Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34372d3437203d3e20323131333231.roa
File:                     326130343a623930373a3a2f34372d3437203d3e20323131333231.roa (raw, json)
Hash identifier:          e0CUD7jXhCf+ydR36N5Q5VZ7VITtWHCNrC5jmkREB/Q=
Subject key identifier:   03:8F:B9:E0:14:D0:2E:4B:DC:3D:C5:50:F8:72:4A:A2:62:DD:E3:DE
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       40002D37644384505123342F94AADAB4ADBC2CC9
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34372d3437203d3e20323131333231.roa
Signing time:             Mon 10 Jun 2024 13:29:11 +0000
ROA not before:           Mon 10 Jun 2024 13:24:11 +0000
ROA not after:            Mon 09 Jun 2025 13:29:11 +0000
asID:                     211321
IP address blocks:        2a04:b907::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:00:2d:37:64:43:84:50:51:23:34:2f:94:aa:da:b4:ad:bc:2c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:11 2024 GMT
            Not After : Jun  9 13:29:11 2025 GMT
        Subject: CN=038FB9E014D02E4BDC3DC550F8724AA262DDE3DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:68:4d:75:93:0d:85:ca:91:de:a9:00:8d:17:
                    ed:4c:4e:95:43:4b:4f:ef:fe:0c:7e:f8:1f:04:95:
                    7b:ba:8a:a1:07:35:7d:d0:81:0c:a1:d8:81:d4:42:
                    bc:60:70:b8:e8:0e:53:c0:86:f5:7f:11:e1:5b:4d:
                    8e:80:84:18:8f:12:e2:11:ab:7d:63:61:a5:2f:5b:
                    8f:53:ba:6d:c2:96:4a:2e:fd:31:48:e0:60:ed:25:
                    eb:bd:c5:f6:6a:6f:3b:a7:de:35:3a:79:07:14:7a:
                    ff:4c:5e:f1:d2:e4:32:6a:41:46:42:85:e2:37:9e:
                    b0:1f:9b:1c:b0:5e:3e:bb:e0:2a:cb:c9:eb:07:0f:
                    aa:41:d4:08:da:74:a8:54:9c:af:46:b1:8c:7e:00:
                    ac:71:59:6f:97:b1:d8:a1:20:ca:34:d0:7d:3e:7c:
                    fd:be:91:d2:a5:53:62:a5:06:88:bc:fb:92:52:52:
                    88:1a:00:e5:98:45:b9:bb:70:bb:d7:d1:2e:b5:08:
                    f0:b6:3e:e0:13:c9:61:34:37:c7:d4:1a:1e:92:03:
                    a2:56:66:d3:5f:f3:c6:b5:4e:68:9e:2c:03:44:aa:
                    ca:f7:10:0f:a5:75:64:b9:15:3c:3e:fe:e8:72:29:
                    b8:f8:6e:8a:7b:2c:fd:9b:ee:56:88:ce:26:6c:fe:
                    01:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:8F:B9:E0:14:D0:2E:4B:DC:3D:C5:50:F8:72:4A:A2:62:DD:E3:DE
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34372d3437203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b907::/47

    Signature Algorithm: sha256WithRSAEncryption
         08:6f:55:74:87:fc:5e:94:1d:72:2f:8a:01:c4:65:31:50:bb:
         82:c2:a9:4b:ec:83:c8:92:b9:2d:d5:6f:b3:c7:f3:98:3a:37:
         a3:be:b5:97:1e:ec:4c:0f:e1:c3:97:4b:9b:ed:af:7c:88:31:
         aa:29:56:16:a3:c3:a6:65:c3:88:2b:cf:c9:78:f8:03:29:40:
         fa:df:d1:45:01:38:8a:5d:90:f7:1d:76:e6:d0:0a:55:8f:c8:
         bb:e2:81:06:a0:4c:b5:37:3b:6a:60:91:01:85:6d:92:ec:ab:
         7a:c7:ea:32:b7:47:23:34:19:06:95:5f:ec:e9:56:0f:52:b5:
         79:98:8b:b5:65:61:52:79:83:16:e9:6e:b0:83:25:db:17:af:
         06:f7:79:7a:5d:1f:0b:43:43:77:13:3e:c3:8b:21:19:d1:00:
         98:61:f0:68:6d:d2:ed:5a:89:23:05:28:07:18:1c:d0:ce:7a:
         2c:31:d9:a0:7a:62:c1:49:81:b2:79:76:cb:d2:16:ac:fc:a6:
         fa:fb:be:94:bd:bf:22:68:ef:9f:f0:14:ac:93:42:ce:ed:ee:
         77:50:55:ad:9d:56:9a:fa:4e:8c:d1:4b:ac:77:77:24:52:06:
         b0:77:75:52:c0:e5:5d:78:50:14:36:ad:a4:e5:ab:e0:de:0c:
         76:75:ef:70
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgIUQAAtN2RDhFBRIzQvlKratK28LMkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTFaFw0yNTA2MDkxMzI5MTFaMDMxMTAvBgNV
BAMTKDAzOEZCOUUwMTREMDJFNEJEQzNEQzU1MEY4NzI0QUEyNjJEREUzREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8aE11kw2FypHeqQCNF+1MTpVD
S0/v/gx++B8ElXu6iqEHNX3QgQyh2IHUQrxgcLjoDlPAhvV/EeFbTY6AhBiPEuIR
q31jYaUvW49Tum3Clkou/TFI4GDtJeu9xfZqbzun3jU6eQcUev9MXvHS5DJqQUZC
heI3nrAfmxywXj674CrLyesHD6pB1AjadKhUnK9GsYx+AKxxWW+XsdihIMo00H0+
fP2+kdKlU2KlBoi8+5JSUogaAOWYRbm7cLvX0S61CPC2PuATyWE0N8fUGh6SA6JW
ZtNf88a1TmieLANEqsr3EA+ldWS5FTw+/uhyKbj4bop7LP2b7laIziZs/gHrAgMB
AAGjggH0MIIB8DAdBgNVHQ4EFgQUA4+54BTQLkvcPcVQ+HJKomLd494wHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYgGCCsGAQUFBwELBHwwejB4BggrBgEFBQcwC4Zs
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzczYTNhMmYzNDM3MmQzNDM3MjAzZDNlMjAzMjMx
MzEzMzMyMzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUH
AQcBAf8EEzARMA8EAgACMAkDBwEqBLkHAAAwDQYJKoZIhvcNAQELBQADggEBAAhv
VXSH/F6UHXIvigHEZTFQu4LCqUvsg8iSuS3Vb7PH85g6N6O+tZce7EwP4cOXS5vt
r3yIMaopVhajw6Zlw4grz8l4+AMpQPrf0UUBOIpdkPcddubQClWPyLvigQagTLU3
O2pgkQGFbZLsq3rH6jK3RyM0GQaVX+zpVg9StXmYi7VlYVJ5gxbpbrCDJdsXrwb3
eXpdHwtDQ3cTPsOLIRnRAJhh8Ght0u1aiSMFKAcYHNDOeiwx2aB6YsFJgbJ5dsvS
Fqz8pvr7vpS9vyJo75/wFKyTQs7t7ndQVa2dVpr6TozRS6x3dyRSBrB3dVLA5V14
UBQ2raTlq+DeDHZ173A=
-----END CERTIFICATE-----