Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa
File:                     326130343a623930343a3a2f34382d3438203d3e20323131333231.roa (raw, json)
Hash identifier:          XACd90ki63AXfGn+taSfXn0bg5k/VvTu6qRBsyyOiUc=
Subject key identifier:   66:27:DB:95:66:0E:94:99:69:02:AF:22:25:03:B4:14:C7:E4:F6:15
Certificate issuer:       /CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Certificate serial:       5B64159C82A88AD433A4124CABD9ED305558D169
Authority key identifier: DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa
Signing time:             Thu 31 Jul 2025 13:37:46 +0000
ROA not before:           Thu 31 Jul 2025 13:32:46 +0000
ROA not after:            Thu 30 Jul 2026 13:37:46 +0000
asID:                     211321
IP address blocks:        2a04:b904::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:64:15:9c:82:a8:8a:d4:33:a4:12:4c:ab:d9:ed:30:55:58:d1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc780d9935dabc701a4c4832b16c11d7743c399a
        Validity
            Not Before: Jul 31 13:32:46 2025 GMT
            Not After : Jul 30 13:37:46 2026 GMT
        Subject: CN=6627DB95660E94996902AF222503B414C7E4F615
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b5:c9:33:a9:07:3f:9b:eb:09:4d:91:31:12:
                    7b:8f:d0:af:71:6e:05:91:f1:cc:fd:b3:27:96:5c:
                    db:d6:5b:a7:f8:98:20:77:83:0c:eb:c9:3d:c3:b8:
                    94:bd:f5:a3:28:5a:f9:ab:ad:16:53:21:62:e1:2d:
                    37:36:e5:c3:73:6b:1a:56:e8:5e:00:12:ea:bd:3e:
                    07:bd:66:9a:cf:b0:20:48:81:aa:73:bd:b7:b9:af:
                    be:f8:7f:9a:77:2e:7c:6a:d5:b8:26:17:2e:4a:8f:
                    e0:cd:c0:0e:e3:07:f9:a8:f4:2b:7f:f8:3c:3b:84:
                    8b:dd:5b:b6:82:f3:47:dd:7e:df:f9:e5:c1:d5:8c:
                    c8:fa:b3:c2:09:ea:62:e9:1e:34:1d:f9:82:db:56:
                    cf:f0:58:ed:5e:c9:3c:76:10:74:73:cd:3c:2c:f1:
                    fa:36:65:d6:73:5b:bc:06:f2:8d:42:66:9b:e8:77:
                    5a:6f:3a:cf:f8:0b:a6:da:5c:7d:77:eb:0c:f8:c9:
                    9e:a1:a9:ca:1e:e8:80:fc:29:58:3f:7d:2a:f0:dc:
                    07:80:7c:fa:87:56:69:74:51:86:d1:03:81:bf:ea:
                    00:22:01:02:fb:36:dc:33:8c:36:8b:20:7e:a8:eb:
                    53:93:32:67:59:72:6d:4c:d3:38:c3:48:09:7b:27:
                    eb:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:27:DB:95:66:0E:94:99:69:02:AF:22:25:03:B4:14:C7:E4:F6:15
            X509v3 Authority Key Identifier:
                keyid:DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930343a3a2f34382d3438203d3e20323131333231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b904::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:d3:32:de:af:b8:bb:78:bf:0f:28:2d:49:77:05:d4:1c:eb:
         3d:94:11:31:ff:55:74:cc:3c:62:12:b8:63:6c:2b:f1:da:ea:
         91:a4:a6:d2:58:eb:6c:da:e2:a4:c1:bc:62:ca:0e:27:1e:82:
         d8:12:d0:89:98:f6:88:98:f7:b3:4c:7c:c0:bf:68:1e:18:f7:
         d5:bd:3b:0c:a3:bc:9a:a3:eb:1e:ab:e8:ca:00:a9:7a:ef:c3:
         d1:67:e3:32:f6:a4:e2:24:d0:81:83:6e:be:b3:ef:4b:ca:ac:
         a7:08:7f:35:ed:ca:22:12:0e:49:a3:53:43:54:d8:39:1a:d8:
         c3:2f:e5:62:e3:4e:9b:6e:d6:ef:88:62:aa:ef:bd:0c:d5:3b:
         0d:d7:54:25:b2:4f:02:9b:41:c3:a0:55:fa:f2:5a:2c:2e:57:
         13:ab:35:28:e5:02:0a:a8:ef:77:d9:65:57:e2:e3:41:74:d5:
         98:c4:d1:cb:8d:3f:ee:ef:b2:44:88:38:0b:4b:ad:a3:e4:60:
         7d:fe:66:8a:4e:09:74:8e:08:69:3a:d3:cd:31:cb:69:45:dc:
         74:e0:1f:1c:12:05:4a:53:6b:7e:8c:f7:7c:58:1b:7f:80:1d:
         39:d1:42:33:eb:9d:fb:5c:2b:be:06:91:c3:57:81:2d:b8:2f:
         ab:13:4e:b4
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgIUW2QVnIKoitQzpBJMq9ntMFVY0WkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM3ODBkOTkzNWRhYmM3MDFhNGM0ODMyYjE2YzExZDc3
NDNjMzk5YTAeFw0yNTA3MzExMzMyNDZaFw0yNjA3MzAxMzM3NDZaMDMxMTAvBgNV
BAMTKDY2MjdEQjk1NjYwRTk0OTk2OTAyQUYyMjI1MDNCNDE0QzdFNEY2MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4tckzqQc/m+sJTZExEnuP0K9x
bgWR8cz9syeWXNvWW6f4mCB3gwzryT3DuJS99aMoWvmrrRZTIWLhLTc25cNzaxpW
6F4AEuq9Pge9ZprPsCBIgapzvbe5r774f5p3Lnxq1bgmFy5Kj+DNwA7jB/mo9Ct/
+Dw7hIvdW7aC80fdft/55cHVjMj6s8IJ6mLpHjQd+YLbVs/wWO1eyTx2EHRzzTws
8fo2ZdZzW7wG8o1CZpvod1pvOs/4C6baXH136wz4yZ6hqcoe6ID8KVg/fSrw3AeA
fPqHVml0UYbRA4G/6gAiAQL7NtwzjDaLIH6o61OTMmdZcm1M0zjDSAl7J+uDAgMB
AAGjggH0MIIB8DAdBgNVHQ4EFgQUZifblWYOlJlpAq8iJQO0FMfk9hUwHwYDVR0j
BBgwFoAU3HgNmTXavHAaTEgysWwR13Q8OZowDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvREM3ODBEOTkzNURBQkM3MDFBNEM0ODMyQjE2QzExRDc3
NDNDMzk5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNIZ05tVFhhdkhBYVRF
Z3lzV3dSMTNROE9aby5jZXIwgYgGCCsGAQUFBwELBHwwejB4BggrBgEFBQcwC4Zs
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzQzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMjMx
MzEzMzMyMzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUH
AQcBAf8EEzARMA8EAgACMAkDBwAqBLkEAAAwDQYJKoZIhvcNAQELBQADggEBADrT
Mt6vuLt4vw8oLUl3BdQc6z2UETH/VXTMPGISuGNsK/Ha6pGkptJY62za4qTBvGLK
DicegtgS0ImY9oiY97NMfMC/aB4Y99W9OwyjvJqj6x6r6MoAqXrvw9Fn4zL2pOIk
0IGDbr6z70vKrKcIfzXtyiISDkmjU0NU2Dka2MMv5WLjTptu1u+IYqrvvQzVOw3X
VCWyTwKbQcOgVfryWiwuVxOrNSjlAgqo73fZZVfi40F01ZjE0cuNP+7vskSIOAtL
raPkYH3+ZopOCXSOCGk6080xy2lF3HTgHxwSBUpTa36M93xYG3+AHTnRQjPrnftc
K74GkcNXgS24L6sTTrQ=
-----END CERTIFICATE-----