRMA8wDQQCAAIwBwMFAioEuQAwDQYJKoZIhvcNAQELBQADggEBAHFIhqhlUyUL
c+cTP86bNrajyB6fguK0oeEyL9+cqoCZkzmVJY6ZPJ6Z/vJiOZCWCN+/GDWCbc9v
yHY6V/69AN9drj1n+9kVMdbPcjUZIrwFVvWC0eDFSHTNMQkX1KLS6jGI3Ho8Qins
iPY7zTFS/WHcI+gCVeVwfbtp3unXW3pjYDZBB3EFoE6X6LHr3IsbFyVq54ZI0tau
7jnwTdQxnePwRr3ivBBZ3uPpfRLqh3SriMFxKq4yYU1pmBEX+8zdSKO2NSfEW+xB
X1jn4lMBTXe01oyAEVp6FVdG4cIxoGxUtFW5GWadepD8prO2fBFV6FalijU6PKo3
MHIoISIsHdY=
-----END CERTIFICATE-----
Generated at Wed Jun 4 10:09:54 2025 by rpki-client