Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa
File:                     326130343a623930343a3a2f34382d3438203d3e20323131333231.roa (raw, json)
Hash identifier:          PyYnfMwZZjBynv89/LlY/K0aQ9UlxMYoLmzx/yfbs2w=
Subject key identifier:   47:C7:2B:0A:30:C7:A1:F3:53:D0:83:9F:9B:07:75:CE:38:38:1A:9D
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       68BB1B91D7069EB5084246907377DCA351F0CABC
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa
Signing time:             Mon 12 May 2025 14:07:24 +0000
ROA not before:           Mon 12 May 2025 14:02:24 +0000
ROA not after:            Mon 11 May 2026 14:07:24 +0000
asID:                     211321
IP address blocks:        2a04:b904::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:bb:1b:91:d7:06:9e:b5:08:42:46:90:73:77:dc:a3:51:f0:ca:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: May 12 14:02:24 2025 GMT
            Not After : May 11 14:07:24 2026 GMT
        Subject: CN=47C72B0A30C7A1F353D0839F9B0775CE38381A9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:be:e3:a7:b0:6e:be:4f:40:bd:c8:03:ee:e0:
                    3c:5e:78:ef:b3:2d:96:f9:1a:9e:73:75:3e:74:f2:
                    50:27:47:01:4e:3e:4e:5d:de:f8:a6:77:1c:56:6a:
                    e0:71:68:e4:67:e6:82:c0:04:ff:2b:f1:5d:01:3e:
                    d7:38:84:a5:f5:94:6c:83:b0:6e:19:2f:75:c2:f6:
                    46:fa:31:4b:24:5b:a1:b9:72:ad:7a:6f:62:7e:16:
                    d7:8a:d6:7a:99:c7:19:bc:23:fc:96:ed:69:43:12:
                    2f:f5:4f:c5:c5:0c:c9:fa:64:c4:77:c1:a3:9b:e2:
                    ce:79:24:90:2b:f0:39:9d:af:74:b1:54:7d:f7:2d:
                    e3:55:86:c8:24:a2:96:6a:f0:bc:4a:02:47:8a:ba:
                    e5:6f:6c:73:aa:d6:36:cd:d3:98:07:67:2b:79:b1:
                    8b:ad:d9:fc:dc:17:76:ea:3e:0f:72:d3:2f:c8:06:
                    a4:d0:f0:f0:fb:83:5a:d5:99:a6:6d:97:99:36:88:
                    23:42:52:e2:d5:f6:f3:c9:b1:28:63:40:f6:fe:df:
                    15:37:70:25:6a:0a:6f:10:a9:ee:d9:93:ce:f5:72:
                    1e:1a:1e:f1:55:c3:17:85:ba:a3:2e:dd:5a:d9:9f:
                    57:3b:d2:bc:65:95:93:41:8a:f1:34:f0:a8:98:b7:
                    58:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C7:2B:0A:30:C7:A1:F3:53:D0:83:9F:9B:07:75:CE:38:38:1A:9D
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b904::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:bb:fd:9f:f5:f7:08:20:31:66:40:82:1b:54:44:f8:d6:df:
         e4:3c:0b:d0:34:bc:cb:78:e4:a8:25:93:b9:78:b8:88:7f:f5:
         74:4d:8b:11:df:81:04:67:57:c4:e4:16:7c:d5:98:08:42:4a:
         57:38:84:64:32:43:b9:c0:60:ef:4a:98:da:76:16:92:88:48:
         aa:62:2f:0f:c3:66:ac:a7:1e:c1:b6:dd:2a:d9:b3:bb:92:0c:
         bc:69:13:5a:5e:42:8d:a9:ed:c1:fc:b2:08:3d:d8:5f:5b:08:
         e6:4f:60:48:ba:ad:da:85:63:43:6e:68:39:7f:13:c4:47:69:
         c7:3c:e0:a9:ac:18:26:ed:c1:47:78:0f:d8:0c:29:64:dc:9b:
         a6:cb:63:f2:e7:b3:93:77:3a:f7:17:6a:7c:7d:71:d1:67:ce:
         84:da:68:96:da:ff:8e:13:d2:3a:34:65:dd:75:6f:94:ce:d7:
         d1:2e:4c:c5:c8:5d:79:b6:94:2a:a2:63:27:18:ec:ac:7e:d0:
         14:bf:00:25:b4:e2:d0:62:62:2b:ce:50:3d:dc:ef:e0:8d:f4:
         a4:b3:dc:7d:67:93:66:31:a1:67:b7:f5:c7:77:58:a0:b7:0e:
         f7:60:6e:37:74:b3:85:7e:40:57:e8:36:53:89:e1:28:5f:b9:
         20:0b:08:74
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgIUaLsbkdcGnrUIQkaQc3fco1HwyrwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjRaFw0yNjA1MTExNDA3MjRaMDMxMTAvBgNV
BAMTKDQ3QzcyQjBBMzBDN0ExRjM1M0QwODM5RjlCMDc3NUNFMzgzODFBOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNvuOnsG6+T0C9yAPu4DxeeO+z
LZb5Gp5zdT508lAnRwFOPk5d3vimdxxWauBxaORn5oLABP8r8V0BPtc4hKX1lGyD
sG4ZL3XC9kb6MUskW6G5cq16b2J+FteK1nqZxxm8I/yW7WlDEi/1T8XFDMn6ZMR3
waOb4s55JJAr8Dmdr3SxVH33LeNVhsgkopZq8LxKAkeKuuVvbHOq1jbN05gHZyt5
sYut2fzcF3bqPg9y0y/IBqTQ8PD7g1rVmaZtl5k2iCNCUuLV9vPJsShjQPb+3xU3
cCVqCm8Qqe7Zk871ch4aHvFVwxeFuqMu3VrZn1c70rxllZNBivE08KiYt1gFAgMB
AAGjggH0MIIB8DAdBgNVHQ4EFgQUR8crCjDHofNT0IOfmwd1zjg4Gp0wHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYgGCCsGAQUFBwELBHwwejB4BggrBgEFBQcwC4Zs
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzQzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMjMx
MzEzMzMyMzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUH
AQcBAf8EEzARMA8EAgACMAkDBwAqBLkEAAAwDQYJKoZIhvcNAQELBQADggEBAC67
/Z/19wggMWZAghtURPjW3+Q8C9A0vMt45Kglk7l4uIh/9XRNixHfgQRnV8TkFnzV
mAhCSlc4hGQyQ7nAYO9KmNp2FpKISKpiLw/DZqynHsG23SrZs7uSDLxpE1peQo2p
7cH8sgg92F9bCOZPYEi6rdqFY0NuaDl/E8RHacc84KmsGCbtwUd4D9gMKWTcm6bL
Y/Lns5N3OvcXanx9cdFnzoTaaJba/44T0jo0Zd11b5TO19EuTMXIXXm2lCqiYycY
7Kx+0BS/ACW04tBiYivOUD3c7+CN9KSz3H1nk2YxoWe39cd3WKC3Dvdgbjd0s4V+
QFfoNlOJ4ShfuSALCHQ=
-----END CERTIFICATE-----