Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203134363138.roa
File:                     326130343a623930353a3a2f34382d3438203d3e203134363138.roa (raw, json)
Hash identifier:          c9PF1/VNTbs1RsvCicdY1AvxbV5Y9L7Pb6vzIJlImkg=
Subject key identifier:   CE:B6:43:90:C8:7C:CB:13:93:0B:67:4C:85:49:6D:A2:53:DF:F6:90
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       1F3B8B9AD3F831C9470FE532CBF33C5B2D9F4BC3
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203134363138.roa
Signing time:             Mon 10 Jun 2024 13:29:12 +0000
ROA not before:           Mon 10 Jun 2024 13:24:12 +0000
ROA not after:            Mon 09 Jun 2025 13:29:12 +0000
asID:                     14618
IP address blocks:        2a04:b905::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:3b:8b:9a:d3:f8:31:c9:47:0f:e5:32:cb:f3:3c:5b:2d:9f:4b:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:12 2024 GMT
            Not After : Jun  9 13:29:12 2025 GMT
        Subject: CN=CEB64390C87CCB13930B674C85496DA253DFF690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c7:62:d1:db:7d:c6:53:87:86:93:5f:d6:23:
                    2f:68:75:be:4d:1d:0e:1f:4b:4b:1d:53:83:36:53:
                    7a:3e:f5:3f:47:2f:b0:f7:a7:0b:f8:8b:00:e0:c2:
                    42:c4:4f:fa:2f:21:37:85:7c:2f:79:35:fc:a7:dc:
                    15:1b:f5:f4:76:49:fd:0e:59:24:10:61:18:32:30:
                    a2:c4:99:08:15:97:80:8f:1f:aa:bc:2e:7c:02:4a:
                    4f:30:59:a1:cb:44:d3:fd:9c:8d:68:4b:87:36:56:
                    57:02:82:54:63:9d:ec:ae:52:87:30:b8:d0:d2:c0:
                    f6:98:05:62:eb:9e:e4:88:14:fe:84:5e:4c:01:b8:
                    eb:05:07:dd:06:d6:28:61:ff:e1:df:0f:28:ba:29:
                    3f:ad:45:6a:60:3a:1d:fb:9e:2e:08:e3:6f:be:37:
                    fb:af:6f:5a:3c:f8:56:a4:63:89:86:88:2b:fb:3c:
                    40:ad:fb:d7:8b:2d:cf:c4:0e:3a:8b:df:1c:60:d5:
                    c2:0e:1a:05:e5:00:fc:01:33:56:a3:d1:b3:9f:7a:
                    dc:c3:76:ef:bf:38:44:72:5f:53:72:c6:7e:b5:d8:
                    82:29:85:af:54:ec:7e:61:b3:46:c2:06:cc:3e:73:
                    dd:14:48:a0:79:f9:f8:66:3d:f1:f4:e3:65:62:fa:
                    2d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B6:43:90:C8:7C:CB:13:93:0B:67:4C:85:49:6D:A2:53:DF:F6:90
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b905::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:34:60:23:87:f4:21:31:a9:b6:4c:60:6c:73:40:b6:f9:0a:
         de:ea:0c:51:47:a4:8e:e0:3a:71:3d:2e:c4:86:fa:97:a5:28:
         69:66:75:d6:cd:cd:38:93:92:34:1e:5c:d9:50:d9:b1:d7:9b:
         06:cf:a0:4f:b7:a7:bb:15:1d:5b:dc:42:b8:c2:0f:39:c4:6b:
         f8:15:65:01:bc:71:b6:d8:e0:7e:96:9b:75:97:02:ab:9e:3c:
         70:24:e9:fc:41:d1:4a:83:e5:3c:a3:83:51:54:f2:a4:20:ef:
         56:24:ae:44:2d:5e:1b:13:bc:c5:4f:72:d0:f1:c8:c1:58:94:
         11:e3:bf:41:ac:5f:88:ce:8f:e1:89:d7:10:91:36:01:48:21:
         02:31:40:f2:9b:e0:bb:9d:42:34:9b:04:b5:9b:ef:0e:70:e7:
         6b:43:86:f6:3c:9d:17:e9:41:fb:d0:54:cf:96:aa:c8:64:f7:
         08:35:23:96:2c:92:6a:c8:7d:25:fb:18:35:bc:5c:37:78:34:
         48:8a:a9:9e:e7:a7:63:d7:2a:b3:b4:c5:0e:7f:3b:dc:80:7a:
         17:91:db:78:13:7c:20:f5:73:a2:6a:c6:b0:d7:d5:dd:0e:d5:
         25:db:b0:e7:45:d5:b2:4e:f3:91:40:99:50:81:54:7c:b3:cf:
         33:04:02:a3
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUHzuLmtP4MclHD+Uyy/M8Wy2fS8MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTJaFw0yNTA2MDkxMzI5MTJaMDMxMTAvBgNV
BAMTKENFQjY0MzkwQzg3Q0NCMTM5MzBCNjc0Qzg1NDk2REEyNTNERkY2OTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWx2LR233GU4eGk1/WIy9odb5N
HQ4fS0sdU4M2U3o+9T9HL7D3pwv4iwDgwkLET/ovITeFfC95Nfyn3BUb9fR2Sf0O
WSQQYRgyMKLEmQgVl4CPH6q8LnwCSk8wWaHLRNP9nI1oS4c2VlcCglRjneyuUocw
uNDSwPaYBWLrnuSIFP6EXkwBuOsFB90G1ihh/+HfDyi6KT+tRWpgOh37ni4I42++
N/uvb1o8+FakY4mGiCv7PECt+9eLLc/EDjqL3xxg1cIOGgXlAPwBM1aj0bOfetzD
du+/OERyX1Nyxn612IIpha9U7H5hs0bCBsw+c90USKB5+fhmPfH042Vi+i1hAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUzrZDkMh8yxOTC2dMhUltolPf9pAwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYYGCCsGAQUFBwELBHoweDB2BggrBgEFBQcwC4Zq
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzUzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMTM0
MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgS5BQAAMA0GCSqGSIb3DQEBCwUAA4IBAQB0NGAj
h/QhMam2TGBsc0C2+Qre6gxRR6SO4DpxPS7EhvqXpShpZnXWzc04k5I0HlzZUNmx
15sGz6BPt6e7FR1b3EK4wg85xGv4FWUBvHG22OB+lpt1lwKrnjxwJOn8QdFKg+U8
o4NRVPKkIO9WJK5ELV4bE7zFT3LQ8cjBWJQR479BrF+Izo/hidcQkTYBSCECMUDy
m+C7nUI0mwS1m+8OcOdrQ4b2PJ0X6UH70FTPlqrIZPcINSOWLJJqyH0l+xg1vFw3
eDRIiqme56dj1yqztMUOfzvcgHoXkdt4E3wg9XOiasaw19XdDtUl27DnRdWyTvOR
QJlQgVR8s88zBAKj
-----END CERTIFICATE-----