Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f34382d3438203d3e20323131333231.roa
File:                     326130343a623930323a3a2f34382d3438203d3e20323131333231.roa (raw, json)
Hash identifier:          qdL0+PphZnX4cdypWsOWZjkH1FNw49MUNv/FrNDrY3s=
Subject key identifier:   E7:2A:FE:1D:84:2B:BE:E2:AB:36:FF:E4:97:74:15:42:E2:F9:BA:72
Certificate issuer:       /CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Certificate serial:       1559774B95A4868DA2A15EBA7B8897ACBA173CEF
Authority key identifier: DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f34382d3438203d3e20323131333231.roa
Signing time:             Thu 31 Jul 2025 13:37:44 +0000
ROA not before:           Thu 31 Jul 2025 13:32:44 +0000
ROA not after:            Thu 30 Jul 2026 13:37:44 +0000
asID:                     211321
IP address blocks:        2a04:b902::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:59:77:4b:95:a4:86:8d:a2:a1:5e:ba:7b:88:97:ac:ba:17:3c:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc780d9935dabc701a4c4832b16c11d7743c399a
        Validity
            Not Before: Jul 31 13:32:44 2025 GMT
            Not After : Jul 30 13:37:44 2026 GMT
        Subject: CN=E72AFE1D842BBEE2AB36FFE497741542E2F9BA72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:39:6e:fd:4e:12:6b:74:2d:64:b8:ed:d9:66:
                    5e:b8:76:49:b3:ba:46:eb:a6:4d:d4:98:df:2a:78:
                    9e:b4:be:e0:86:e3:04:7c:c6:00:f3:5e:90:4e:9f:
                    ca:87:06:fc:a3:7a:23:62:99:29:b8:79:11:fc:c8:
                    79:2e:7f:79:6f:05:ac:a1:42:ed:25:82:19:c7:f3:
                    29:c4:0b:9a:27:16:72:c6:da:79:9a:37:f8:75:dc:
                    8c:44:c9:78:69:78:5c:c9:fc:d4:3e:0a:f7:27:eb:
                    db:e0:b3:46:83:17:65:31:83:b3:9c:a0:39:60:67:
                    09:5c:f5:45:78:67:38:0f:54:35:11:66:8d:0e:b5:
                    7c:3b:3e:ee:4b:33:f4:19:62:00:4d:58:71:08:bc:
                    d1:77:b6:7e:c3:60:06:b7:70:43:00:bb:2d:39:dc:
                    0f:f0:91:5c:be:00:27:70:a3:f4:1c:08:44:24:b2:
                    74:a0:a2:da:3d:57:39:e4:41:bf:4c:81:10:31:67:
                    dc:c8:81:13:6e:29:52:d6:7d:b7:84:01:c3:bd:97:
                    b7:fd:8d:a3:0a:62:39:00:bf:c6:55:eb:f9:6a:75:
                    15:b5:6e:2c:2c:65:7c:df:63:4d:93:4c:1a:35:ef:
                    9e:ff:aa:0a:ae:c7:f6:98:cf:63:58:87:e2:20:dc:
                    be:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:2A:FE:1D:84:2B:BE:E2:AB:36:FF:E4:97:74:15:42:E2:F9:BA:72
            X509v3 Authority Key Identifier:
                keyid:DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930323a3a2f34382d3438203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b902::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:52:50:40:cc:27:8e:12:7f:f6:37:f1:b7:98:0d:7d:25:60:
         f8:10:df:ef:96:2a:38:21:f9:73:13:b6:a1:80:0c:29:1a:17:
         d2:ab:4d:71:de:c3:6a:4a:22:3b:f2:0f:d0:e0:0b:74:cd:7b:
         fd:40:a2:3a:6f:0e:ad:8f:16:6a:d3:e4:5f:7e:6b:b6:10:57:
         30:50:d9:5d:9f:06:24:77:bc:ac:ca:d8:08:ec:c2:02:dd:98:
         b6:16:a3:d6:5d:bb:77:54:8c:bd:c5:74:e9:6c:c4:aa:98:60:
         8c:ae:4e:8a:80:b5:ce:4a:40:5b:ac:eb:b4:e5:53:88:13:c0:
         8c:6e:9a:21:fd:c1:7f:8f:94:1b:13:67:42:c5:3f:c5:bb:af:
         56:8b:48:b9:ce:9a:86:eb:29:f8:f2:c8:3c:9e:04:17:6e:1d:
         cc:50:13:76:61:5e:59:63:3e:c0:c0:99:81:a6:71:7f:d9:f1:
         17:18:c5:be:34:7d:10:41:b5:51:a5:53:3d:a3:c4:45:68:37:
         6e:38:72:9b:68:56:dc:d4:78:8a:e4:14:e3:c6:2a:95:7a:97:
         4d:bc:01:39:a1:5a:0c:35:fc:84:cb:1a:ce:cc:f5:6a:9e:2a:
         15:81:1f:7a:cd:8e:73:2a:30:ae:f4:25:da:ea:95:84:5b:21:
         94:74:92:d5
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgIUFVl3S5Wkho2ioV66e4iXrLoXPO8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM3ODBkOTkzNWRhYmM3MDFhNGM0ODMyYjE2YzExZDc3
NDNjMzk5YTAeFw0yNTA3MzExMzMyNDRaFw0yNjA3MzAxMzM3NDRaMDMxMTAvBgNV
BAMTKEU3MkFGRTFEODQyQkJFRTJBQjM2RkZFNDk3NzQxNTQyRTJGOUJBNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYOW79ThJrdC1kuO3ZZl64dkmz
ukbrpk3UmN8qeJ60vuCG4wR8xgDzXpBOn8qHBvyjeiNimSm4eRH8yHkuf3lvBayh
Qu0lghnH8ynEC5onFnLG2nmaN/h13IxEyXhpeFzJ/NQ+Cvcn69vgs0aDF2Uxg7Oc
oDlgZwlc9UV4ZzgPVDURZo0OtXw7Pu5LM/QZYgBNWHEIvNF3tn7DYAa3cEMAuy05
3A/wkVy+ACdwo/QcCEQksnSgoto9VznkQb9MgRAxZ9zIgRNuKVLWfbeEAcO9l7f9
jaMKYjkAv8ZV6/lqdRW1biwsZXzfY02TTBo1757/qgqux/aYz2NYh+Ig3L5/AgMB
AAGjggH0MIIB8DAdBgNVHQ4EFgQU5yr+HYQrvuKrNv/kl3QVQuL5unIwHwYDVR0j
BBgwFoAU3HgNmTXavHAaTEgysWwR13Q8OZowDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvREM3ODBEOTkzNURBQkM3MDFBNEM0ODMyQjE2QzExRDc3
NDNDMzk5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNIZ05tVFhhdkhBYVRF
Z3lzV3dSMTNROE9aby5jZXIwgYgGCCsGAQUFBwELBHwwejB4BggrBgEFBQcwC4Zs
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzIzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMjMx
MzEzMzMyMzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUH
AQcBAf8EEzARMA8EAgACMAkDBwAqBLkCAAAwDQYJKoZIhvcNAQELBQADggEBAJxS
UEDMJ44Sf/Y38beYDX0lYPgQ3++WKjgh+XMTtqGADCkaF9KrTXHew2pKIjvyD9Dg
C3TNe/1AojpvDq2PFmrT5F9+a7YQVzBQ2V2fBiR3vKzK2AjswgLdmLYWo9Zdu3dU
jL3FdOlsxKqYYIyuToqAtc5KQFus67TlU4gTwIxumiH9wX+PlBsTZ0LFP8W7r1aL
SLnOmobrKfjyyDyeBBduHcxQE3ZhXlljPsDAmYGmcX/Z8RcYxb40fRBBtVGlUz2j
xEVoN244cptoVtzUeIrkFOPGKpV6l028ATmhWgw1/ITLGs7M9WqeKhWBH3rNjnMq
MK70JdrqlYRbIZR0ktU=
-----END CERTIFICATE-----