Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f34382d3438203d3e20323131333231.roa
File:                     326130343a623930323a3a2f34382d3438203d3e20323131333231.roa (raw, json)
Hash identifier:          YvoWbvlov4FjG1b7Qda+fqlVP6ujMhr8m/fEQddsSfE=
Subject key identifier:   70:E3:9D:FB:2E:B4:91:9C:B5:48:01:E8:82:EA:BB:8F:56:2F:2C:9F
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       581A4F5587C5710A1703C99D8701B4FE1940F1F4
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f34382d3438203d3e20323131333231.roa
Signing time:             Mon 10 Jun 2024 13:51:42 +0000
ROA not before:           Mon 10 Jun 2024 13:46:42 +0000
ROA not after:            Mon 09 Jun 2025 13:51:42 +0000
asID:                     211321
IP address blocks:        2a04:b902::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:1a:4f:55:87:c5:71:0a:17:03:c9:9d:87:01:b4:fe:19:40:f1:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:46:42 2024 GMT
            Not After : Jun  9 13:51:42 2025 GMT
        Subject: CN=70E39DFB2EB4919CB54801E882EABB8F562F2C9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b1:4e:c2:77:e3:4c:bc:99:cf:32:8d:68:f3:
                    d5:fc:eb:ec:27:16:9e:a5:a1:01:d9:a6:37:25:a6:
                    f1:36:b1:7e:25:9e:94:3a:43:34:8b:9f:3f:92:ce:
                    3d:db:d2:75:15:c7:7c:ad:c4:46:38:c4:13:53:f1:
                    73:ae:67:16:5b:0f:66:3c:b9:a5:8d:69:5d:66:d4:
                    a1:0d:71:58:47:16:66:97:43:0d:32:3a:69:e5:58:
                    4d:a3:32:60:4b:d6:1a:ab:9d:9c:51:51:87:de:68:
                    9c:47:58:ed:66:24:96:ce:8c:5f:4a:2b:0e:db:d2:
                    0f:2c:22:62:6d:fd:bc:bc:3a:da:fa:01:ae:58:10:
                    30:a0:ee:8c:ed:28:fb:5d:d2:01:7c:a6:cd:b0:a5:
                    35:b0:a5:0e:f5:91:53:7b:fb:21:00:5f:25:99:77:
                    07:02:31:68:bf:55:77:46:bb:ac:92:28:bb:df:03:
                    6d:30:5d:26:a2:f1:db:fe:3a:5d:30:75:89:4e:11:
                    77:68:19:58:d0:e1:50:3b:a1:46:18:54:31:76:f9:
                    a9:df:c7:31:a3:3b:a8:87:3f:89:9c:4d:e0:4a:95:
                    1e:cc:cb:fd:32:a6:a4:29:61:08:17:09:14:97:60:
                    0d:65:58:05:bf:b1:94:6d:20:9a:6a:30:1b:2b:c4:
                    3f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E3:9D:FB:2E:B4:91:9C:B5:48:01:E8:82:EA:BB:8F:56:2F:2C:9F
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f34382d3438203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b902::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:b9:da:a7:d1:3b:0c:a1:df:a1:c0:33:84:50:3b:c2:5e:54:
         24:b6:cd:91:25:62:c7:bd:5b:3b:98:3f:b6:17:9c:b4:aa:03:
         78:39:72:13:6d:7f:66:b6:12:7e:51:7f:b2:6a:fa:f4:bd:94:
         7a:96:04:7e:78:b0:04:c5:e7:aa:28:c6:08:9c:0b:94:ee:a4:
         75:1c:85:2d:95:42:51:60:1c:ea:58:f3:fe:90:17:b3:03:64:
         19:a9:1e:c7:49:3e:1a:bf:02:10:83:ef:c3:1d:43:9e:0b:a6:
         0a:a5:9d:03:6c:38:b5:83:7d:5a:7b:71:5d:38:6e:dc:68:d2:
         38:e9:35:97:79:41:41:7c:0a:ae:f7:4c:a5:76:89:99:a0:14:
         c6:13:e6:bf:fb:b9:17:6e:8f:37:77:3c:78:59:9b:dc:0e:c2:
         1a:25:d9:a9:f4:8a:d1:38:b1:f2:8c:96:98:e8:8b:d8:54:b5:
         ba:8c:9c:bb:26:ef:42:b4:de:c4:e7:fa:b6:86:67:50:48:ac:
         f7:da:db:26:58:79:5a:4d:43:1c:cb:e8:91:54:f4:73:aa:7f:
         cd:3a:bb:6d:24:02:98:fc:c9:0b:87:6f:9f:8c:bf:3a:8c:fa:
         ff:4a:75:58:8e:9c:ee:2a:07:82:4b:b8:58:9e:48:c2:c8:6b:
         68:bd:5e:9e
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgIUWBpPVYfFcQoXA8mdhwG0/hlA8fQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzQ2NDJaFw0yNTA2MDkxMzUxNDJaMDMxMTAvBgNV
BAMTKDcwRTM5REZCMkVCNDkxOUNCNTQ4MDFFODgyRUFCQjhGNTYyRjJDOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPsU7Cd+NMvJnPMo1o89X86+wn
Fp6loQHZpjclpvE2sX4lnpQ6QzSLnz+Szj3b0nUVx3ytxEY4xBNT8XOuZxZbD2Y8
uaWNaV1m1KENcVhHFmaXQw0yOmnlWE2jMmBL1hqrnZxRUYfeaJxHWO1mJJbOjF9K
Kw7b0g8sImJt/by8Otr6Aa5YEDCg7oztKPtd0gF8ps2wpTWwpQ71kVN7+yEAXyWZ
dwcCMWi/VXdGu6ySKLvfA20wXSai8dv+Ol0wdYlOEXdoGVjQ4VA7oUYYVDF2+anf
xzGjO6iHP4mcTeBKlR7My/0ypqQpYQgXCRSXYA1lWAW/sZRtIJpqMBsrxD9jAgMB
AAGjggH0MIIB8DAdBgNVHQ4EFgQUcOOd+y60kZy1SAHoguq7j1YvLJ8wHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYgGCCsGAQUFBwELBHwwejB4BggrBgEFBQcwC4Zs
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzIzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMjMx
MzEzMzMyMzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUH
AQcBAf8EEzARMA8EAgACMAkDBwAqBLkCAAAwDQYJKoZIhvcNAQELBQADggEBAFe5
2qfROwyh36HAM4RQO8JeVCS2zZElYse9WzuYP7YXnLSqA3g5chNtf2a2En5Rf7Jq
+vS9lHqWBH54sATF56ooxgicC5TupHUchS2VQlFgHOpY8/6QF7MDZBmpHsdJPhq/
AhCD78MdQ54LpgqlnQNsOLWDfVp7cV04btxo0jjpNZd5QUF8Cq73TKV2iZmgFMYT
5r/7uRdujzd3PHhZm9wOwhol2an0itE4sfKMlpjoi9hUtbqMnLsm70K03sTn+raG
Z1BIrPfa2yZYeVpNQxzL6JFU9HOqf806u20kApj8yQuHb5+MvzqM+v9KdViOnO4q
B4JLuFieSMLIa2i9Xp4=
-----END CERTIFICATE-----