Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930363a3a2f34382d3438203d3e2030.roa
File:                     326130343a623930363a3a2f34382d3438203d3e2030.roa (raw, json)
Hash identifier:          KjBpGCjhgcgzyMWLAwsBFjFxOErpP8CS58MUX0jm8U8=
Subject key identifier:   6D:63:10:83:F8:DE:02:5D:1B:4F:7E:15:76:67:3A:4F:7E:03:4E:2D
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       1EC7ED4EBEE7EA632992A22C842F8BC00A0647E2
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930363a3a2f34382d3438203d3e2030.roa
Signing time:             Mon 12 May 2025 14:07:24 +0000
ROA not before:           Mon 12 May 2025 14:02:24 +0000
ROA not after:            Mon 11 May 2026 14:07:24 +0000
asID:                     0
IP address blocks:        2a04:b906::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 01 Jun 2025 22:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:c7:ed:4e:be:e7:ea:63:29:92:a2:2c:84:2f:8b:c0:0a:06:47:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: May 12 14:02:24 2025 GMT
            Not After : May 11 14:07:24 2026 GMT
        Subject: CN=6D631083F8DE025D1B4F7E1576673A4F7E034E2D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:dc:66:d3:49:16:30:c9:50:f5:4b:20:a3:cc:
                    30:f2:df:b5:3f:b5:ee:4a:02:76:13:4a:22:41:50:
                    a8:e7:15:47:f3:9c:5d:d5:b6:91:f3:b4:18:78:ed:
                    a8:82:54:31:6e:ae:3f:39:43:b2:54:26:ff:f1:6e:
                    49:e0:7c:1a:6b:71:6d:0b:c3:57:73:1c:f2:b4:2a:
                    d2:21:49:76:dd:80:96:4a:53:d0:c7:dc:f2:f3:80:
                    91:ae:6e:dc:9c:3a:7d:bf:8a:4c:0c:81:f4:c9:7f:
                    ca:f5:38:89:9e:36:3d:b2:d8:21:cd:ad:7c:33:d1:
                    50:6d:a8:6e:fc:f5:33:9d:7b:83:f1:31:c4:b0:ae:
                    c2:d5:3e:08:71:fa:c3:22:7d:10:8b:cf:b6:97:bd:
                    34:11:f0:45:72:c0:3e:26:7b:94:d8:08:38:a9:4a:
                    3e:0a:14:8f:47:a5:52:5d:e8:dc:d1:7e:4a:16:3b:
                    4c:64:9c:20:e0:2f:57:17:ef:c6:ca:12:67:be:8b:
                    57:d2:c8:11:f6:8c:a5:42:36:d7:40:18:63:63:0c:
                    0c:8b:5e:b1:ed:ee:fb:ba:55:d0:03:ca:f9:1b:e5:
                    2e:df:01:15:33:8b:71:2e:5b:e8:27:1c:b4:38:b5:
                    02:01:d7:54:ab:70:df:8f:9e:5a:d1:2b:2c:06:de:
                    10:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:63:10:83:F8:DE:02:5D:1B:4F:7E:15:76:67:3A:4F:7E:03:4E:2D
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930363a3a2f34382d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b906::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:97:f9:94:f9:b9:eb:c5:e4:8a:9a:36:bc:8f:e3:6c:e2:8a:
         22:6a:0a:19:79:7d:76:40:4a:d3:ec:7b:2d:ab:ff:30:a3:a8:
         90:c0:d0:05:d7:0a:31:79:0e:56:07:71:91:c8:ce:b0:8b:9d:
         bd:ae:1e:d7:73:63:0f:a0:c7:65:ba:46:c7:38:66:07:3d:af:
         49:81:d5:07:73:55:66:8d:d7:2c:95:b7:20:e1:15:7d:81:83:
         c1:36:00:6b:a8:89:e7:30:09:95:06:a7:7f:fc:90:30:d5:d4:
         ef:f3:50:67:c5:14:c0:fa:31:a7:cb:c2:82:85:56:ac:98:fa:
         b6:3b:00:08:15:18:66:23:8a:90:4b:eb:be:18:85:a0:b0:ba:
         a8:94:ec:cc:8c:81:8b:58:02:da:75:20:2e:40:19:3b:58:e1:
         cc:70:09:6d:78:48:69:84:0a:ff:36:ac:92:af:5b:47:26:c8:
         8d:8e:62:e1:cc:6f:24:f4:ac:19:3a:00:4d:8a:ac:42:dc:1f:
         b3:12:76:50:b1:fa:42:10:ba:95:8e:6a:73:5c:91:3f:51:4a:
         71:6d:17:aa:33:2d:bb:3b:64:7a:20:84:56:5e:3e:f4:bf:ed:
         f1:e5:b7:95:f0:8b:76:fe:01:31:ae:97:43:13:da:f1:ae:c9:
         5d:08:0b:ee
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIUHsftTr7n6mMpkqIshC+LwAoGR+IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjRaFw0yNjA1MTExNDA3MjRaMDMxMTAvBgNV
BAMTKDZENjMxMDgzRjhERTAyNUQxQjRGN0UxNTc2NjczQTRGN0UwMzRFMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw3GbTSRYwyVD1SyCjzDDy37U/
te5KAnYTSiJBUKjnFUfznF3VtpHztBh47aiCVDFurj85Q7JUJv/xbkngfBprcW0L
w1dzHPK0KtIhSXbdgJZKU9DH3PLzgJGubtycOn2/ikwMgfTJf8r1OImeNj2y2CHN
rXwz0VBtqG789TOde4PxMcSwrsLVPghx+sMifRCLz7aXvTQR8EVywD4me5TYCDip
Sj4KFI9HpVJd6NzRfkoWO0xknCDgL1cX78bKEme+i1fSyBH2jKVCNtdAGGNjDAyL
XrHt7vu6VdADyvkb5S7fARUzi3EuW+gnHLQ4tQIB11SrcN+PnlrRKywG3hBhAgMB
AAGjggHpMIIB5TAdBgNVHQ4EFgQUbWMQg/jeAl0bT34Vdmc6T34DTi0wHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwfgYIKwYBBQUHAQsEcjBwMG4GCCsGAQUFBzALhmJy
c3luYzovL3JzeW5jLmtyaWxsLm5sbmV0bGFicy5ubC9yZXBvL25sbmV0bGFicy8x
LzMyNjEzMDM0M2E2MjM5MzAzNjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMwLnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAKgS5BgAAMA0GCSqGSIb3DQEBCwUAA4IBAQAbl/mU+bnrxeSKmja8
j+Ns4ooiagoZeX12QErT7Hstq/8wo6iQwNAF1woxeQ5WB3GRyM6wi529rh7Xc2MP
oMdlukbHOGYHPa9JgdUHc1Vmjdcslbcg4RV9gYPBNgBrqInnMAmVBqd//JAw1dTv
81BnxRTA+jGny8KChVasmPq2OwAIFRhmI4qQS+u+GIWgsLqolOzMjIGLWALadSAu
QBk7WOHMcAlteEhphAr/NqySr1tHJsiNjmLhzG8k9KwZOgBNiqxC3B+zEnZQsfpC
ELqVjmpzXJE/UUpxbReqMy27O2R6IIRWXj70v+3x5beV8It2/gExrpdDE9rxrsld
CAvu
-----END CERTIFICATE-----