Route Origin Authorization

$ rpki-client -vvf krill.signalx.cloud/repo/signalx-rpki/4/323030313a3637633a323864343a3a2f34382d3438203d3e20323036373838.roa
File:                     323030313a3637633a323864343a3a2f34382d3438203d3e20323036373838.roa (raw, json)
Hash identifier:          PNmjJ5Y8FuXlXHnV22nAEjIm1Iwk0dySIizMcjGUUog=
Subject key identifier:   1B:1A:1C:0C:E3:AE:AF:79:32:B6:E6:DC:18:95:54:E0:C1:0F:8C:27
Certificate issuer:       /CN=02b5cf163150add82e90362ae55f3173d9749f05
Certificate serial:       64F3F2564B51CC1826F32270C8D03390BEAA8D7F
Authority key identifier: 02:B5:CF:16:31:50:AD:D8:2E:90:36:2A:E5:5F:31:73:D9:74:9F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ArXPFjFQrdgukDYq5V8xc9l0nwU.cer
Subject info access:      rsync://krill.signalx.cloud/repo/signalx-rpki/4/323030313a3637633a323864343a3a2f34382d3438203d3e20323036373838.roa
Signing time:             Sat 02 Aug 2025 01:01:20 +0000
ROA not before:           Sat 02 Aug 2025 00:56:20 +0000
ROA not after:            Sat 01 Aug 2026 01:01:20 +0000
asID:                     206788
IP address blocks:        2001:67c:28d4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.signalx.cloud/repo/signalx-rpki/4/02B5CF163150ADD82E90362AE55F3173D9749F05.crl
                          rsync://krill.signalx.cloud/repo/signalx-rpki/4/02B5CF163150ADD82E90362AE55F3173D9749F05.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ArXPFjFQrdgukDYq5V8xc9l0nwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:f3:f2:56:4b:51:cc:18:26:f3:22:70:c8:d0:33:90:be:aa:8d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02b5cf163150add82e90362ae55f3173d9749f05
        Validity
            Not Before: Aug  2 00:56:20 2025 GMT
            Not After : Aug  1 01:01:20 2026 GMT
        Subject: CN=1B1A1C0CE3AEAF7932B6E6DC189554E0C10F8C27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:35:82:b0:92:1f:51:7c:cc:11:8e:64:f9:dc:
                    10:05:e2:43:fb:0a:e1:16:eb:b9:20:4a:25:a0:4e:
                    68:75:e0:22:e0:cf:a2:ed:b5:c4:d3:7b:2a:6c:27:
                    37:e6:5b:17:74:62:70:7e:d7:67:62:46:91:77:ec:
                    42:39:d3:72:bb:3d:23:cf:54:22:1c:69:64:08:96:
                    48:bf:78:c7:3d:03:88:e8:72:49:d8:98:dd:b6:c3:
                    e0:6a:bb:f9:43:d5:3f:b5:6e:20:95:60:3c:2e:cd:
                    6e:a4:0a:69:0c:70:9f:b9:bd:3c:82:38:58:40:5a:
                    26:fc:5d:5a:ec:d6:6b:60:5c:d1:59:b5:9e:21:5d:
                    97:12:34:86:8f:37:d7:58:4f:ac:23:23:05:d9:09:
                    bc:a7:f0:45:84:12:97:0c:29:8f:b9:3f:09:77:ee:
                    79:07:ac:79:a0:5b:5a:b6:29:04:db:fd:ef:9e:f2:
                    db:5b:59:41:ef:5a:15:fd:28:fa:83:2c:23:7f:85:
                    6e:38:73:a7:15:49:14:2a:c3:80:f4:d2:1b:bc:c2:
                    52:d2:e8:7d:de:6a:57:b4:80:67:2e:76:09:93:08:
                    63:41:69:a6:60:f7:b8:ec:c6:9e:f2:cf:27:45:08:
                    36:05:0f:83:d6:3f:b4:86:46:61:06:f5:5a:bd:74:
                    ea:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:1A:1C:0C:E3:AE:AF:79:32:B6:E6:DC:18:95:54:E0:C1:0F:8C:27
            X509v3 Authority Key Identifier:
                keyid:02:B5:CF:16:31:50:AD:D8:2E:90:36:2A:E5:5F:31:73:D9:74:9F:05

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.signalx.cloud/repo/signalx-rpki/4/02B5CF163150ADD82E90362AE55F3173D9749F05.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArXPFjFQrdgukDYq5V8xc9l0nwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.signalx.cloud/repo/signalx-rpki/4/323030313a3637633a323864343a3a2f34382d3438203d3e20323036373838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:28d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:71:3f:75:d5:ec:c9:8a:92:d9:3b:f7:ec:fb:1d:c9:54:2c:
         52:de:59:a2:42:9f:67:3a:81:0e:fa:f7:3b:6f:57:72:17:90:
         68:d3:85:f6:3e:5e:db:fb:36:b0:d5:15:b8:4c:74:0b:7b:d9:
         b5:cf:fa:39:71:43:30:57:82:ff:1b:6a:9a:66:3c:20:27:56:
         4a:d2:31:a9:3e:09:2a:af:63:c6:e4:61:b0:f3:6a:28:1c:67:
         6a:c4:65:8a:b5:65:36:cc:55:56:7e:e8:02:a8:34:93:be:0e:
         c3:71:f1:2d:87:dd:40:e5:ea:f2:44:99:34:91:29:d3:89:6a:
         a6:9d:7d:67:1f:6e:53:3f:9c:b3:22:fe:94:56:36:ec:dc:8d:
         e4:4f:dc:ce:9e:5a:8c:dd:78:19:42:9c:fd:3a:2f:2e:4b:92:
         05:e3:4a:13:e8:e0:63:8d:31:a5:48:ac:8d:41:74:56:6a:57:
         a0:4c:4a:c1:87:9c:09:4c:7a:a7:09:bb:09:7c:de:f6:20:89:
         46:53:25:3e:44:4c:d7:27:a1:bb:04:6e:ba:60:f8:9e:a9:d8:
         e1:09:23:25:33:31:b5:ee:8d:6c:b5:71:d6:d8:c1:a6:d3:80:
         9f:92:b0:bc:2d:fc:04:ea:89:fa:46:2e:fb:61:43:0d:27:3a:
         6e:3d:e0:81
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIUZPPyVktRzBgm8yJwyNAzkL6qjX8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDJiNWNmMTYzMTUwYWRkODJlOTAzNjJhZTU1ZjMxNzNk
OTc0OWYwNTAeFw0yNTA4MDIwMDU2MjBaFw0yNjA4MDEwMTAxMjBaMDMxMTAvBgNV
BAMTKDFCMUExQzBDRTNBRUFGNzkzMkI2RTZEQzE4OTU1NEUwQzEwRjhDMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsNYKwkh9RfMwRjmT53BAF4kP7
CuEW67kgSiWgTmh14CLgz6LttcTTeypsJzfmWxd0YnB+12diRpF37EI503K7PSPP
VCIcaWQIlki/eMc9A4jocknYmN22w+Bqu/lD1T+1biCVYDwuzW6kCmkMcJ+5vTyC
OFhAWib8XVrs1mtgXNFZtZ4hXZcSNIaPN9dYT6wjIwXZCbyn8EWEEpcMKY+5Pwl3
7nkHrHmgW1q2KQTb/e+e8ttbWUHvWhX9KPqDLCN/hW44c6cVSRQqw4D00hu8wlLS
6H3eale0gGcudgmTCGNBaaZg97jsxp7yzydFCDYFD4PWP7SGRmEG9Vq9dOo3AgMB
AAGjggH6MIIB9jAdBgNVHQ4EFgQUGxocDOOur3kytubcGJVU4MEPjCcwHwYDVR0j
BBgwFoAUArXPFjFQrdgukDYq5V8xc9l0nwUwDgYDVR0PAQH/BAQDAgeAMG0GA1Ud
HwRmMGQwYqBgoF6GXHJzeW5jOi8va3JpbGwuc2lnbmFseC5jbG91ZC9yZXBvL3Np
Z25hbHgtcnBraS80LzAyQjVDRjE2MzE1MEFERDgyRTkwMzYyQUU1NUYzMTczRDk3
NDlGMDUuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9BclhQRmpGUXJkZ3VrRFlx
NVY4eGM5bDBud1UuY2VyMIGQBggrBgEFBQcBCwSBgzCBgDB+BggrBgEFBQcwC4Zy
cnN5bmM6Ly9rcmlsbC5zaWduYWx4LmNsb3VkL3JlcG8vc2lnbmFseC1ycGtpLzQv
MzIzMDMwMzEzYTM2Mzc2MzNhMzIzODY0MzQzYTNhMmYzNDM4MmQzNDM4MjAzZDNl
MjAzMjMwMzYzNzM4Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYI
KwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8KNQwDQYJKoZIhvcNAQELBQAD
ggEBADZxP3XV7MmKktk79+z7HclULFLeWaJCn2c6gQ769ztvV3IXkGjThfY+Xtv7
NrDVFbhMdAt72bXP+jlxQzBXgv8bappmPCAnVkrSMak+CSqvY8bkYbDzaigcZ2rE
ZYq1ZTbMVVZ+6AKoNJO+DsNx8S2H3UDl6vJEmTSRKdOJaqadfWcfblM/nLMi/pRW
NuzcjeRP3M6eWozdeBlCnP06Ly5LkgXjShPo4GONMaVIrI1BdFZqV6BMSsGHnAlM
eqcJuwl83vYgiUZTJT5ETNcnobsEbrpg+J6p2OEJIyUzMbXujWy1cdbYwabTgJ+S
sLwt/ATqifpGLvthQw0nOm494IE=
-----END CERTIFICATE-----