Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa
File:                     326130343a623930373a3a2f34382d3438203d3e2030.roa (raw, json)
Hash identifier:          5yK+THE86yROjd9HC9sn3hUmll8GgcjhlJ8ciBlc4TU=
Subject key identifier:   E4:37:96:14:E7:11:F9:17:5E:4A:64:40:32:33:92:E5:91:97:64:CA
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       5173941BBEB5A4C47363CFD326A2FE9B9867FB2C
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa
Signing time:             Mon 10 Jun 2024 13:29:11 +0000
ROA not before:           Mon 10 Jun 2024 13:24:11 +0000
ROA not after:            Mon 09 Jun 2025 13:29:11 +0000
asID:                     0
IP address blocks:        2a04:b907::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:73:94:1b:be:b5:a4:c4:73:63:cf:d3:26:a2:fe:9b:98:67:fb:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: Jun 10 13:24:11 2024 GMT
            Not After : Jun  9 13:29:11 2025 GMT
        Subject: CN=E4379614E711F9175E4A6440323392E5919764CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f2:a0:69:12:74:b7:9c:65:94:c9:eb:db:2b:
                    1c:7e:5a:56:b9:9d:9d:23:27:1d:82:d4:65:df:41:
                    ae:49:a4:3e:9f:95:0a:f4:fa:fd:f4:76:f7:e2:f0:
                    53:07:fe:99:b9:8f:7a:7d:78:17:dd:f9:98:16:61:
                    1a:20:b3:c1:3b:ec:2e:88:f8:0a:f3:9f:e1:39:6a:
                    f9:c8:fa:be:be:eb:82:09:e4:ec:2a:1d:95:af:de:
                    06:4a:7e:92:1f:80:ed:45:18:72:57:8d:d4:b3:38:
                    aa:ea:fe:cf:f8:c9:1b:fe:bb:f4:cc:f0:c3:db:e7:
                    f2:d0:aa:29:4c:ab:6e:26:93:bd:9b:9f:ac:53:32:
                    d4:a1:e5:68:46:cd:18:98:c7:0e:92:83:01:c0:79:
                    aa:81:9c:73:db:cb:0a:76:83:13:1e:27:0a:3f:f5:
                    aa:b8:aa:4c:b1:3f:7a:40:bb:68:b1:f5:5f:54:2c:
                    54:7b:5c:48:13:bc:80:76:30:e6:85:9d:30:f3:23:
                    7b:f1:86:10:c8:47:26:e4:f7:86:45:3a:6b:df:86:
                    23:d4:75:e5:b6:43:d4:51:b6:3f:96:3b:d6:7f:6d:
                    78:19:0e:57:dc:76:3c:e8:cf:82:46:ac:47:d4:47:
                    10:c5:54:65:f6:34:c1:c8:ae:f7:5d:44:ab:cf:19:
                    10:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:37:96:14:E7:11:F9:17:5E:4A:64:40:32:33:92:E5:91:97:64:CA
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b907::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:47:89:e9:e5:83:76:e2:11:a5:23:2a:b7:85:38:1b:99:fd:
         e9:ee:8b:e8:5d:4d:8c:c0:1b:3b:3c:97:75:7f:ad:b2:a5:19:
         de:e0:e1:fe:f5:6a:bb:77:93:f3:1c:a6:9f:1f:56:24:24:72:
         36:08:e8:14:25:c5:6f:2a:dd:48:b5:c5:3a:8a:5e:2c:3c:91:
         35:88:78:98:b9:a7:8f:15:3f:0e:c0:c1:45:75:ad:9e:c7:f4:
         85:34:c0:f5:e6:a5:89:f4:25:80:fa:46:06:dd:3d:51:7b:0e:
         df:af:c9:ca:d5:a1:05:72:d9:a7:ee:7a:2f:ef:ff:94:a9:4a:
         aa:98:fb:37:ba:f2:4d:88:c7:32:35:ab:88:f7:e0:01:60:57:
         94:f5:50:58:b3:ee:11:b1:27:11:15:63:d4:b1:aa:51:42:be:
         5e:85:fd:e9:cb:db:f9:a1:6f:a9:3a:5f:90:a1:29:18:ef:2d:
         0c:35:e1:f2:c5:50:3e:fc:93:01:8c:d7:8b:4f:52:1f:ea:7b:
         c3:5d:fb:67:50:7a:66:1b:9e:f6:40:9c:34:b8:2d:b0:66:d2:
         18:74:e9:b4:8e:20:3a:11:2d:28:06:cc:da:48:45:ec:ce:ac:
         09:7a:84:ea:da:55:61:4f:10:9f:56:8e:2a:76:01:02:4d:5b:
         1a:75:b9:d8
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIUUXOUG761pMRzY8/TJqL+m5hn+ywwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNDA2MTAxMzI0MTFaFw0yNTA2MDkxMzI5MTFaMDMxMTAvBgNV
BAMTKEU0Mzc5NjE0RTcxMUY5MTc1RTRBNjQ0MDMyMzM5MkU1OTE5NzY0Q0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/8qBpEnS3nGWUyevbKxx+Wla5
nZ0jJx2C1GXfQa5JpD6flQr0+v30dvfi8FMH/pm5j3p9eBfd+ZgWYRogs8E77C6I
+Arzn+E5avnI+r6+64IJ5OwqHZWv3gZKfpIfgO1FGHJXjdSzOKrq/s/4yRv+u/TM
8MPb5/LQqilMq24mk72bn6xTMtSh5WhGzRiYxw6SgwHAeaqBnHPbywp2gxMeJwo/
9aq4qkyxP3pAu2ix9V9ULFR7XEgTvIB2MOaFnTDzI3vxhhDIRybk94ZFOmvfhiPU
deW2Q9RRtj+WO9Z/bXgZDlfcdjzoz4JGrEfURxDFVGX2NMHIrvddRKvPGRBnAgMB
AAGjggHpMIIB5TAdBgNVHQ4EFgQU5DeWFOcR+RdeSmRAMjOS5ZGXZMowHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwfgYIKwYBBQUHAQsEcjBwMG4GCCsGAQUFBzALhmJy
c3luYzovL3JzeW5jLmtyaWxsLm5sbmV0bGFicy5ubC9yZXBvL25sbmV0bGFicy8x
LzMyNjEzMDM0M2E2MjM5MzAzNzNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMwLnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAKgS5BwAAMA0GCSqGSIb3DQEBCwUAA4IBAQBUR4np5YN24hGlIyq3
hTgbmf3p7ovoXU2MwBs7PJd1f62ypRne4OH+9Wq7d5PzHKafH1YkJHI2COgUJcVv
Kt1ItcU6il4sPJE1iHiYuaePFT8OwMFFda2ex/SFNMD15qWJ9CWA+kYG3T1Rew7f
r8nK1aEFctmn7nov7/+UqUqqmPs3uvJNiMcyNauI9+ABYFeU9VBYs+4RsScRFWPU
sapRQr5ehf3py9v5oW+pOl+QoSkY7y0MNeHyxVA+/JMBjNeLT1If6nvDXftnUHpm
G572QJw0uC2wZtIYdOm0jiA6ES0oBszaSEXszqwJeoTq2lVhTxCfVo4qdgECTVsa
dbnY
-----END CERTIFICATE-----