Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f34382d3438203d3e20323131333231.roa
File:                     326130343a623930323a3a2f34382d3438203d3e20323131333231.roa (raw, json)
Hash identifier:          Yzc/4D7Q3iiVMpceJ0SReQghPqerbs5PTmpM0kDQva4=
Subject key identifier:   2A:FF:D0:42:32:CF:47:21:2E:26:1B:2C:86:93:52:1D:0B:4B:16:D4
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       63932C77730E2F994E0968A8B0D88D69F20C9458
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f34382d3438203d3e20323131333231.roa
Signing time:             Mon 12 May 2025 14:07:23 +0000
ROA not before:           Mon 12 May 2025 14:02:23 +0000
ROA not after:            Mon 11 May 2026 14:07:23 +0000
asID:                     211321
IP address blocks:        2a04:b902::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:93:2c:77:73:0e:2f:99:4e:09:68:a8:b0:d8:8d:69:f2:0c:94:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: May 12 14:02:23 2025 GMT
            Not After : May 11 14:07:23 2026 GMT
        Subject: CN=2AFFD04232CF47212E261B2C8693521D0B4B16D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:e2:5d:63:f1:8c:e3:73:82:39:60:50:da:d9:
                    fd:e5:a5:2b:62:f8:c7:6a:34:d7:77:35:6d:b4:26:
                    9b:1d:18:3d:7b:a8:85:cd:3c:70:16:93:e0:58:6f:
                    54:86:ab:a3:10:38:24:1a:3c:f6:d9:fe:4f:5b:5b:
                    24:8a:1a:5f:8a:08:ef:37:fd:22:60:c4:cf:11:2e:
                    0a:c2:c1:69:c0:3b:32:d7:cb:a7:83:f6:70:78:e5:
                    87:f4:f3:1a:06:bf:96:25:53:f1:0c:84:2d:d0:55:
                    1d:f5:eb:2c:59:7a:d1:f1:34:26:02:89:bf:7d:e5:
                    33:bb:b7:e1:51:8a:2d:86:81:c6:af:83:04:22:86:
                    1d:9b:3a:72:e5:6e:b2:61:a2:68:24:37:a3:d1:09:
                    4b:e5:09:95:4c:ae:c3:5c:77:7a:ff:4e:ed:ce:f3:
                    a2:88:65:30:34:11:2d:36:b9:3d:00:50:0c:e8:66:
                    13:f5:9a:7d:5d:7c:c1:88:af:73:45:c5:56:36:d2:
                    68:0c:63:a8:28:39:2f:ea:77:0e:40:d2:e7:e1:99:
                    6c:68:5c:58:fb:fb:c0:4b:c7:dd:a7:60:8f:fa:33:
                    82:5f:4c:fb:3b:ff:e0:84:8d:1f:48:87:ad:ab:10:
                    d5:44:00:2d:2f:9d:0a:ff:62:30:19:d8:09:b0:a4:
                    9b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:FF:D0:42:32:CF:47:21:2E:26:1B:2C:86:93:52:1D:0B:4B:16:D4
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f34382d3438203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b902::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:0f:35:4e:82:63:ef:18:a6:d1:f0:73:ca:6a:b3:9a:19:c5:
         5b:f3:1d:e7:60:7b:48:78:34:0b:ea:17:33:f8:a2:1d:6e:44:
         b7:2c:a7:a4:aa:6b:dd:d6:f3:44:65:95:f5:b0:9a:10:3b:ea:
         4f:51:a8:fc:ec:77:ec:5e:62:e1:1a:61:13:a9:26:b9:25:3f:
         d1:e1:68:d9:0c:41:65:4d:9e:c9:c6:01:3f:2e:c5:f5:03:2a:
         2b:c4:a6:d2:65:9d:fa:df:eb:84:28:2a:b6:91:63:fe:60:e7:
         22:fa:44:9f:54:fe:28:06:00:83:cd:fd:ac:52:c5:52:ff:2f:
         e7:fc:7d:b6:59:ed:00:4f:83:5e:83:e8:7a:4f:3b:36:63:8c:
         cb:96:bb:6b:62:24:99:27:5c:f4:bd:7f:f1:ed:e3:20:a5:69:
         83:a7:1c:b0:6f:d0:b3:55:c4:8e:f5:82:d7:ee:16:e8:36:cf:
         a2:e1:03:5c:ba:d4:f1:6b:49:b8:10:ed:aa:33:fa:ff:5f:3c:
         86:b9:36:f4:32:f2:45:fd:a8:70:1f:b3:46:78:99:4e:0a:65:
         98:ba:47:cc:18:c6:20:f7:3f:52:4d:67:50:b7:ee:b1:12:0a:
         38:14:a1:3f:5f:d7:d4:78:6b:cc:cb:35:a5:24:be:b2:bf:e6:
         ee:a8:c5:b7
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgIUY5Msd3MOL5lOCWiosNiNafIMlFgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjNaFw0yNjA1MTExNDA3MjNaMDMxMTAvBgNV
BAMTKDJBRkZEMDQyMzJDRjQ3MjEyRTI2MUIyQzg2OTM1MjFEMEI0QjE2RDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd4l1j8Yzjc4I5YFDa2f3lpSti
+MdqNNd3NW20JpsdGD17qIXNPHAWk+BYb1SGq6MQOCQaPPbZ/k9bWySKGl+KCO83
/SJgxM8RLgrCwWnAOzLXy6eD9nB45Yf08xoGv5YlU/EMhC3QVR316yxZetHxNCYC
ib995TO7t+FRii2GgcavgwQihh2bOnLlbrJhomgkN6PRCUvlCZVMrsNcd3r/Tu3O
86KIZTA0ES02uT0AUAzoZhP1mn1dfMGIr3NFxVY20mgMY6goOS/qdw5A0ufhmWxo
XFj7+8BLx92nYI/6M4JfTPs7/+CEjR9Ih62rENVEAC0vnQr/YjAZ2AmwpJvDAgMB
AAGjggH0MIIB8DAdBgNVHQ4EFgQUKv/QQjLPRyEuJhsshpNSHQtLFtQwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYgGCCsGAQUFBwELBHwwejB4BggrBgEFBQcwC4Zs
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzIzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMjMx
MzEzMzMyMzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUH
AQcBAf8EEzARMA8EAgACMAkDBwAqBLkCAAAwDQYJKoZIhvcNAQELBQADggEBAB0P
NU6CY+8YptHwc8pqs5oZxVvzHedge0h4NAvqFzP4oh1uRLcsp6Sqa93W80RllfWw
mhA76k9RqPzsd+xeYuEaYROpJrklP9HhaNkMQWVNnsnGAT8uxfUDKivEptJlnfrf
64QoKraRY/5g5yL6RJ9U/igGAIPN/axSxVL/L+f8fbZZ7QBPg16D6HpPOzZjjMuW
u2tiJJknXPS9f/Ht4yClaYOnHLBv0LNVxI71gtfuFug2z6LhA1y61PFrSbgQ7aoz
+v9fPIa5NvQy8kX9qHAfs0Z4mU4KZZi6R8wYxiD3P1JNZ1C37rESCjgUoT9f19R4
a8zLNaUkvrK/5u6oxbc=
-----END CERTIFICATE-----