Route Origin Authorization
$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa
File: 3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa (raw, json)
Hash identifier: iewdWSe6JDqXZwV+5rxPgHXeqvYSAY33S3waDnF6QEI=
Subject key identifier: 4C:86:4F:E5:A0:A8:DE:43:52:58:31:30:F8:96:58:59:DF:0A:7E:0D
Certificate issuer: /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial: 19EAE15CED452B1004B18CC7BD94FFE7DDD96ED1
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa
Signing time: Mon 12 May 2025 14:07:21 +0000
ROA not before: Mon 12 May 2025 14:02:21 +0000
ROA not after: Mon 11 May 2026 14:07:21 +0000
asID: 211321
IP address blocks: 185.49.143.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Jun 2025 17:30:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
19:ea:e1:5c:ed:45:2b:10:04:b1:8c:c7:bd:94:ff:e7:dd:d9:6e:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
Validity
Not Before: May 12 14:02:21 2025 GMT
Not After : May 11 14:07:21 2026 GMT
Subject: CN=4C864FE5A0A8DE4352583130F8965859DF0A7E0D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:54:85:8e:08:4a:6a:58:f2:f2:3e:2f:74:34:
ca:8b:12:d8:dd:98:d4:c7:7a:b0:cf:34:38:e5:68:
ee:dd:74:67:1a:7a:2b:12:ff:16:c6:f1:a3:dd:97:
54:a7:fb:e1:63:a2:d5:b3:38:39:72:1d:2b:09:72:
a0:4b:ae:75:9f:c4:d3:9b:e0:d7:f2:76:eb:1c:d5:
6e:d1:e9:23:f2:8e:6e:1b:91:ab:8d:9e:c6:a3:4a:
45:8d:95:41:46:eb:b1:8a:3b:ea:36:e3:07:a7:09:
ea:d5:96:aa:ae:49:4d:41:17:d5:f7:4a:ef:81:37:
64:b5:fc:c0:17:03:42:cf:1c:f0:54:f7:eb:d0:02:
35:e0:20:b7:8c:e1:01:28:01:d9:25:16:84:5b:5b:
28:b5:5e:0f:28:8a:c5:ae:47:03:da:f3:58:10:75:
dd:01:a5:cc:87:f5:ab:7b:1a:83:48:32:d4:86:8c:
e0:b3:e6:65:34:36:7e:af:2c:00:41:8f:3d:64:07:
a4:7d:1e:ed:cb:7f:1d:1d:5c:9a:60:2b:7c:62:cb:
44:ec:3c:66:58:e9:ee:21:46:de:e4:0a:ad:c2:2a:
4c:a6:9f:1f:c9:d1:4d:ae:ea:0f:6a:ba:f9:c8:f3:
08:0c:21:80:0a:92:8f:66:b0:74:00:ac:88:46:a4:
c7:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:86:4F:E5:A0:A8:DE:43:52:58:31:30:F8:96:58:59:DF:0A:7E:0D
X509v3 Authority Key Identifier:
keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.49.143.0/24
Signature Algorithm: sha256WithRSAEncryption
12:89:52:64:1d:eb:db:06:a8:ec:23:f4:68:51:5f:fd:d7:54:
38:f0:23:a4:93:d4:ae:ba:f2:68:5c:d7:77:20:af:e9:0f:07:
ed:ad:b1:c3:70:38:5e:e1:d0:18:19:79:bf:a4:8a:fa:00:75:
f0:36:d0:9f:2a:f9:c3:1f:94:6e:ea:fc:16:03:31:36:68:8d:
38:39:f8:41:f3:b8:76:fb:66:17:28:5f:be:be:2d:43:a4:3c:
63:ce:c1:69:1a:8d:58:b6:49:34:a6:3c:79:fd:d3:62:76:3c:
39:5b:ed:8c:b7:65:7f:a8:f8:ef:2a:99:05:fa:dd:f2:a2:b7:
76:37:18:a9:3a:42:e6:2f:b9:f7:da:4f:02:7f:a9:71:e8:1c:
65:d1:c7:49:2c:7f:f3:02:5b:dc:56:fc:39:53:48:49:43:d8:
a8:ab:35:93:58:85:fa:a1:09:2c:40:fa:f3:2e:33:42:c9:95:
f7:fc:6b:3b:d5:ea:b2:62:ab:56:e6:98:f9:de:10:1f:5b:cc:
8d:ab:fc:d7:76:a0:c1:f7:43:86:16:e9:1d:4a:aa:26:d1:91:
90:1c:24:c7:39:f6:8d:ea:ab:98:3e:d8:52:d5:92:de:ff:b7:
8d:aa:85:f1:a5:93:4f:98:cf:95:60:e8:e2:0c:d4:c0:7f:31:
a6:51:c3:a7
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIUGerhXO1FKxAEsYzHvZT/593ZbtEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjFaFw0yNjA1MTExNDA3MjFaMDMxMTAvBgNV
BAMTKDRDODY0RkU1QTBBOERFNDM1MjU4MzEzMEY4OTY1ODU5REYwQTdFMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJVIWOCEpqWPLyPi90NMqLEtjd
mNTHerDPNDjlaO7ddGcaeisS/xbG8aPdl1Sn++FjotWzODlyHSsJcqBLrnWfxNOb
4Nfydusc1W7R6SPyjm4bkauNnsajSkWNlUFG67GKO+o24wenCerVlqquSU1BF9X3
Su+BN2S1/MAXA0LPHPBU9+vQAjXgILeM4QEoAdklFoRbWyi1Xg8oisWuRwPa81gQ
dd0BpcyH9at7GoNIMtSGjOCz5mU0Nn6vLABBjz1kB6R9Hu3Lfx0dXJpgK3xiy0Ts
PGZY6e4hRt7kCq3CKkymnx/J0U2u6g9quvnI8wgMIYAKko9msHQArIhGpMerAgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQUTIZP5aCo3kNSWDEw+JZYWd8Kfg0wHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYoGCCsGAQUFBwELBH4wfDB6BggrBgEFBQcwC4Zu
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMTM4MzUyZTM0MzkyZTMxMzQzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMy
MzEzMTMzMzIzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEALkxjzANBgkqhkiG9w0BAQsFAAOCAQEAEolS
ZB3r2wao7CP0aFFf/ddUOPAjpJPUrrryaFzXdyCv6Q8H7a2xw3A4XuHQGBl5v6SK
+gB18DbQnyr5wx+Ubur8FgMxNmiNODn4QfO4dvtmFyhfvr4tQ6Q8Y87BaRqNWLZJ
NKY8ef3TYnY8OVvtjLdlf6j47yqZBfrd8qK3djcYqTpC5i+599pPAn+pcegcZdHH
SSx/8wJb3Fb8OVNISUPYqKs1k1iF+qEJLED68y4zQsmV9/xrO9XqsmKrVuaY+d4Q
H1vMjav813agwfdDhhbpHUqqJtGRkBwkxzn2jeqrmD7YUtWS3v+3jaqF8aWTT5jP
lWDo4gzUwH8xplHDpw==
-----END CERTIFICATE-----
Generated at Sat Jun 14 11:01:25 2025 by rpki-client