Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa
File:                     326130343a623930353a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          B0MsruuFMEAhMjk5c7pq7kRL1RXPmsLLWMxvykRicM4=
Subject key identifier:   85:F8:85:8B:FC:E6:5B:A6:29:2B:B0:72:4B:C0:CD:01:55:0D:1F:69
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       3A684AC6D8D8743C99DBAF79FBECEC4E5B234C3E
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa
Signing time:             Mon 10 Jun 2024 13:29:11 +0000
ROA not before:           Mon 10 Jun 2024 13:24:11 +0000
ROA not after:            Mon 09 Jun 2025 13:29:11 +0000
asID:                     16509
IP address blocks:        2a04:b905::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:68:4a:c6:d8:d8:74:3c:99:db:af:79:fb:ec:ec:4e:5b:23:4c:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:11 2024 GMT
            Not After : Jun  9 13:29:11 2025 GMT
        Subject: CN=85F8858BFCE65BA6292BB0724BC0CD01550D1F69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:cc:27:8a:91:d4:4c:e3:df:7a:5c:3a:f8:37:
                    3c:16:d5:d7:30:e8:57:5e:32:08:5f:e5:d3:de:a9:
                    a0:62:e3:47:e3:70:36:3c:51:2c:c3:61:8c:85:5e:
                    9a:0e:28:06:44:3b:9c:6b:f6:96:7c:27:67:ee:ea:
                    23:0d:6f:33:82:a8:ed:c8:5e:58:83:c8:5e:f2:a6:
                    7b:0e:3e:14:90:5b:11:ca:1d:50:a1:53:ea:2d:5a:
                    bf:3f:85:37:cf:6d:1a:46:f7:0c:cc:01:9d:21:f8:
                    7f:f9:e9:ee:af:c2:c5:c1:b6:64:08:fa:f2:c9:33:
                    e5:95:f4:f3:f2:99:25:08:51:41:26:49:2a:fa:88:
                    ef:f4:86:8d:fd:b2:14:4d:69:ae:1b:35:3f:47:5d:
                    c8:ba:79:ab:36:22:c1:a0:73:0b:53:8a:d4:1c:39:
                    9d:de:b4:67:db:71:32:dd:71:6b:8a:97:49:e0:1a:
                    f3:00:46:15:39:60:44:8e:26:36:58:21:85:c9:9d:
                    7f:dc:c7:53:39:3f:b9:a7:bf:e6:7a:de:a4:cd:7e:
                    dc:a1:d0:78:20:af:34:a3:96:e2:78:70:4f:7c:83:
                    ff:e1:b8:50:85:a1:98:aa:d3:27:cd:d5:5f:45:f2:
                    4e:f7:ed:d9:89:6a:0a:06:d9:b1:0f:66:d4:9b:dc:
                    bd:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:F8:85:8B:FC:E6:5B:A6:29:2B:B0:72:4B:C0:CD:01:55:0D:1F:69
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b905::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:cf:4a:06:f5:fc:d5:a5:0e:91:c0:0d:87:02:57:09:ac:15:
         b3:64:08:f0:a4:0d:00:69:dd:2e:bb:89:46:33:d3:97:18:c0:
         57:85:c3:d4:44:44:f4:59:75:a6:45:c3:4a:e2:a8:0b:92:03:
         71:f5:d9:44:6e:81:7e:08:01:b1:04:cf:c6:cd:e2:53:62:98:
         0c:4c:8f:59:ad:f6:aa:f9:9a:99:16:47:c0:b8:18:18:f6:9e:
         b4:78:ee:4f:14:c4:57:5b:bf:c6:08:0b:f5:c6:64:81:ef:3a:
         2b:ff:ca:72:6c:c1:05:24:23:11:db:6a:14:8d:a6:41:1b:46:
         16:eb:64:fa:fb:5d:91:08:a3:20:cd:9b:2b:bd:34:b8:66:d7:
         75:a7:00:14:ca:4a:c9:1a:8f:bb:36:d7:73:97:6b:23:eb:cb:
         d9:b9:17:d7:ad:50:8b:35:57:44:4b:44:17:55:33:86:05:21:
         62:f4:5a:7a:9d:b8:78:f3:74:19:70:36:65:65:58:ad:dc:17:
         a6:0e:15:b2:7a:7f:a7:78:c5:00:5b:59:08:e8:3e:ab:fb:37:
         30:3e:61:8b:df:e6:ec:e7:9b:af:f8:67:14:cf:1c:ff:36:3c:
         4d:82:3e:fc:7d:e8:83:48:fa:ad:6c:33:66:e6:f5:62:2a:5b:
         97:e3:8a:27
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUOmhKxtjYdDyZ2695++zsTlsjTD4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTFaFw0yNTA2MDkxMzI5MTFaMDMxMTAvBgNV
BAMTKDg1Rjg4NThCRkNFNjVCQTYyOTJCQjA3MjRCQzBDRDAxNTUwRDFGNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnzCeKkdRM4996XDr4NzwW1dcw
6FdeMghf5dPeqaBi40fjcDY8USzDYYyFXpoOKAZEO5xr9pZ8J2fu6iMNbzOCqO3I
XliDyF7ypnsOPhSQWxHKHVChU+otWr8/hTfPbRpG9wzMAZ0h+H/56e6vwsXBtmQI
+vLJM+WV9PPymSUIUUEmSSr6iO/0ho39shRNaa4bNT9HXci6eas2IsGgcwtTitQc
OZ3etGfbcTLdcWuKl0ngGvMARhU5YESOJjZYIYXJnX/cx1M5P7mnv+Z63qTNftyh
0HggrzSjluJ4cE98g//huFCFoZiq0yfN1V9F8k737dmJagoG2bEPZtSb3L2jAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUhfiFi/zmW6YpK7ByS8DNAVUNH2kwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYYGCCsGAQUFBwELBHoweDB2BggrBgEFBQcwC4Zq
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzUzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMTM2
MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgS5BQAAMA0GCSqGSIb3DQEBCwUAA4IBAQB5z0oG
9fzVpQ6RwA2HAlcJrBWzZAjwpA0Aad0uu4lGM9OXGMBXhcPURET0WXWmRcNK4qgL
kgNx9dlEboF+CAGxBM/GzeJTYpgMTI9Zrfaq+ZqZFkfAuBgY9p60eO5PFMRXW7/G
CAv1xmSB7zor/8pybMEFJCMR22oUjaZBG0YW62T6+12RCKMgzZsrvTS4Ztd1pwAU
ykrJGo+7Ntdzl2sj68vZuRfXrVCLNVdES0QXVTOGBSFi9Fp6nbh483QZcDZlZVit
3BemDhWyen+neMUAW1kI6D6r+zcwPmGL3+bs55uv+GcUzxz/NjxNgj78feiDSPqt
bDNm5vViKluX44on
-----END CERTIFICATE-----