Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203136353039.roa
File:                     326130343a623930323a3a2f33322d3332203d3e203136353039.roa (raw, json)
Hash identifier:          BtzWot/6Bw3wLqoZEXk0+lvLP3VLGRLwtRFU2e5GCGA=
Subject key identifier:   21:FF:4B:8E:86:D0:C5:A6:12:88:89:FE:FB:FB:3C:E4:77:A8:87:DE
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       21F9FE5FB1D24D62BF4002826B65A106F39683B0
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203136353039.roa
Signing time:             Mon 10 Jun 2024 13:29:12 +0000
ROA not before:           Mon 10 Jun 2024 13:24:12 +0000
ROA not after:            Mon 09 Jun 2025 13:29:12 +0000
asID:                     16509
IP address blocks:        2a04:b902::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:f9:fe:5f:b1:d2:4d:62:bf:40:02:82:6b:65:a1:06:f3:96:83:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:12 2024 GMT
            Not After : Jun  9 13:29:12 2025 GMT
        Subject: CN=21FF4B8E86D0C5A6128889FEFBFB3CE477A887DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:62:1b:57:38:8b:57:f4:b9:23:5a:0e:13:52:
                    aa:93:7e:38:e0:97:50:6e:5a:99:50:26:9e:6b:75:
                    f4:bd:f9:a7:48:d7:17:d1:a7:5c:9d:25:91:05:8c:
                    15:d7:a6:eb:cb:5f:ea:a0:89:df:18:20:60:90:e0:
                    aa:96:fd:6f:56:38:77:ba:a2:28:51:73:e8:f0:7d:
                    87:48:49:2a:e3:7b:d6:8c:db:af:c6:2c:f3:e7:33:
                    30:c4:99:d2:06:75:5d:da:42:ad:02:88:de:0b:6d:
                    af:af:1c:1d:bb:43:89:ea:a5:5b:f9:c2:35:c2:80:
                    a0:92:b3:6f:f2:d5:b3:43:1d:61:02:51:8e:b2:79:
                    93:d6:61:e1:4f:4c:75:7d:b1:5b:d4:b3:18:13:cc:
                    71:2c:59:58:e2:03:54:42:4c:b0:40:c2:de:42:3f:
                    1d:20:2d:e2:2a:5e:74:99:8f:f1:83:5f:02:d2:e3:
                    d2:3c:1f:c1:b7:e7:d6:96:90:25:fb:1c:21:45:bb:
                    54:8d:9f:a6:cd:ea:9b:f9:51:b8:ba:73:26:b4:d4:
                    0b:f7:70:92:be:0d:f7:18:39:68:9b:45:c0:4b:c2:
                    2e:87:90:98:2a:27:32:1b:f3:c5:b8:a3:60:e7:91:
                    04:44:1a:f2:71:ab:2d:03:5f:1a:32:e3:82:d7:e9:
                    6c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:FF:4B:8E:86:D0:C5:A6:12:88:89:FE:FB:FB:3C:E4:77:A8:87:DE
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f33322d3332203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b902::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:f5:72:b2:cb:ff:c4:38:9c:a3:f7:cb:37:2d:99:90:ae:73:
         b0:e8:80:b2:cb:ef:6b:6a:07:9d:ef:58:7a:e7:24:14:e4:e7:
         9b:6f:57:6f:64:0b:ba:7a:6c:3d:93:87:37:d1:aa:3a:5e:c3:
         44:df:71:f0:92:e4:a1:5a:38:e8:00:c5:86:7a:59:07:13:e9:
         6e:a0:06:85:73:32:f4:0d:9b:19:a4:de:8f:a7:3f:68:1e:ca:
         a5:28:a8:18:73:f6:f6:ee:8a:64:4c:72:92:0c:de:06:7f:ec:
         bc:d2:1a:5f:b1:46:78:5f:5e:c2:00:87:dc:ef:c2:94:dd:b8:
         c7:6d:fc:79:df:16:d0:07:70:08:69:1a:6f:10:f4:3c:74:53:
         20:31:c1:84:7d:aa:2c:a6:7a:b5:05:ee:f1:0f:70:fe:40:2b:
         8a:05:d1:de:bc:f2:b9:b8:50:ad:3d:3e:0c:e4:bc:64:c5:60:
         af:9a:26:d5:ee:77:14:f0:f6:da:08:5e:35:dc:39:19:81:6b:
         0e:fd:a6:c4:ca:2e:49:7f:53:6a:ee:7c:76:ea:02:36:de:a2:
         fa:c8:ba:26:13:fd:9d:8b:5e:fe:5c:7d:cb:9b:89:e4:6e:3b:
         c6:dd:d3:e2:ed:18:39:a9:aa:89:80:a6:f2:a9:e3:b3:0a:59:
         36:6f:de:79
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUIfn+X7HSTWK/QAKCa2WhBvOWg7AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTJaFw0yNTA2MDkxMzI5MTJaMDMxMTAvBgNV
BAMTKDIxRkY0QjhFODZEMEM1QTYxMjg4ODlGRUZCRkIzQ0U0NzdBODg3REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCYhtXOItX9LkjWg4TUqqTfjjg
l1BuWplQJp5rdfS9+adI1xfRp1ydJZEFjBXXpuvLX+qgid8YIGCQ4KqW/W9WOHe6
oihRc+jwfYdISSrje9aM26/GLPPnMzDEmdIGdV3aQq0CiN4Lba+vHB27Q4nqpVv5
wjXCgKCSs2/y1bNDHWECUY6yeZPWYeFPTHV9sVvUsxgTzHEsWVjiA1RCTLBAwt5C
Px0gLeIqXnSZj/GDXwLS49I8H8G359aWkCX7HCFFu1SNn6bN6pv5Ubi6cya01Av3
cJK+DfcYOWibRcBLwi6HkJgqJzIb88W4o2DnkQREGvJxqy0DXxoy44LX6WyVAgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQUIf9LjobQxaYSiIn++/s85Heoh94wHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYYGCCsGAQUFBwELBHoweDB2BggrBgEFBQcwC4Zq
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzIzYTNhMmYzMzMyMmQzMzMyMjAzZDNlMjAzMTM2
MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEH
AQH/BBEwDzANBAIAAjAHAwUAKgS5AjANBgkqhkiG9w0BAQsFAAOCAQEAKPVyssv/
xDico/fLNy2ZkK5zsOiAssvva2oHne9YeuckFOTnm29Xb2QLunpsPZOHN9GqOl7D
RN9x8JLkoVo46ADFhnpZBxPpbqAGhXMy9A2bGaTej6c/aB7KpSioGHP29u6KZExy
kgzeBn/svNIaX7FGeF9ewgCH3O/ClN24x238ed8W0AdwCGkabxD0PHRTIDHBhH2q
LKZ6tQXu8Q9w/kArigXR3rzyubhQrT0+DOS8ZMVgr5om1e53FPD22gheNdw5GYFr
Dv2mxMouSX9Tau58duoCNt6i+si6JhP9nYte/lx9y5uJ5G47xt3T4u0YOamqiYCm
8qnjswpZNm/eeQ==
-----END CERTIFICATE-----