Route Origin Authorization
$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa
File: 326130343a623930303a3a2f33302d3330203d3e2038353837.roa (raw, json)
Hash identifier: gYkRIFE7UL0cJEwnwxVcLo1Ut87kd9a2aqmOVqa5baI=
Subject key identifier: C7:F5:47:0A:1D:5F:F4:E1:29:C2:31:4D:DA:DE:AC:DE:9D:B9:46:87
Certificate issuer: /CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Certificate serial: 23493C8CEA726E49F20E125FC0EA21465AE0B490
Authority key identifier: DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject info access: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa
Signing time: Thu 31 Jul 2025 13:37:42 +0000
ROA not before: Thu 31 Jul 2025 13:32:42 +0000
ROA not after: Thu 30 Jul 2026 13:37:42 +0000
asID: 8587
IP address blocks: 2a04:b900::/30 maxlen: 30
Validation: OK
Signature path: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 12:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:49:3c:8c:ea:72:6e:49:f2:0e:12:5f:c0:ea:21:46:5a:e0:b4:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Validity
Not Before: Jul 31 13:32:42 2025 GMT
Not After : Jul 30 13:37:42 2026 GMT
Subject: CN=C7F5470A1D5FF4E129C2314DDADEACDE9DB94687
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:c6:ae:27:bf:5e:3e:0c:09:3c:37:d8:b7:a1:
85:9e:6e:85:ae:50:b4:87:e1:de:4e:29:e6:18:f3:
f2:5b:81:6b:24:70:ec:eb:ae:18:1b:e0:91:c8:7d:
86:9e:ec:5b:82:56:16:77:3c:41:b8:f7:a3:12:6e:
c5:57:f5:09:53:80:f0:ce:ae:17:58:bc:87:69:83:
92:a0:f7:64:29:49:01:5c:72:30:af:e8:42:24:0a:
61:0f:2a:6e:51:6f:cc:93:d2:39:0d:3f:a1:d3:3a:
03:38:e8:f6:e9:1e:89:54:c5:df:ca:83:a1:66:98:
eb:52:28:06:36:00:67:04:71:93:76:82:75:d4:fd:
98:82:af:c8:b5:19:c6:ae:95:2d:53:1a:80:d3:b9:
05:95:4b:36:b8:9d:aa:24:38:ae:73:24:6c:fa:ab:
95:6b:20:18:83:78:0c:31:de:cf:c9:ed:50:84:9a:
14:a2:b1:01:71:66:30:74:8e:5f:fa:33:6e:aa:5c:
fc:de:1c:f6:ce:8f:6a:21:dd:44:63:b3:5e:88:7f:
33:6a:16:20:c1:12:c2:5d:b5:91:a8:5c:fd:c7:23:
fe:b1:16:5d:d1:cc:9f:07:2b:4f:12:0a:7c:42:eb:
6e:c5:47:4f:f9:5e:09:d9:b8:f7:36:29:95:2f:27:
8e:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:F5:47:0A:1D:5F:F4:E1:29:C2:31:4D:DA:DE:AC:DE:9D:B9:46:87
X509v3 Authority Key Identifier:
keyid:DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3330203d3e2038353837.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a04:b900::/30
Signature Algorithm: sha256WithRSAEncryption
06:1a:5a:30:67:43:70:db:ec:47:4d:f8:b3:18:a9:27:ab:14:
24:4e:26:2a:9a:80:6a:60:2b:cb:6c:bc:c8:38:e1:43:25:ba:
9d:7e:96:61:dc:7e:ea:fb:89:14:b6:fe:6a:ef:a9:f8:3d:ea:
7a:ed:ce:1f:3c:2f:48:b0:10:f0:e2:cd:2c:4f:c4:8e:36:ff:
40:73:3e:5f:a1:11:78:0c:0a:07:b1:45:c6:80:0b:2c:c5:90:
6d:bd:58:b9:26:fd:55:d3:80:f6:a9:5a:f7:ff:ed:d5:50:11:
48:78:69:42:86:b4:a7:82:bd:34:17:ef:6d:c6:cc:e2:9f:b4:
45:ee:28:95:5e:97:f6:16:53:5a:72:71:71:90:6c:8d:53:ce:
26:96:20:6d:9a:69:0a:57:ba:3d:1a:ee:d7:cf:07:f5:2b:07:
c2:ad:fe:ff:d2:b5:2f:81:1c:39:3a:06:a0:7d:35:0b:24:70:
c3:e8:27:59:d5:0e:3c:43:20:51:af:15:04:93:01:98:df:89:
83:f9:d0:89:50:fd:bd:fa:1f:fc:c4:52:b3:14:8c:55:14:5a:
4c:04:36:d0:49:49:ee:e7:82:3d:2e:98:bc:65:a3:88:8c:68:
4e:49:66:60:3f:7b:cb:27:ae:0f:04:32:fd:17:3f:03:5b:81:
f4:2a:8a:e6
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUI0k8jOpybknyDhJfwOohRlrgtJAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM3ODBkOTkzNWRhYmM3MDFhNGM0ODMyYjE2YzExZDc3
NDNjMzk5YTAeFw0yNTA3MzExMzMyNDJaFw0yNjA3MzAxMzM3NDJaMDMxMTAvBgNV
BAMTKEM3RjU0NzBBMUQ1RkY0RTEyOUMyMzE0RERBREVBQ0RFOURCOTQ2ODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChxq4nv14+DAk8N9i3oYWeboWu
ULSH4d5OKeYY8/JbgWskcOzrrhgb4JHIfYae7FuCVhZ3PEG496MSbsVX9QlTgPDO
rhdYvIdpg5Kg92QpSQFccjCv6EIkCmEPKm5Rb8yT0jkNP6HTOgM46PbpHolUxd/K
g6FmmOtSKAY2AGcEcZN2gnXU/ZiCr8i1GcaulS1TGoDTuQWVSza4naokOK5zJGz6
q5VrIBiDeAwx3s/J7VCEmhSisQFxZjB0jl/6M26qXPzeHPbOj2oh3URjs16IfzNq
FiDBEsJdtZGoXP3HI/6xFl3RzJ8HK08SCnxC627FR0/5XgnZuPc2KZUvJ46zAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUx/VHCh1f9OEpwjFN2t6s3p25RocwHwYDVR0j
BBgwFoAU3HgNmTXavHAaTEgysWwR13Q8OZowDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvREM3ODBEOTkzNURBQkM3MDFBNEM0ODMyQjE2QzExRDc3
NDNDMzk5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNIZ05tVFhhdkhBYVRF
Z3lzV3dSMTNROE9aby5jZXIwgYQGCCsGAQUFBwELBHgwdjB0BggrBgEFBQcwC4Zo
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzAzYTNhMmYzMzMwMmQzMzMwMjAzZDNlMjAzODM1
MzgzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB
/wQRMA8wDQQCAAIwBwMFAioEuQAwDQYJKoZIhvcNAQELBQADggEBAAYaWjBnQ3Db
7EdN+LMYqSerFCROJiqagGpgK8tsvMg44UMlup1+lmHcfur7iRS2/mrvqfg96nrt
zh88L0iwEPDizSxPxI42/0BzPl+hEXgMCgexRcaACyzFkG29WLkm/VXTgPapWvf/
7dVQEUh4aUKGtKeCvTQX723GzOKftEXuKJVel/YWU1pycXGQbI1TziaWIG2aaQpX
uj0a7tfPB/UrB8Kt/v/StS+BHDk6BqB9NQskcMPoJ1nVDjxDIFGvFQSTAZjfiYP5
0IlQ/b36H/zEUrMUjFUUWkwENtBJSe7ngj0umLxlo4iMaE5JZmA/e8snrg8EMv0X
PwNbgfQqiuY=
-----END CERTIFICATE-----
Generated at Mon Aug 4 18:09:52 2025 by rpki-client