Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34372d3437203d3e20323131333231.roa
File:                     326130343a623930373a3a2f34372d3437203d3e20323131333231.roa (raw, json)
Hash identifier:          8O1tIAno00Fq3J11voTy+bZ9nLQmODTuv88Ar+OUiVs=
Subject key identifier:   F2:E7:CA:26:9D:3F:E9:4E:FE:CF:2A:73:12:A9:29:81:E6:EC:A8:5F
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       28D0D0FA2EE6411F6F40519D80209DFB1CA501BA
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34372d3437203d3e20323131333231.roa
Signing time:             Mon 12 May 2025 14:07:21 +0000
ROA not before:           Mon 12 May 2025 14:02:21 +0000
ROA not after:            Mon 11 May 2026 14:07:21 +0000
asID:                     211321
IP address blocks:        2a04:b907::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:d0:d0:fa:2e:e6:41:1f:6f:40:51:9d:80:20:9d:fb:1c:a5:01:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: May 12 14:02:21 2025 GMT
            Not After : May 11 14:07:21 2026 GMT
        Subject: CN=F2E7CA269D3FE94EFECF2A7312A92981E6ECA85F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6d:ba:5f:b5:23:76:b3:4d:d8:00:76:bf:22:
                    a0:c2:4a:9b:e2:37:8e:19:b0:03:5a:29:f7:d4:cf:
                    bc:e5:45:94:d1:7e:9e:5f:54:99:81:8d:44:7c:7b:
                    70:1c:96:66:b7:18:3e:e6:91:4a:e8:b3:23:6b:f4:
                    f4:e1:48:99:09:2c:96:22:b5:f7:ad:4f:6e:51:ce:
                    9f:77:25:0c:19:fb:76:71:1d:24:d9:90:b6:e2:e1:
                    92:97:6f:19:92:ea:f3:2e:ac:c4:ac:e9:fe:34:94:
                    54:55:6d:e5:55:e8:ee:f6:91:91:6f:05:ff:c5:92:
                    0a:54:8c:0a:01:a2:10:de:a5:7f:1f:a8:83:03:48:
                    30:02:e6:e4:32:a9:32:72:3f:28:94:6f:86:f2:72:
                    9e:6d:f5:46:c8:04:fd:9b:91:d3:da:5f:62:19:22:
                    8b:f2:1f:67:fd:67:7a:e2:7d:79:60:79:50:4c:25:
                    30:31:26:61:34:1e:bd:49:1c:2c:00:51:b9:0a:11:
                    b5:53:9f:94:6d:cd:78:ac:65:26:9e:01:d0:f8:81:
                    62:7f:f7:a4:8f:11:d2:a6:34:4e:a1:94:31:cd:0b:
                    e3:d9:52:21:e7:bd:92:bc:56:2a:16:b2:cb:96:1a:
                    a7:b8:1e:a0:0c:8c:e5:16:90:ae:e6:fa:fb:a2:88:
                    08:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:E7:CA:26:9D:3F:E9:4E:FE:CF:2A:73:12:A9:29:81:E6:EC:A8:5F
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34372d3437203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b907::/47

    Signature Algorithm: sha256WithRSAEncryption
         18:d2:e2:49:f3:3d:24:44:6f:da:3a:47:53:a0:3c:87:ca:31:
         03:20:c8:9f:7c:08:81:b0:4d:a8:09:68:96:3c:4d:d4:e0:37:
         09:c9:6e:30:ed:1a:8b:a1:14:d4:be:1f:37:bf:80:09:2b:05:
         df:c1:b4:7d:44:0c:d5:74:a1:86:e5:a2:e1:44:75:0a:8a:02:
         44:d8:85:80:7e:8a:ad:99:f7:a4:e8:f3:a3:90:19:9f:aa:93:
         7e:a2:9f:8d:65:64:11:73:92:1c:f8:9c:39:22:f8:37:61:b1:
         93:b1:c8:d7:bf:0e:fc:ac:10:67:9b:77:7f:86:f3:98:43:65:
         5d:d9:a1:aa:2f:e9:b9:1e:ec:20:be:74:4e:a0:a1:c0:64:dd:
         bb:d1:0e:f3:5c:d6:30:f6:12:1d:5c:cd:05:67:15:d7:a5:54:
         2c:6f:05:58:89:48:7a:3a:c7:46:04:e7:4f:88:70:9e:be:d0:
         62:8c:44:be:50:f3:5d:bf:4f:a4:ce:4c:2d:bb:98:af:b6:d6:
         f2:49:82:d6:3a:54:e6:dc:71:5d:9f:82:cb:53:54:f3:5c:84:
         4f:86:a4:c0:d7:fa:f9:0b:c3:c8:df:8e:ef:a3:33:dd:67:4e:
         65:d8:ee:1a:bf:99:48:ef:cb:2d:08:44:73:4f:42:c9:d4:04:
         38:e7:1e:21
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgIUKNDQ+i7mQR9vQFGdgCCd+xylAbowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjFaFw0yNjA1MTExNDA3MjFaMDMxMTAvBgNV
BAMTKEYyRTdDQTI2OUQzRkU5NEVGRUNGMkE3MzEyQTkyOTgxRTZFQ0E4NUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJbbpftSN2s03YAHa/IqDCSpvi
N44ZsANaKffUz7zlRZTRfp5fVJmBjUR8e3Aclma3GD7mkUrosyNr9PThSJkJLJYi
tfetT25Rzp93JQwZ+3ZxHSTZkLbi4ZKXbxmS6vMurMSs6f40lFRVbeVV6O72kZFv
Bf/FkgpUjAoBohDepX8fqIMDSDAC5uQyqTJyPyiUb4bycp5t9UbIBP2bkdPaX2IZ
IovyH2f9Z3rifXlgeVBMJTAxJmE0Hr1JHCwAUbkKEbVTn5RtzXisZSaeAdD4gWJ/
96SPEdKmNE6hlDHNC+PZUiHnvZK8VioWssuWGqe4HqAMjOUWkK7m+vuiiAhdAgMB
AAGjggH0MIIB8DAdBgNVHQ4EFgQU8ufKJp0/6U7+zypzEqkpgebsqF8wHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYgGCCsGAQUFBwELBHwwejB4BggrBgEFBQcwC4Zs
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzczYTNhMmYzNDM3MmQzNDM3MjAzZDNlMjAzMjMx
MzEzMzMyMzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUH
AQcBAf8EEzARMA8EAgACMAkDBwEqBLkHAAAwDQYJKoZIhvcNAQELBQADggEBABjS
4knzPSREb9o6R1OgPIfKMQMgyJ98CIGwTagJaJY8TdTgNwnJbjDtGouhFNS+Hze/
gAkrBd/BtH1EDNV0oYblouFEdQqKAkTYhYB+iq2Z96To86OQGZ+qk36in41lZBFz
khz4nDki+DdhsZOxyNe/DvysEGebd3+G85hDZV3Zoaov6bke7CC+dE6gocBk3bvR
DvNc1jD2Eh1czQVnFdelVCxvBViJSHo6x0YE50+IcJ6+0GKMRL5Q812/T6TOTC27
mK+21vJJgtY6VObccV2fgstTVPNchE+GpMDX+vkLw8jfju+jM91nTmXY7hq/mUjv
yy0IRHNPQsnUBDjnHiE=
-----END CERTIFICATE-----