Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930363a3a2f34382d3438203d3e2030.roa
File:                     326130343a623930363a3a2f34382d3438203d3e2030.roa (raw, json)
Hash identifier:          NEH+nWO/0QP09WYvLtFrEDSvemn5G6vHFDHYbSjG3N0=
Subject key identifier:   18:D4:FA:C6:13:AD:CB:EE:3E:07:54:BC:C4:71:D9:AE:0B:DD:1D:D0
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       46C74D08B87D24D52DE5168A7109DDEDBBAAA41C
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930363a3a2f34382d3438203d3e2030.roa
Signing time:             Mon 10 Jun 2024 13:29:11 +0000
ROA not before:           Mon 10 Jun 2024 13:24:11 +0000
ROA not after:            Mon 09 Jun 2025 13:29:11 +0000
asID:                     0
IP address blocks:        2a04:b906::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:c7:4d:08:b8:7d:24:d5:2d:e5:16:8a:71:09:dd:ed:bb:aa:a4:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:11 2024 GMT
            Not After : Jun  9 13:29:11 2025 GMT
        Subject: CN=18D4FAC613ADCBEE3E0754BCC471D9AE0BDD1DD0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d8:e2:d0:98:4b:18:f4:da:88:61:dc:11:e3:
                    77:6d:71:94:42:40:1b:49:6b:48:5a:0d:7c:4c:07:
                    cb:bd:00:7e:94:f5:96:8f:72:40:ad:1c:f7:62:0b:
                    f0:69:c5:7c:12:2f:c2:89:4b:39:d4:05:eb:9a:d4:
                    46:ee:36:8b:3d:8a:4c:91:25:92:1c:3d:42:2a:3a:
                    b3:53:01:31:b9:2d:34:c7:95:b2:5b:d4:0e:89:a7:
                    6e:f8:1a:40:78:da:98:36:64:51:0e:da:90:8f:27:
                    25:05:90:94:c2:f2:72:dc:ab:fc:f0:0d:22:1d:36:
                    0c:fa:6f:26:5b:b3:64:45:18:72:5b:1d:53:0b:a2:
                    84:9c:2f:ef:97:89:86:2f:f3:17:82:71:1d:1e:52:
                    2a:2b:f8:41:a4:69:b2:3e:b6:85:02:a0:7e:63:e7:
                    6b:1d:67:9c:56:0d:91:33:ae:09:c2:f6:99:09:c5:
                    45:ab:2b:35:93:ec:7f:50:b5:87:85:92:8f:f7:b4:
                    15:2c:e5:38:77:57:ba:ab:95:e0:2c:14:d6:cb:08:
                    fb:55:e8:d8:42:db:70:99:6e:f2:1e:e6:41:a7:24:
                    8c:9c:7c:42:91:f9:a1:39:9b:31:48:26:a4:8a:ac:
                    47:59:c5:01:4f:76:30:f5:52:d4:3e:59:7b:41:7f:
                    84:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D4:FA:C6:13:AD:CB:EE:3E:07:54:BC:C4:71:D9:AE:0B:DD:1D:D0
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930363a3a2f34382d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b906::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:dc:8c:52:5e:fd:02:02:02:ec:af:8b:05:72:59:62:e8:3b:
         1c:2f:d0:4e:58:36:4c:20:02:35:e1:13:a8:c5:68:17:0c:2c:
         5d:09:d6:ce:12:26:15:c8:06:bd:41:ff:9e:bf:70:b9:8e:9f:
         6c:ce:9b:be:cb:be:44:fc:8d:72:a5:80:3f:7b:10:fc:2f:6f:
         40:0a:c1:f0:88:0f:a6:6f:09:50:b7:d1:dd:e9:5c:79:71:33:
         12:d3:39:86:77:0f:b4:63:ed:ba:ce:e5:b1:06:93:03:9d:6e:
         84:ff:35:c9:04:52:0d:02:5e:94:a3:69:f2:c0:59:d5:67:7c:
         6f:13:b9:65:4d:08:31:bb:54:6b:2e:64:7c:16:da:7b:54:74:
         7e:ff:fd:5c:9c:4a:11:65:78:b1:4e:8c:91:49:6c:15:16:f8:
         49:d3:a1:0f:05:bb:7d:0b:ca:e7:77:5d:3c:27:4f:fb:76:c4:
         18:58:aa:6a:5a:cb:c3:88:74:8c:6a:29:83:da:c3:7b:53:92:
         73:1b:e5:ab:4e:ae:94:dd:0b:bf:5d:ee:f5:22:4f:fa:71:c3:
         f4:27:8c:a2:d1:90:ea:5c:f4:4a:36:bd:e2:14:a2:22:82:62:
         35:8c:0c:6e:cf:2e:16:98:9d:5f:0e:91:c0:87:04:d2:8d:40:
         1a:d0:db:3a
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIURsdNCLh9JNUt5RaKcQnd7buqpBwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTFaFw0yNTA2MDkxMzI5MTFaMDMxMTAvBgNV
BAMTKDE4RDRGQUM2MTNBRENCRUUzRTA3NTRCQ0M0NzFEOUFFMEJERDFERDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC2OLQmEsY9NqIYdwR43dtcZRC
QBtJa0haDXxMB8u9AH6U9ZaPckCtHPdiC/BpxXwSL8KJSznUBeua1EbuNos9ikyR
JZIcPUIqOrNTATG5LTTHlbJb1A6Jp274GkB42pg2ZFEO2pCPJyUFkJTC8nLcq/zw
DSIdNgz6byZbs2RFGHJbHVMLooScL++XiYYv8xeCcR0eUior+EGkabI+toUCoH5j
52sdZ5xWDZEzrgnC9pkJxUWrKzWT7H9QtYeFko/3tBUs5Th3V7qrleAsFNbLCPtV
6NhC23CZbvIe5kGnJIycfEKR+aE5mzFIJqSKrEdZxQFPdjD1UtQ+WXtBf4QXAgMB
AAGjggHpMIIB5TAdBgNVHQ4EFgQUGNT6xhOty+4+B1S8xHHZrgvdHdAwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwfgYIKwYBBQUHAQsEcjBwMG4GCCsGAQUFBzALhmJy
c3luYzovL3JzeW5jLmtyaWxsLm5sbmV0bGFicy5ubC9yZXBvL25sbmV0bGFicy8x
LzMyNjEzMDM0M2E2MjM5MzAzNjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMwLnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAKgS5BgAAMA0GCSqGSIb3DQEBCwUAA4IBAQCZ3IxSXv0CAgLsr4sF
clli6DscL9BOWDZMIAI14ROoxWgXDCxdCdbOEiYVyAa9Qf+ev3C5jp9szpu+y75E
/I1ypYA/exD8L29ACsHwiA+mbwlQt9Hd6Vx5cTMS0zmGdw+0Y+26zuWxBpMDnW6E
/zXJBFINAl6Uo2nywFnVZ3xvE7llTQgxu1RrLmR8Ftp7VHR+//1cnEoRZXixToyR
SWwVFvhJ06EPBbt9C8rnd108J0/7dsQYWKpqWsvDiHSMaimD2sN7U5JzG+WrTq6U
3Qu/Xe71Ik/6ccP0J4yi0ZDqXPRKNr3iFKIigmI1jAxuzy4WmJ1fDpHAhwTSjUAa
0Ns6
-----END CERTIFICATE-----