Route Origin Authorization
$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3332203d3e2038353837.roa
File: 326130343a623930303a3a2f33302d3332203d3e2038353837.roa (raw, json)
Hash identifier: 0X6DHgcvAIZhL1S7iWw9n32W1I2GuZJRkhwdRW/ZvsA=
Subject key identifier: 2D:91:E5:6C:CE:D9:C7:CD:5D:4C:D8:93:85:E6:48:8F:6B:5E:07:7B
Certificate issuer: /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial: 3ABF5F5AB727B68FE287127ACD594ECD47C1D33B
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3332203d3e2038353837.roa
Signing time: Mon 12 May 2025 14:07:23 +0000
ROA not before: Mon 12 May 2025 14:02:23 +0000
ROA not after: Mon 11 May 2026 14:07:23 +0000
asID: 8587
IP address blocks: 2a04:b900::/30 maxlen: 32
Validation: OK
Signature path: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 05 Jun 2025 00:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3a:bf:5f:5a:b7:27:b6:8f:e2:87:12:7a:cd:59:4e:cd:47:c1:d3:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
Validity
Not Before: May 12 14:02:23 2025 GMT
Not After : May 11 14:07:23 2026 GMT
Subject: CN=2D91E56CCED9C7CD5D4CD89385E6488F6B5E077B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:bb:6b:55:ef:22:e1:36:4a:1d:35:42:3e:0b:
8c:60:71:58:46:47:0e:14:9b:b5:4b:ae:cb:eb:4b:
da:7f:94:e4:f4:87:d3:16:e1:ed:e3:e1:4f:bf:b4:
f3:fa:2a:e6:ba:12:57:99:dc:53:7a:bf:34:c5:12:
a7:68:fd:05:f1:db:be:39:98:c7:bf:d8:56:73:81:
e9:aa:10:ea:db:9f:f8:0b:37:f7:d5:7b:15:f1:6d:
7d:98:df:5e:0c:f3:e3:8d:35:44:a8:0e:f3:ee:8c:
77:2f:6a:a1:c5:37:04:c1:f0:cb:c9:2a:c4:ac:97:
d4:d5:24:b2:e8:9e:56:60:1c:63:66:06:2f:72:b1:
00:e3:ef:e3:08:9a:98:0f:a6:24:75:2b:4f:7b:98:
a3:f2:a4:57:12:ee:0b:ad:42:13:08:68:4b:c0:31:
55:59:0d:ff:48:f6:c8:ec:02:ef:95:a5:f6:a8:c0:
4a:76:35:28:60:70:6f:2e:e2:d8:11:af:52:d8:74:
53:31:df:65:bf:2d:4d:7f:e5:88:d9:44:a6:d9:b5:
cf:26:96:5b:bd:bf:b6:fe:69:56:2b:33:4b:42:dd:
c8:cb:a7:e1:ec:c6:1e:68:e9:7f:17:7d:bb:93:2a:
2c:f3:32:45:52:4f:cd:98:74:1a:e6:0e:cf:fe:21:
2f:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:91:E5:6C:CE:D9:C7:CD:5D:4C:D8:93:85:E6:48:8F:6B:5E:07:7B
X509v3 Authority Key Identifier:
keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3332203d3e2038353837.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a04:b900::/30
Signature Algorithm: sha256WithRSAEncryption
4d:fc:7f:40:05:21:28:b5:eb:d9:20:bf:68:03:27:fa:f0:21:
c9:d8:d6:47:2f:96:9d:95:31:64:29:da:8a:71:19:07:e2:e5:
4a:98:55:5e:e8:7b:ce:78:ca:34:23:5f:63:00:b5:77:47:0b:
52:9a:2a:f3:8b:ea:d9:e4:80:d9:fa:f0:cc:da:6b:6a:86:cd:
c3:07:4e:fa:3f:27:cb:3d:4a:60:13:6e:2d:2b:9c:3c:29:2b:
56:b8:ec:eb:43:16:10:05:23:61:d7:9e:eb:9e:4e:4c:81:83:
3a:01:41:b0:91:3b:f4:09:aa:91:10:07:7b:4d:c8:f5:9b:94:
15:7b:c9:60:31:79:3e:09:94:67:14:03:ba:dc:90:f0:a9:4e:
3d:1f:71:b7:1c:87:f9:6c:e6:cf:30:8f:38:58:26:14:f6:44:
a6:81:34:29:5c:52:50:da:47:57:1c:cf:25:e9:d5:b9:3e:99:
73:4f:c4:b4:72:bf:17:37:09:7e:2f:a8:7d:af:ee:b5:95:12:
b1:b6:e9:1e:a6:aa:e3:4a:2a:c8:b9:79:6c:dd:71:61:ad:45:
2e:68:7c:c6:af:1e:bd:14:31:2c:69:88:f5:6e:84:31:6e:b4:
91:83:54:55:0a:da:33:92:c3:f8:9d:e8:38:59:74:33:e1:a9:
0f:13:eb:a8
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUOr9fWrcnto/ihxJ6zVlOzUfB0zswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjNaFw0yNjA1MTExNDA3MjNaMDMxMTAvBgNV
BAMTKDJEOTFFNTZDQ0VEOUM3Q0Q1RDRDRDg5Mzg1RTY0ODhGNkI1RTA3N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvu2tV7yLhNkodNUI+C4xgcVhG
Rw4Um7VLrsvrS9p/lOT0h9MW4e3j4U+/tPP6Kua6EleZ3FN6vzTFEqdo/QXx2745
mMe/2FZzgemqEOrbn/gLN/fVexXxbX2Y314M8+ONNUSoDvPujHcvaqHFNwTB8MvJ
KsSsl9TVJLLonlZgHGNmBi9ysQDj7+MImpgPpiR1K097mKPypFcS7gutQhMIaEvA
MVVZDf9I9sjsAu+VpfaowEp2NShgcG8u4tgRr1LYdFMx32W/LU1/5YjZRKbZtc8m
llu9v7b+aVYrM0tC3cjLp+Hsxh5o6X8XfbuTKizzMkVST82YdBrmDs/+IS/hAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQULZHlbM7Zx81dTNiTheZIj2teB3swHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYQGCCsGAQUFBwELBHgwdjB0BggrBgEFBQcwC4Zo
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzAzYTNhMmYzMzMwMmQzMzMyMjAzZDNlMjAzODM1
MzgzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB
/wQRMA8wDQQCAAIwBwMFAioEuQAwDQYJKoZIhvcNAQELBQADggEBAE38f0AFISi1
69kgv2gDJ/rwIcnY1kcvlp2VMWQp2opxGQfi5UqYVV7oe854yjQjX2MAtXdHC1Ka
KvOL6tnkgNn68Mzaa2qGzcMHTvo/J8s9SmATbi0rnDwpK1a47OtDFhAFI2HXnuue
TkyBgzoBQbCRO/QJqpEQB3tNyPWblBV7yWAxeT4JlGcUA7rckPCpTj0fcbcch/ls
5s8wjzhYJhT2RKaBNClcUlDaR1cczyXp1bk+mXNPxLRyvxc3CX4vqH2v7rWVErG2
6R6mquNKKsi5eWzdcWGtRS5ofMavHr0UMSxpiPVuhDFutJGDVFUK2jOSw/id6DhZ
dDPhqQ8T66g=
-----END CERTIFICATE-----
Generated at Wed Jun 4 10:10:03 2025 by rpki-client