Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa
File:                     3138352e34392e3134302e302f32332d3233203d3e2038353837.roa (raw, json)
Hash identifier:          bG62lXPn1Km32GF1V4Mpr+78+uhtW45az4faRRcPToY=
Subject key identifier:   5B:D0:CB:C5:E4:A1:9D:EF:57:FC:60:E2:8C:7E:EB:5C:04:D0:4B:8F
Certificate issuer:       /CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Certificate serial:       07DCD045DED2A168D9A6CE0E859D44DB585FE959
Authority key identifier: DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa
Signing time:             Thu 31 Jul 2025 13:37:41 +0000
ROA not before:           Thu 31 Jul 2025 13:32:41 +0000
ROA not after:            Thu 30 Jul 2026 13:37:41 +0000
asID:                     8587
IP address blocks:        185.49.140.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:dc:d0:45:de:d2:a1:68:d9:a6:ce:0e:85:9d:44:db:58:5f:e9:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc780d9935dabc701a4c4832b16c11d7743c399a
        Validity
            Not Before: Jul 31 13:32:41 2025 GMT
            Not After : Jul 30 13:37:41 2026 GMT
        Subject: CN=5BD0CBC5E4A19DEF57FC60E28C7EEB5C04D04B8F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d3:c9:35:c5:44:ed:72:2f:91:a5:dd:8e:41:
                    23:f6:05:fe:59:d5:8b:2f:0e:2b:86:b4:68:f5:f0:
                    17:c5:25:80:dd:83:9c:d7:14:71:29:0b:ae:e2:2a:
                    ed:05:e4:6e:f6:3b:69:03:bb:69:b3:d5:6b:df:20:
                    01:c7:2a:00:57:ff:e8:8d:23:c0:5b:26:07:f9:7a:
                    49:36:1f:0d:b1:f3:4d:6e:6c:71:e5:fe:e9:06:7b:
                    cf:d9:f6:8e:0f:c9:93:b5:cc:7e:f7:18:46:22:9e:
                    c1:56:6f:5b:2d:b2:53:3d:f1:99:14:ec:1f:7e:de:
                    00:51:69:24:17:d5:c5:93:fa:56:62:d8:f4:fd:5c:
                    29:20:ec:1e:df:28:2c:e3:f2:08:b7:5e:59:48:00:
                    ef:2e:1e:29:2f:a7:c4:6f:19:57:f7:c8:55:3f:d3:
                    57:47:f9:75:62:bc:53:4a:58:4f:e6:a5:f2:a9:19:
                    76:9a:b7:6b:33:83:f2:26:d8:d9:72:d5:3a:9e:c3:
                    46:da:cd:09:dd:06:cc:d5:09:7c:98:04:a2:3f:fa:
                    3d:a0:42:5e:2a:c8:37:eb:7a:a2:1f:e1:70:5b:82:
                    20:78:f3:1d:4d:e1:05:8e:fa:4d:c7:f0:15:1b:ae:
                    63:8f:1e:eb:e3:59:c4:03:37:00:fa:c8:dd:0a:03:
                    ec:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D0:CB:C5:E4:A1:9D:EF:57:FC:60:E2:8C:7E:EB:5C:04:D0:4B:8F
            X509v3 Authority Key Identifier:
                keyid:DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134302e302f32332d3233203d3e2038353837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:b2:d2:42:79:e7:70:9b:83:e5:4d:c6:8e:12:3b:12:06:99:
         b4:78:bc:5c:49:d7:ee:92:3d:ac:d9:8f:e2:9c:6e:f7:81:c3:
         fc:c1:0c:51:84:af:29:58:e4:93:06:cb:20:70:dc:36:90:24:
         ae:36:76:61:18:90:de:59:1f:d8:3f:f4:da:9b:84:2b:73:f1:
         f4:a1:53:27:20:ff:c4:b0:5a:ab:0b:92:7e:83:fd:12:98:ce:
         97:cb:e7:8d:3f:0e:d0:f2:d3:2b:c5:9c:03:4e:7e:f1:0f:e6:
         54:25:f6:cd:d7:dc:70:82:43:fb:48:b7:a6:26:a7:62:6f:b6:
         0f:66:64:3e:28:a5:66:97:71:6e:6b:76:ce:8a:6a:3f:7c:4a:
         39:04:f5:c2:59:9c:bc:a2:30:62:69:56:bd:8d:b5:ef:f1:be:
         52:de:09:54:df:14:ff:87:c4:15:aa:89:83:b6:63:f3:00:6c:
         22:73:ef:c7:49:97:e4:f6:57:87:5c:8a:fe:7a:66:63:13:16:
         7f:68:6c:c0:b9:ff:22:a9:7d:5f:d9:fc:ca:d9:d6:11:37:ee:
         69:6b:35:dd:33:98:d5:3c:21:8f:e2:0b:d3:25:cb:c8:16:66:
         ca:a0:54:53:d6:e7:45:6c:fc:7b:92:6f:27:07:4b:21:22:aa:
         28:3e:fe:e0
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUB9zQRd7SoWjZps4OhZ1E21hf6VkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM3ODBkOTkzNWRhYmM3MDFhNGM0ODMyYjE2YzExZDc3
NDNjMzk5YTAeFw0yNTA3MzExMzMyNDFaFw0yNjA3MzAxMzM3NDFaMDMxMTAvBgNV
BAMTKDVCRDBDQkM1RTRBMTlERUY1N0ZDNjBFMjhDN0VFQjVDMDREMDRCOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi08k1xUTtci+Rpd2OQSP2Bf5Z
1YsvDiuGtGj18BfFJYDdg5zXFHEpC67iKu0F5G72O2kDu2mz1WvfIAHHKgBX/+iN
I8BbJgf5ekk2Hw2x801ubHHl/ukGe8/Z9o4PyZO1zH73GEYinsFWb1stslM98ZkU
7B9+3gBRaSQX1cWT+lZi2PT9XCkg7B7fKCzj8gi3XllIAO8uHikvp8RvGVf3yFU/
01dH+XVivFNKWE/mpfKpGXaat2szg/Im2Nly1Tqew0bazQndBszVCXyYBKI/+j2g
Ql4qyDfreqIf4XBbgiB48x1N4QWO+k3H8BUbrmOPHuvjWcQDNwD6yN0KA+yhAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUW9DLxeShne9X/GDijH7rXATQS48wHwYDVR0j
BBgwFoAU3HgNmTXavHAaTEgysWwR13Q8OZowDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvREM3ODBEOTkzNURBQkM3MDFBNEM0ODMyQjE2QzExRDc3
NDNDMzk5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNIZ05tVFhhdkhBYVRF
Z3lzV3dSMTNROE9aby5jZXIwgYYGCCsGAQUFBwELBHoweDB2BggrBgEFBQcwC4Zq
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMTM4MzUyZTM0MzkyZTMxMzQzMDJlMzAyZjMyMzMyZDMyMzMyMDNkM2UyMDM4
MzUzODM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQBuTGMMA0GCSqGSIb3DQEBCwUAA4IBAQCLstJCeedw
m4PlTcaOEjsSBpm0eLxcSdfukj2s2Y/inG73gcP8wQxRhK8pWOSTBssgcNw2kCSu
NnZhGJDeWR/YP/Tam4Qrc/H0oVMnIP/EsFqrC5J+g/0SmM6Xy+eNPw7Q8tMrxZwD
Tn7xD+ZUJfbN19xwgkP7SLemJqdib7YPZmQ+KKVml3Fua3bOimo/fEo5BPXCWZy8
ojBiaVa9jbXv8b5S3glU3xT/h8QVqomDtmPzAGwic+/HSZfk9leHXIr+emZjExZ/
aGzAuf8iqX1f2fzK2dYRN+5pazXdM5jVPCGP4gvTJcvIFmbKoFRT1udFbPx7km8n
B0shIqooPv7g
-----END CERTIFICATE-----