Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa
File:                     326130343a623930303a3a2f33302d3330203d3e2038353837.roa (raw, json)
Hash identifier:          jrS4f5gL+axV2/DGmLCJcZIqy/i7XIWyGkeH42twB/Q=
Subject key identifier:   63:99:19:89:7B:4B:90:2E:FB:3C:28:2B:4B:16:F2:C4:44:5B:EF:EA
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       6A0FD4119D7A5EEA9AB8F29675B68FAF6DC61E5A
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa
Signing time:             Mon 10 Jun 2024 13:29:11 +0000
ROA not before:           Mon 10 Jun 2024 13:24:11 +0000
ROA not after:            Mon 09 Jun 2025 13:29:11 +0000
asID:                     8587
IP address blocks:        2a04:b900::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:0f:d4:11:9d:7a:5e:ea:9a:b8:f2:96:75:b6:8f:af:6d:c6:1e:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:11 2024 GMT
            Not After : Jun  9 13:29:11 2025 GMT
        Subject: CN=639919897B4B902EFB3C282B4B16F2C4445BEFEA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:36:2d:d9:ce:ae:af:a1:3c:69:91:8b:ef:f2:
                    7a:e5:6b:c1:e1:ee:e5:1b:02:00:12:55:be:47:ec:
                    af:34:59:2f:71:cc:14:92:95:8d:b1:ca:18:d3:54:
                    2a:65:1e:aa:3c:9a:53:08:34:3c:07:44:a0:5c:98:
                    c3:8f:4a:f1:8e:9a:d7:25:ea:f1:eb:b7:2b:59:97:
                    f1:69:d8:5d:92:3c:db:05:67:63:38:7c:f8:22:aa:
                    00:a6:3f:27:4a:bb:00:c3:b9:fa:2d:b8:8b:33:3c:
                    71:00:80:01:55:d9:5d:f6:59:c3:ed:a0:e5:41:86:
                    fc:2f:7f:d2:07:f2:5d:51:fb:d3:eb:28:bc:52:48:
                    bd:86:fa:46:40:75:e0:4a:60:49:eb:15:58:5b:97:
                    c4:88:52:99:2a:13:1e:4a:cf:0e:af:db:0b:81:4b:
                    bf:33:9a:b1:da:1f:4f:4f:31:79:41:12:dc:24:4b:
                    d0:4d:fe:1e:cb:f4:1c:85:e4:e9:e1:20:6f:92:77:
                    50:d4:84:56:26:c2:df:50:d6:59:41:33:b7:94:18:
                    d2:f5:1a:d9:8c:86:a2:9b:3c:c7:06:78:98:31:1f:
                    9f:d1:76:d5:51:67:cd:ea:73:3c:e1:a1:8f:da:0a:
                    d0:2b:d5:1a:86:59:06:9f:f6:70:25:8d:04:a9:8d:
                    9a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:99:19:89:7B:4B:90:2E:FB:3C:28:2B:4B:16:F2:C4:44:5B:EF:EA
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b900::/30

    Signature Algorithm: sha256WithRSAEncryption
         8a:8d:94:70:e0:40:63:3f:01:a0:1e:72:0a:24:9e:ba:31:ab:
         5a:04:a2:17:4c:13:03:4e:1a:56:3f:ce:77:21:92:bd:72:77:
         0b:fd:61:39:23:95:3b:94:4f:84:f0:70:7b:c6:2f:70:a4:ec:
         f3:9e:d2:37:3a:80:c0:65:2f:cd:34:9a:14:15:66:40:60:d1:
         23:29:b1:b0:0a:2e:f7:12:8a:43:15:e2:79:91:44:83:f8:28:
         0b:16:eb:ae:5b:fd:7c:a4:e7:39:9d:0b:a2:f7:00:b5:fa:82:
         77:76:42:77:b7:c6:6b:1b:18:1a:01:37:78:16:52:9c:68:81:
         11:2c:88:86:8b:95:84:7f:05:b9:99:df:5f:53:40:31:bf:dd:
         f5:a4:6a:72:ae:ab:ca:ee:41:20:f3:7f:a6:5e:d7:8e:c2:89:
         a6:1d:37:ae:19:b5:a4:fa:9b:d7:07:99:86:76:3d:5c:3f:6e:
         6a:cd:8d:c8:4d:82:03:61:07:5f:78:53:e4:c0:55:ac:5b:e7:
         58:fa:59:bd:62:0d:25:03:3c:09:75:5e:5e:9a:51:2b:ea:0e:
         6e:27:01:7b:d9:fe:2e:01:a3:cc:06:09:16:bc:5d:b6:3c:f0:
         1a:83:d6:33:2e:62:6e:a2:5c:62:e8:2d:f4:d7:54:50:d7:be:
         28:61:34:0a
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUag/UEZ16XuqauPKWdbaPr23GHlowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTFaFw0yNTA2MDkxMzI5MTFaMDMxMTAvBgNV
BAMTKDYzOTkxOTg5N0I0QjkwMkVGQjNDMjgyQjRCMTZGMkM0NDQ1QkVGRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLNi3Zzq6voTxpkYvv8nrla8Hh
7uUbAgASVb5H7K80WS9xzBSSlY2xyhjTVCplHqo8mlMINDwHRKBcmMOPSvGOmtcl
6vHrtytZl/Fp2F2SPNsFZ2M4fPgiqgCmPydKuwDDufotuIszPHEAgAFV2V32WcPt
oOVBhvwvf9IH8l1R+9PrKLxSSL2G+kZAdeBKYEnrFVhbl8SIUpkqEx5Kzw6v2wuB
S78zmrHaH09PMXlBEtwkS9BN/h7L9ByF5OnhIG+Sd1DUhFYmwt9Q1llBM7eUGNL1
GtmMhqKbPMcGeJgxH5/RdtVRZ83qczzhoY/aCtAr1RqGWQaf9nAljQSpjZoTAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUY5kZiXtLkC77PCgrSxbyxERb7+owHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYQGCCsGAQUFBwELBHgwdjB0BggrBgEFBQcwC4Zo
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzAzYTNhMmYzMzMwMmQzMzMwMjAzZDNlMjAzODM1
MzgzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB
/wQRMA8wDQQCAAIwBwMFAioEuQAwDQYJKoZIhvcNAQELBQADggEBAIqNlHDgQGM/
AaAecgoknroxq1oEohdMEwNOGlY/znchkr1ydwv9YTkjlTuUT4TwcHvGL3Ck7POe
0jc6gMBlL800mhQVZkBg0SMpsbAKLvcSikMV4nmRRIP4KAsW665b/Xyk5zmdC6L3
ALX6gnd2Qne3xmsbGBoBN3gWUpxogREsiIaLlYR/BbmZ319TQDG/3fWkanKuq8ru
QSDzf6Ze147CiaYdN64ZtaT6m9cHmYZ2PVw/bmrNjchNggNhB194U+TAVaxb51j6
Wb1iDSUDPAl1Xl6aUSvqDm4nAXvZ/i4Bo8wGCRa8XbY88BqD1jMuYm6iXGLoLfTX
VFDXvihhNAo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:44:42 2024 by rpki-client on console-fra.rpki-client.org