Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3332203d3e2038353837.roa
File:                     326130343a623930303a3a2f33302d3332203d3e2038353837.roa (raw, json)
Hash identifier:          YouEGWqx2GG1gNyKDzMvqaRmGag9lv2eJQyjBwSYn9Y=
Subject key identifier:   5C:26:AE:EE:65:3B:B9:BE:93:5D:CD:7E:BD:C0:78:24:DC:7C:8C:DD
Certificate issuer:       /CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Certificate serial:       3452EA3755A4A79141515FB7531E5C9805A9D652
Authority key identifier: DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3332203d3e2038353837.roa
Signing time:             Thu 31 Jul 2025 13:37:44 +0000
ROA not before:           Thu 31 Jul 2025 13:32:44 +0000
ROA not after:            Thu 30 Jul 2026 13:37:44 +0000
asID:                     8587
IP address blocks:        2a04:b900::/30 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:52:ea:37:55:a4:a7:91:41:51:5f:b7:53:1e:5c:98:05:a9:d6:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc780d9935dabc701a4c4832b16c11d7743c399a
        Validity
            Not Before: Jul 31 13:32:44 2025 GMT
            Not After : Jul 30 13:37:44 2026 GMT
        Subject: CN=5C26AEEE653BB9BE935DCD7EBDC07824DC7C8CDD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:05:b0:63:29:af:4e:0f:39:0f:ff:db:85:b9:
                    47:6d:c5:a0:10:64:95:cb:bc:99:a8:69:d6:c8:46:
                    3e:82:82:a6:21:24:18:97:b3:7e:a4:4a:fb:15:d2:
                    84:9e:4e:04:65:dc:28:73:6c:6e:52:b1:51:06:be:
                    92:b6:11:60:b6:2e:5d:f9:50:5e:f2:95:42:cf:70:
                    38:00:46:8c:13:8d:6d:df:6e:c5:58:01:78:f9:45:
                    1f:21:af:78:b0:10:05:0b:45:51:a3:dd:f0:db:3d:
                    33:11:a1:2f:fd:3f:72:87:1d:4f:88:71:63:0c:71:
                    21:14:55:87:f2:62:67:75:04:51:ba:d8:96:94:18:
                    fb:e7:09:e8:90:00:c8:10:ba:44:2c:9e:3f:b5:0b:
                    ae:06:96:a2:e1:88:61:2c:c2:f6:15:0b:67:a4:b3:
                    0e:b7:15:46:94:7d:de:17:25:4e:7f:26:79:d9:03:
                    61:64:dd:65:e0:8f:94:d0:29:d7:be:ef:18:d0:93:
                    17:d9:2d:e4:b4:77:d4:13:41:47:ed:a2:a3:d6:62:
                    db:08:a6:da:f3:85:56:b8:19:77:0d:90:5f:0b:05:
                    f1:5e:8e:f7:3c:dd:11:fc:f2:0f:d0:7b:a4:19:8a:
                    a9:1d:ca:f3:83:46:96:77:64:e1:e1:0b:37:b1:da:
                    34:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:26:AE:EE:65:3B:B9:BE:93:5D:CD:7E:BD:C0:78:24:DC:7C:8C:DD
            X509v3 Authority Key Identifier:
                keyid:DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930303a3a2f33302d3332203d3e2038353837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b900::/30

    Signature Algorithm: sha256WithRSAEncryption
         40:2d:65:51:b4:19:73:8f:ee:c1:00:ff:c2:a9:71:ac:f5:2f:
         78:a0:41:74:b2:69:89:86:56:31:51:78:09:01:c6:73:14:a0:
         dc:87:09:fd:ce:e7:98:ab:23:55:ac:7f:bd:e1:76:dd:df:29:
         a9:6f:f2:01:fc:85:fb:7a:fc:1f:5f:6c:07:e4:c1:95:ab:0a:
         ce:ec:e8:36:a0:aa:14:cc:28:15:46:cb:3a:5b:cb:2a:42:c5:
         58:77:80:3a:c5:7f:01:7c:0b:6a:5a:5f:0a:4a:9e:0e:72:c5:
         db:9c:fc:3a:67:66:ae:33:7b:95:ed:c8:b4:a0:bd:33:27:57:
         2d:3a:d9:bc:bb:6c:9e:41:e6:c2:e8:4a:6c:cb:53:3f:12:aa:
         90:9f:83:d7:fd:77:d4:71:48:d0:9c:06:5d:e1:35:40:a8:41:
         d7:20:5d:43:be:44:ca:5d:fd:76:a4:bc:c4:bb:da:23:8f:80:
         23:15:a2:a4:3d:c7:18:13:58:1f:03:fe:8b:94:97:f6:2c:ac:
         c8:4a:f4:7c:97:03:19:43:c7:c6:a7:86:03:08:55:dd:0a:85:
         32:c9:9f:8a:fa:b0:08:38:a4:08:17:8a:1f:c7:e4:59:b1:45:
         69:f1:28:e1:9d:5d:70:0a:5f:3c:a2:35:97:28:ba:d1:9a:c8:
         0e:11:da:92
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUNFLqN1Wkp5FBUV+3Ux5cmAWp1lIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM3ODBkOTkzNWRhYmM3MDFhNGM0ODMyYjE2YzExZDc3
NDNjMzk5YTAeFw0yNTA3MzExMzMyNDRaFw0yNjA3MzAxMzM3NDRaMDMxMTAvBgNV
BAMTKDVDMjZBRUVFNjUzQkI5QkU5MzVEQ0Q3RUJEQzA3ODI0REM3QzhDREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoBbBjKa9ODzkP/9uFuUdtxaAQ
ZJXLvJmoadbIRj6CgqYhJBiXs36kSvsV0oSeTgRl3ChzbG5SsVEGvpK2EWC2Ll35
UF7ylULPcDgARowTjW3fbsVYAXj5RR8hr3iwEAULRVGj3fDbPTMRoS/9P3KHHU+I
cWMMcSEUVYfyYmd1BFG62JaUGPvnCeiQAMgQukQsnj+1C64GlqLhiGEswvYVC2ek
sw63FUaUfd4XJU5/JnnZA2Fk3WXgj5TQKde+7xjQkxfZLeS0d9QTQUftoqPWYtsI
ptrzhVa4GXcNkF8LBfFejvc83RH88g/Qe6QZiqkdyvODRpZ3ZOHhCzex2jTbAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUXCau7mU7ub6TXc1+vcB4JNx8jN0wHwYDVR0j
BBgwFoAU3HgNmTXavHAaTEgysWwR13Q8OZowDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvREM3ODBEOTkzNURBQkM3MDFBNEM0ODMyQjE2QzExRDc3
NDNDMzk5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNIZ05tVFhhdkhBYVRF
Z3lzV3dSMTNROE9aby5jZXIwgYQGCCsGAQUFBwELBHgwdjB0BggrBgEFBQcwC4Zo
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzAzYTNhMmYzMzMwMmQzMzMyMjAzZDNlMjAzODM1
MzgzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB
/wQRMA8wDQQCAAIwBwMFAioEuQAwDQYJKoZIhvcNAQELBQADggEBAEAtZVG0GXOP
7sEA/8Kpcaz1L3igQXSyaYmGVjFReAkBxnMUoNyHCf3O55irI1Wsf73hdt3fKalv
8gH8hft6/B9fbAfkwZWrCs7s6DagqhTMKBVGyzpbyypCxVh3gDrFfwF8C2paXwpK
ng5yxduc/DpnZq4ze5XtyLSgvTMnVy062by7bJ5B5sLoSmzLUz8SqpCfg9f9d9Rx
SNCcBl3hNUCoQdcgXUO+RMpd/XakvMS72iOPgCMVoqQ9xxgTWB8D/ouUl/YsrMhK
9HyXAxlDx8anhgMIVd0KhTLJn4r6sAg4pAgXih/H5FmxRWnxKOGdXXAKXzyiNZco
utGayA4R2pI=
-----END CERTIFICATE-----