Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa
File:                     326130343a623930373a3a2f34382d3438203d3e2030.roa (raw, json)
Hash identifier:          6Vd3A68tlmMtxQej2vYw2TTJoQXEgyQe+0Uw9Nd1As0=
Subject key identifier:   07:D8:1D:B8:CC:03:7E:18:04:CD:66:D0:1F:91:D9:ED:3F:A0:16:31
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       44F19C2DFC1E98C1A482EBC772FB8AB2DC4D502F
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa
Signing time:             Mon 12 May 2025 14:07:25 +0000
ROA not before:           Mon 12 May 2025 14:02:25 +0000
ROA not after:            Mon 11 May 2026 14:07:25 +0000
asID:                     0
IP address blocks:        2a04:b907::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 01 Jun 2025 22:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:f1:9c:2d:fc:1e:98:c1:a4:82:eb:c7:72:fb:8a:b2:dc:4d:50:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: May 12 14:02:25 2025 GMT
            Not After : May 11 14:07:25 2026 GMT
        Subject: CN=07D81DB8CC037E1804CD66D01F91D9ED3FA01631
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:68:f3:68:64:18:5a:61:3a:9e:04:0c:8a:5a:
                    24:bc:33:77:cc:4e:95:0f:23:8e:e0:d9:f2:98:c6:
                    cd:ab:6b:30:59:ea:ce:c2:8f:20:c2:f0:58:37:68:
                    83:5c:9f:65:e9:03:75:a8:df:38:1b:ba:c2:64:d8:
                    21:d9:a3:2a:de:2e:89:1e:7c:2f:7f:ca:73:28:8b:
                    c8:c5:4b:12:46:46:5d:a2:3b:2f:99:9c:c6:c6:24:
                    0f:43:e5:15:a2:f6:e4:e2:fe:bb:f1:67:a4:5e:cb:
                    a1:12:dd:e8:da:b6:f7:61:52:a9:b1:9e:78:62:88:
                    8e:1d:b5:ef:1f:f3:e0:37:f8:b1:20:63:70:97:6c:
                    97:4c:53:13:d6:ec:a1:37:71:bf:9d:3a:6a:b1:cc:
                    af:7d:5a:d5:a2:3f:12:99:5e:d0:da:85:ce:93:97:
                    7f:45:df:54:8e:c4:6b:bd:ee:90:56:39:36:e3:4e:
                    81:a7:9f:6a:77:2b:09:b7:85:65:55:89:98:d1:50:
                    1a:32:ed:e6:43:f8:22:47:d5:7e:70:d3:e0:73:12:
                    2a:16:a2:6b:f8:b3:ec:1f:2c:c0:31:11:c3:d2:51:
                    7b:af:a9:95:82:2a:78:de:d0:0e:4d:e1:3f:71:9d:
                    a1:75:61:d4:b1:cd:8b:c3:95:db:79:3d:fb:8b:13:
                    56:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D8:1D:B8:CC:03:7E:18:04:CD:66:D0:1F:91:D9:ED:3F:A0:16:31
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b907::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:6a:09:a1:be:c6:c6:9e:22:85:68:f5:96:7a:9d:c7:7a:a2:
         64:ac:6c:63:68:ab:0d:41:19:14:1e:7d:c6:f0:70:43:ba:74:
         af:4a:38:d8:1e:10:fc:48:0f:ea:5c:47:d4:92:b4:ba:ef:f3:
         6c:3a:db:73:55:1e:91:9a:13:c9:d7:4e:05:fa:43:3e:19:73:
         e4:e6:d5:f6:6a:61:6a:c4:16:d2:22:a2:86:eb:54:d9:1d:6f:
         67:19:dc:2f:84:5e:fb:46:61:aa:ef:85:c0:1c:04:1f:2b:a6:
         17:93:03:09:cd:f9:af:01:0d:eb:f7:58:f2:cd:91:c5:40:fb:
         c8:de:4f:3e:af:2f:b8:6d:f3:56:ca:d3:3b:44:82:83:a5:42:
         9c:f9:99:b9:39:ee:3f:2e:da:bc:49:7e:c0:67:7a:22:96:31:
         9d:7c:2b:b9:31:c1:83:b6:25:52:78:b7:20:5a:68:f6:a8:dc:
         45:1a:73:cc:ef:3d:01:7e:d0:ec:36:36:7a:1c:db:e8:25:a7:
         b0:aa:3a:ec:f8:06:bb:33:ac:88:97:e2:0e:d8:b2:86:67:6b:
         ba:a8:65:d6:75:5c:04:d7:ee:45:8a:d2:8e:8d:01:13:c7:3f:
         1d:e1:9e:77:da:d4:8a:17:c1:fd:a9:83:d7:5d:50:6f:2e:fb:
         12:3c:fb:fd
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIURPGcLfwemMGkguvHcvuKstxNUC8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjVaFw0yNjA1MTExNDA3MjVaMDMxMTAvBgNV
BAMTKDA3RDgxREI4Q0MwMzdFMTgwNENENjZEMDFGOTFEOUVEM0ZBMDE2MzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCraPNoZBhaYTqeBAyKWiS8M3fM
TpUPI47g2fKYxs2razBZ6s7CjyDC8Fg3aINcn2XpA3Wo3zgbusJk2CHZoyreLoke
fC9/ynMoi8jFSxJGRl2iOy+ZnMbGJA9D5RWi9uTi/rvxZ6Rey6ES3ejatvdhUqmx
nnhiiI4dte8f8+A3+LEgY3CXbJdMUxPW7KE3cb+dOmqxzK99WtWiPxKZXtDahc6T
l39F31SOxGu97pBWOTbjToGnn2p3Kwm3hWVViZjRUBoy7eZD+CJH1X5w0+BzEioW
omv4s+wfLMAxEcPSUXuvqZWCKnje0A5N4T9xnaF1YdSxzYvDldt5PfuLE1YHAgMB
AAGjggHpMIIB5TAdBgNVHQ4EFgQUB9gduMwDfhgEzWbQH5HZ7T+gFjEwHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwfgYIKwYBBQUHAQsEcjBwMG4GCCsGAQUFBzALhmJy
c3luYzovL3JzeW5jLmtyaWxsLm5sbmV0bGFicy5ubC9yZXBvL25sbmV0bGFicy8x
LzMyNjEzMDM0M2E2MjM5MzAzNzNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMwLnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAKgS5BwAAMA0GCSqGSIb3DQEBCwUAA4IBAQCcagmhvsbGniKFaPWW
ep3HeqJkrGxjaKsNQRkUHn3G8HBDunSvSjjYHhD8SA/qXEfUkrS67/NsOttzVR6R
mhPJ104F+kM+GXPk5tX2amFqxBbSIqKG61TZHW9nGdwvhF77RmGq74XAHAQfK6YX
kwMJzfmvAQ3r91jyzZHFQPvI3k8+ry+4bfNWytM7RIKDpUKc+Zm5Oe4/Ltq8SX7A
Z3oiljGdfCu5McGDtiVSeLcgWmj2qNxFGnPM7z0BftDsNjZ6HNvoJaewqjrs+Aa7
M6yIl+IO2LKGZ2u6qGXWdVwE1+5FitKOjQETxz8d4Z532tSKF8H9qYPXXVBvLvsS
PPv9
-----END CERTIFICATE-----