Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa
File:                     326130343a623930353a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          2WLi+yTCoT6MxCiLFaQP7kK5t5x+CtSSj0mzxVLx03Y=
Subject key identifier:   D6:3D:51:A8:C6:B1:B2:0A:67:6F:F4:DD:9F:A8:02:0C:B6:A9:A7:6D
Certificate issuer:       /CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Certificate serial:       5090507C59BC47EF52C775496DEC82BD48E364A4
Authority key identifier: DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa
Signing time:             Thu 31 Jul 2025 13:37:44 +0000
ROA not before:           Thu 31 Jul 2025 13:32:44 +0000
ROA not after:            Thu 30 Jul 2026 13:37:44 +0000
asID:                     16509
IP address blocks:        2a04:b905::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:90:50:7c:59:bc:47:ef:52:c7:75:49:6d:ec:82:bd:48:e3:64:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc780d9935dabc701a4c4832b16c11d7743c399a
        Validity
            Not Before: Jul 31 13:32:44 2025 GMT
            Not After : Jul 30 13:37:44 2026 GMT
        Subject: CN=D63D51A8C6B1B20A676FF4DD9FA8020CB6A9A76D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:48:ab:1e:eb:76:7a:03:54:e9:d6:dd:fc:64:
                    72:9c:11:70:7a:f1:8f:7b:c7:21:3f:a5:53:9d:90:
                    a2:c9:c4:e6:b2:19:44:e6:40:c6:9c:70:b0:ae:32:
                    aa:ab:4e:0c:88:ec:29:f5:a3:35:b8:60:e4:e5:b1:
                    77:f8:a2:97:94:09:f6:e3:79:e6:28:f8:04:f0:86:
                    8d:da:45:75:7d:71:66:9f:83:95:b0:ec:1f:aa:da:
                    99:ae:7e:fe:8e:44:1c:e1:0e:b3:98:2f:82:83:ae:
                    58:84:67:bd:aa:27:ef:e4:1e:37:22:5f:87:0a:4a:
                    4a:6f:cf:49:6a:e6:98:81:fd:e6:98:22:45:3b:e9:
                    c8:84:a2:4e:a0:f4:fb:3e:dd:dd:ae:18:73:47:d6:
                    20:d5:b0:4c:80:45:58:27:b0:f5:e6:2e:05:52:72:
                    d9:04:52:6b:6d:bc:82:11:e8:aa:bf:37:be:1f:f8:
                    07:26:e9:9e:1b:74:89:38:2e:ab:7e:21:84:7f:04:
                    15:cd:f2:a1:6c:b8:ea:c2:a3:96:d0:06:5b:27:75:
                    84:6a:d2:25:33:e9:71:f3:0f:80:bf:30:c8:6b:f1:
                    f4:a3:02:f7:fb:8c:56:15:e2:16:a1:ac:c1:ff:0d:
                    90:6b:d9:95:62:47:c5:da:7c:96:d4:d5:a5:93:3c:
                    93:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:3D:51:A8:C6:B1:B2:0A:67:6F:F4:DD:9F:A8:02:0C:B6:A9:A7:6D
            X509v3 Authority Key Identifier:
                keyid:DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b905::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:95:72:4d:09:72:cf:43:45:a8:bf:a3:5c:81:20:c0:f5:b0:
         e6:41:d5:f2:fb:a8:a6:08:4f:51:b5:3b:6f:0e:e7:f6:94:c6:
         7c:b0:6c:5c:82:84:cd:8f:b5:48:2d:89:d6:a5:b2:fb:36:2b:
         35:06:80:22:66:ce:f2:d1:4e:8c:6c:fc:1b:2e:68:ed:6a:96:
         b8:95:7a:5d:ca:b1:9e:88:e2:df:47:2d:3b:30:4e:10:66:90:
         d8:ff:61:e0:7f:ef:e4:af:c0:92:ae:03:e6:77:69:89:1c:b4:
         02:89:aa:cb:c6:ff:dd:42:c1:1a:8e:93:e9:c7:9e:a3:93:47:
         09:fe:b4:4f:89:de:1f:53:f3:90:a2:81:e6:ca:91:ca:ad:66:
         65:27:f1:20:0e:2c:78:fe:9a:18:8e:61:9c:96:30:81:b9:6a:
         1a:85:da:18:fe:7f:f6:bb:9f:df:e9:9c:bb:66:20:ce:94:46:
         cb:ce:c9:03:df:67:60:33:e4:0d:c5:b1:08:4d:42:c9:e0:02:
         9d:db:53:a7:7a:58:10:4b:2a:c9:16:48:84:17:6b:68:03:3a:
         b4:5b:58:40:a1:b8:22:52:fe:26:6c:64:cc:ea:ae:e2:99:79:
         58:41:3a:22:e8:cf:ef:a5:b8:e0:92:a5:85:83:31:de:1b:ea:
         20:ad:88:aa
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUUJBQfFm8R+9Sx3VJbeyCvUjjZKQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM3ODBkOTkzNWRhYmM3MDFhNGM0ODMyYjE2YzExZDc3
NDNjMzk5YTAeFw0yNTA3MzExMzMyNDRaFw0yNjA3MzAxMzM3NDRaMDMxMTAvBgNV
BAMTKEQ2M0Q1MUE4QzZCMUIyMEE2NzZGRjRERDlGQTgwMjBDQjZBOUE3NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfSKse63Z6A1Tp1t38ZHKcEXB6
8Y97xyE/pVOdkKLJxOayGUTmQMaccLCuMqqrTgyI7Cn1ozW4YOTlsXf4opeUCfbj
eeYo+ATwho3aRXV9cWafg5Ww7B+q2pmufv6ORBzhDrOYL4KDrliEZ72qJ+/kHjci
X4cKSkpvz0lq5piB/eaYIkU76ciEok6g9Ps+3d2uGHNH1iDVsEyARVgnsPXmLgVS
ctkEUmttvIIR6Kq/N74f+Acm6Z4bdIk4Lqt+IYR/BBXN8qFsuOrCo5bQBlsndYRq
0iUz6XHzD4C/MMhr8fSjAvf7jFYV4hahrMH/DZBr2ZViR8XafJbU1aWTPJOVAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU1j1RqMaxsgpnb/Tdn6gCDLapp20wHwYDVR0j
BBgwFoAU3HgNmTXavHAaTEgysWwR13Q8OZowDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvREM3ODBEOTkzNURBQkM3MDFBNEM0ODMyQjE2QzExRDc3
NDNDMzk5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNIZ05tVFhhdkhBYVRF
Z3lzV3dSMTNROE9aby5jZXIwgYYGCCsGAQUFBwELBHoweDB2BggrBgEFBQcwC4Zq
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzUzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMTM2
MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgS5BQAAMA0GCSqGSIb3DQEBCwUAA4IBAQAOlXJN
CXLPQ0Wov6NcgSDA9bDmQdXy+6imCE9RtTtvDuf2lMZ8sGxcgoTNj7VILYnWpbL7
Nis1BoAiZs7y0U6MbPwbLmjtapa4lXpdyrGeiOLfRy07ME4QZpDY/2Hgf+/kr8CS
rgPmd2mJHLQCiarLxv/dQsEajpPpx56jk0cJ/rRPid4fU/OQooHmypHKrWZlJ/Eg
Dix4/poYjmGcljCBuWoahdoY/n/2u5/f6Zy7ZiDOlEbLzskD32dgM+QNxbEITULJ
4AKd21OnelgQSyrJFkiEF2toAzq0W1hAobgiUv4mbGTM6q7imXlYQToi6M/vpbjg
kqWFgzHeG+ogrYiq
-----END CERTIFICATE-----