Route Origin Authorization
$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa
File: 3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa (raw, json)
Hash identifier: UL7yBA1F7ergECjM7xK45EYvQh4BIa6w098X6gj/00E=
Subject key identifier: CF:2C:80:D8:27:E5:79:D4:29:03:27:47:55:11:D2:4E:19:42:1F:C8
Certificate issuer: /CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Certificate serial: 221C3E23BA23DE88E836FE7B6D558A0D7D731569
Authority key identifier: DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject info access: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa
Signing time: Thu 31 Jul 2025 13:37:43 +0000
ROA not before: Thu 31 Jul 2025 13:32:43 +0000
ROA not after: Thu 30 Jul 2026 13:37:43 +0000
asID: 211321
IP address blocks: 185.49.143.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:1c:3e:23:ba:23:de:88:e8:36:fe:7b:6d:55:8a:0d:7d:73:15:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Validity
Not Before: Jul 31 13:32:43 2025 GMT
Not After : Jul 30 13:37:43 2026 GMT
Subject: CN=CF2C80D827E579D4290327475511D24E19421FC8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:82:29:1a:1a:e2:6f:c0:96:b2:54:f5:54:f3:
81:6c:8b:18:73:8f:e9:02:0a:f1:05:92:a0:15:94:
67:db:04:d8:33:35:d0:9c:59:0a:02:e3:0e:fc:76:
e2:41:54:8e:99:7f:cc:87:30:a8:3f:99:25:48:cd:
41:d8:58:d7:e0:b7:42:7d:eb:c7:ed:89:f6:72:4b:
3d:8d:27:df:04:57:35:b4:26:72:b0:4c:54:63:00:
dc:94:bd:83:fc:ac:5b:30:08:f9:ac:61:f8:09:bb:
dc:1f:3d:90:fb:db:8b:5d:d2:e3:20:03:de:13:1a:
aa:54:27:0a:8a:35:40:aa:f9:ef:03:75:b1:19:53:
76:b3:a9:39:9c:88:df:09:f0:4f:d5:93:50:94:dc:
7f:c2:ff:aa:d6:71:c9:74:5e:a3:01:4b:76:51:13:
ba:d4:24:9f:a3:e9:e3:2b:8b:c2:e2:2d:d9:45:c2:
04:19:26:bc:af:67:e9:5a:b7:62:c2:22:68:d7:d9:
60:c4:31:eb:fa:1f:33:80:6f:f4:58:36:25:98:1d:
7c:85:de:9e:ba:4f:56:62:02:93:99:5c:54:75:28:
a3:16:58:95:02:38:d6:7b:eb:96:6c:7f:f8:bf:7e:
74:77:c5:da:85:a1:bf:08:48:f8:0e:85:d2:5e:41:
63:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:2C:80:D8:27:E5:79:D4:29:03:27:47:55:11:D2:4E:19:42:1F:C8
X509v3 Authority Key Identifier:
keyid:DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.49.143.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:8e:8b:9b:bb:02:64:53:45:c6:b8:15:a1:18:83:9b:a6:d5:
ff:bf:7e:c9:bc:b6:d6:bb:48:00:66:e6:15:f7:50:6a:3e:fa:
82:5f:b8:af:87:bb:74:77:c9:41:5c:86:c2:ae:88:83:00:ab:
cd:26:e6:05:b2:a7:77:1e:7c:5b:13:53:ac:56:0c:5b:bc:86:
8b:fb:66:93:2e:5c:44:66:4f:86:f9:0c:c5:ca:1a:4a:0f:e6:
ef:7e:c8:98:0c:bf:bb:26:d3:6c:44:24:98:4f:52:8d:f9:4f:
1c:ee:bd:56:8b:a4:87:70:f4:8c:99:27:b8:e5:59:6d:50:7e:
cc:a8:50:f1:4e:e0:a0:e4:41:04:13:e6:48:77:06:df:16:21:
18:df:4b:86:f7:7d:4b:0f:6e:56:18:e2:c4:70:10:58:5c:b9:
3b:39:e4:eb:9d:f4:11:92:9c:cc:2a:07:14:07:72:7c:52:c2:
3d:0d:20:24:cd:1b:2f:8b:16:38:ba:e9:9c:e5:18:07:6b:f5:
e1:d7:6b:44:8f:f8:36:38:a4:bc:5a:15:e8:fc:c8:ff:bd:4d:
ce:4c:1b:84:98:0b:5f:2e:99:77:83:29:96:70:87:f6:b8:32:
f8:0a:db:56:d5:cd:82:1d:d3:fc:e8:ff:41:54:13:8b:54:10:
36:da:69:f7
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIUIhw+I7oj3ojoNv57bVWKDX1zFWkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM3ODBkOTkzNWRhYmM3MDFhNGM0ODMyYjE2YzExZDc3
NDNjMzk5YTAeFw0yNTA3MzExMzMyNDNaFw0yNjA3MzAxMzM3NDNaMDMxMTAvBgNV
BAMTKENGMkM4MEQ4MjdFNTc5RDQyOTAzMjc0NzU1MTFEMjRFMTk0MjFGQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCygikaGuJvwJayVPVU84Fsixhz
j+kCCvEFkqAVlGfbBNgzNdCcWQoC4w78duJBVI6Zf8yHMKg/mSVIzUHYWNfgt0J9
68ftifZySz2NJ98EVzW0JnKwTFRjANyUvYP8rFswCPmsYfgJu9wfPZD724td0uMg
A94TGqpUJwqKNUCq+e8DdbEZU3azqTmciN8J8E/Vk1CU3H/C/6rWccl0XqMBS3ZR
E7rUJJ+j6eMri8LiLdlFwgQZJryvZ+lat2LCImjX2WDEMev6HzOAb/RYNiWYHXyF
3p66T1ZiApOZXFR1KKMWWJUCONZ765Zsf/i/fnR3xdqFob8ISPgOhdJeQWN9AgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQUzyyA2CfledQpAydHVRHSThlCH8gwHwYDVR0j
BBgwFoAU3HgNmTXavHAaTEgysWwR13Q8OZowDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvREM3ODBEOTkzNURBQkM3MDFBNEM0ODMyQjE2QzExRDc3
NDNDMzk5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNIZ05tVFhhdkhBYVRF
Z3lzV3dSMTNROE9aby5jZXIwgYoGCCsGAQUFBwELBH4wfDB6BggrBgEFBQcwC4Zu
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMTM4MzUyZTM0MzkyZTMxMzQzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMy
MzEzMTMzMzIzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEALkxjzANBgkqhkiG9w0BAQsFAAOCAQEAT46L
m7sCZFNFxrgVoRiDm6bV/79+yby21rtIAGbmFfdQaj76gl+4r4e7dHfJQVyGwq6I
gwCrzSbmBbKndx58WxNTrFYMW7yGi/tmky5cRGZPhvkMxcoaSg/m737ImAy/uybT
bEQkmE9SjflPHO69Voukh3D0jJknuOVZbVB+zKhQ8U7goORBBBPmSHcG3xYhGN9L
hvd9Sw9uVhjixHAQWFy5Oznk6530EZKczCoHFAdyfFLCPQ0gJM0bL4sWOLrpnOUY
B2v14ddrRI/4NjikvFoV6PzI/71NzkwbhJgLXy6Zd4MplnCH9rgy+ArbVtXNgh3T
/Oj/QVQTi1QQNtpp9w==
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:33:47 2025 by rpki-client