Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa
File:                     326130343a623930343a3a2f34382d3438203d3e20323131333231.roa (raw, json)
Hash identifier:          ZYlzB3SOQwN3wrzewJr0kwZ/HRFdFo8jxmqTLeyxEAo=
Subject key identifier:   89:D5:40:48:BE:74:B4:8F:76:BE:1F:75:74:7C:E9:3D:15:F6:D0:A2
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       15F3E1E00E9A167A64B4290B82E1899A6C06493A
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa
Signing time:             Mon 10 Jun 2024 13:29:12 +0000
ROA not before:           Mon 10 Jun 2024 13:24:12 +0000
ROA not after:            Mon 09 Jun 2025 13:29:12 +0000
asID:                     211321
IP address blocks:        2a04:b904::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:f3:e1:e0:0e:9a:16:7a:64:b4:29:0b:82:e1:89:9a:6c:06:49:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:12 2024 GMT
            Not After : Jun  9 13:29:12 2025 GMT
        Subject: CN=89D54048BE74B48F76BE1F75747CE93D15F6D0A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f5:52:97:08:19:e0:26:1a:d3:c9:04:93:af:
                    7a:34:69:f0:16:6f:29:00:c5:8f:f3:4d:8a:80:f8:
                    5f:73:81:22:c6:7e:ca:73:c4:d6:cd:28:e3:a0:95:
                    4c:a5:3e:4a:bb:cc:b4:35:57:b4:c4:2e:c3:cf:74:
                    f6:ef:69:f7:95:29:32:0e:c0:b4:f0:8d:31:e2:53:
                    3e:89:25:5d:90:bd:03:ac:4e:b8:4e:3a:fb:b0:9a:
                    3f:fb:15:27:0d:f0:a6:e5:9b:81:c5:48:45:ae:7e:
                    e5:8f:a9:92:c4:93:eb:81:d9:21:4b:d5:2d:12:00:
                    ed:ec:92:29:fc:63:b2:38:d3:02:a5:6a:c6:50:29:
                    4f:52:e5:f3:0e:f8:21:94:00:21:d4:5b:0d:35:9c:
                    77:26:d9:83:70:76:15:40:51:bc:80:7d:64:05:45:
                    5a:ec:14:94:f0:7a:35:d0:93:aa:5f:61:e0:ae:35:
                    7f:49:d7:9a:e9:61:28:b7:f2:61:54:9d:0b:5e:9a:
                    bd:a4:da:df:0d:e3:5d:c2:66:fa:96:df:5f:75:c6:
                    f0:9e:9e:26:97:6d:ab:5e:48:2a:2f:79:9d:84:a5:
                    70:b5:58:d2:e8:ff:09:44:0d:6d:d8:d6:1a:72:3a:
                    d7:58:17:52:dc:a2:84:bc:7c:33:b9:a9:46:81:10:
                    64:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:D5:40:48:BE:74:B4:8F:76:BE:1F:75:74:7C:E9:3D:15:F6:D0:A2
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b904::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:62:9b:4c:41:9a:8b:79:17:d8:f6:8e:23:29:3d:9b:da:f9:
         44:a5:fd:c9:5c:39:91:67:c0:85:fc:15:c1:33:9a:68:03:a1:
         1f:c6:fd:d8:a8:94:28:2e:cf:9b:09:a5:8a:65:f6:f5:bc:37:
         01:d8:c4:37:0c:bc:26:8c:a2:c4:e1:6c:20:b5:32:77:00:90:
         07:ee:c5:3a:1c:c2:0b:4e:a2:04:e4:aa:9e:ca:f4:89:5b:71:
         e8:6d:84:13:83:34:6e:de:d5:93:cb:03:dd:6c:ed:f1:5a:ec:
         6e:3c:45:a1:2f:35:ce:58:18:9e:70:7c:75:4b:bf:ff:60:93:
         06:00:63:2c:1d:7b:02:17:c0:76:7f:20:a5:9a:cf:56:98:6b:
         f0:66:12:7b:53:e2:8b:39:a7:13:7d:eb:49:f7:96:59:b7:51:
         41:43:46:2a:1a:b4:c5:5b:ca:ba:af:64:ea:44:39:2e:37:0b:
         69:c8:50:85:b4:e4:82:7b:7b:3b:23:4c:d9:46:48:40:04:29:
         0f:f8:59:35:1e:05:6e:cd:9b:13:b6:6d:49:75:34:77:7d:93:
         83:9b:33:fc:97:36:5a:ce:91:5a:a6:f1:bd:f7:8b:2c:b6:f0:
         14:95:ab:8a:8f:4e:a1:6f:31:5f:35:3d:ed:8b:28:62:38:4f:
         7a:d3:4a:b2
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgIUFfPh4A6aFnpktCkLguGJmmwGSTowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTJaFw0yNTA2MDkxMzI5MTJaMDMxMTAvBgNV
BAMTKDg5RDU0MDQ4QkU3NEI0OEY3NkJFMUY3NTc0N0NFOTNEMTVGNkQwQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ9VKXCBngJhrTyQSTr3o0afAW
bykAxY/zTYqA+F9zgSLGfspzxNbNKOOglUylPkq7zLQ1V7TELsPPdPbvafeVKTIO
wLTwjTHiUz6JJV2QvQOsTrhOOvuwmj/7FScN8Kblm4HFSEWufuWPqZLEk+uB2SFL
1S0SAO3skin8Y7I40wKlasZQKU9S5fMO+CGUACHUWw01nHcm2YNwdhVAUbyAfWQF
RVrsFJTwejXQk6pfYeCuNX9J15rpYSi38mFUnQtemr2k2t8N413CZvqW3191xvCe
niaXbateSCoveZ2EpXC1WNLo/wlEDW3Y1hpyOtdYF1LcooS8fDO5qUaBEGRfAgMB
AAGjggH0MIIB8DAdBgNVHQ4EFgQUidVASL50tI92vh91dHzpPRX20KIwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYgGCCsGAQUFBwELBHwwejB4BggrBgEFBQcwC4Zs
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzQzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMjMx
MzEzMzMyMzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUH
AQcBAf8EEzARMA8EAgACMAkDBwAqBLkEAAAwDQYJKoZIhvcNAQELBQADggEBAAli
m0xBmot5F9j2jiMpPZva+USl/clcOZFnwIX8FcEzmmgDoR/G/diolCguz5sJpYpl
9vW8NwHYxDcMvCaMosThbCC1MncAkAfuxTocwgtOogTkqp7K9IlbcehthBODNG7e
1ZPLA91s7fFa7G48RaEvNc5YGJ5wfHVLv/9gkwYAYywdewIXwHZ/IKWaz1aYa/Bm
EntT4os5pxN960n3llm3UUFDRioatMVbyrqvZOpEOS43C2nIUIW05IJ7ezsjTNlG
SEAEKQ/4WTUeBW7NmxO2bUl1NHd9k4ObM/yXNlrOkVqm8b33iyy28BSVq4qPTqFv
MV81Pe2LKGI4T3rTSrI=
-----END CERTIFICATE-----