Route Origin Authorization

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa
File:                     326130343a623930353a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          ckMcxXPiF8vlvTJRQQIsDxcEVQLOX0RuZe7KgLtHzqI=
Subject key identifier:   DE:FF:20:C0:36:59:C5:86:E5:1A:DE:7B:12:EF:22:D0:6F:EF:59:BE
Certificate issuer:       /CN=7aca2b768def8bb9544468ed5f726256c364336e
Certificate serial:       7FA15CCB43933451A7A0A7CA15772E294709D743
Authority key identifier: 7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa
Signing time:             Mon 12 May 2025 14:07:22 +0000
ROA not before:           Mon 12 May 2025 14:02:22 +0000
ROA not after:            Mon 11 May 2026 14:07:22 +0000
asID:                     16509
IP address blocks:        2a04:b905::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 17:30:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:a1:5c:cb:43:93:34:51:a7:a0:a7:ca:15:77:2e:29:47:09:d7:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aca2b768def8bb9544468ed5f726256c364336e
        Validity
            Not Before: May 12 14:02:22 2025 GMT
            Not After : May 11 14:07:22 2026 GMT
        Subject: CN=DEFF20C03659C586E51ADE7B12EF22D06FEF59BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:94:78:51:34:3e:40:68:b6:2e:15:6d:27:69:
                    b4:a7:96:91:98:ef:86:a9:69:3d:fd:e0:b3:70:68:
                    70:03:5f:c8:dd:1c:d4:51:61:26:24:02:bc:14:8a:
                    15:5a:46:60:e7:6f:42:51:83:7a:64:db:e7:19:d8:
                    4a:fd:d9:a0:79:5c:7c:3b:92:85:62:09:ed:9c:1c:
                    80:ac:96:33:ce:44:17:cf:48:5b:cb:1f:03:82:fa:
                    87:2c:d5:03:f6:18:c5:db:0f:30:eb:36:53:79:97:
                    8c:17:66:ca:53:6c:e1:c8:ac:fa:8e:21:18:19:2b:
                    d0:6c:9d:2c:cf:61:d6:54:a8:08:ed:bf:7b:f7:87:
                    64:a0:aa:a8:ba:c0:b3:f8:45:72:11:ca:2b:09:97:
                    3c:d6:1b:d1:2f:e3:73:09:a2:2a:2d:00:a8:9c:75:
                    73:97:16:3d:4a:2c:2f:76:53:61:1b:83:48:43:41:
                    11:72:35:56:d2:0f:d3:d2:4d:71:5f:db:d0:29:ee:
                    6a:da:67:2e:10:f3:86:e1:86:15:0f:bd:ac:80:1b:
                    0c:7a:d8:43:c9:1e:a0:c6:61:3e:3e:05:ff:2f:93:
                    5c:ba:71:74:e9:c8:79:13:85:4a:82:54:2f:a9:a5:
                    1c:24:7b:65:f6:66:b3:5b:96:3a:d7:43:27:b3:03:
                    b3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:FF:20:C0:36:59:C5:86:E5:1A:DE:7B:12:EF:22:D0:6F:EF:59:BE
            X509v3 Authority Key Identifier:
                keyid:7A:CA:2B:76:8D:EF:8B:B9:54:44:68:ED:5F:72:62:56:C3:64:33:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/7ACA2B768DEF8BB9544468ED5F726256C364336E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/esordo3vi7lURGjtX3JiVsNkM24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930353a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b905::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:7d:ed:d8:ec:ff:1b:d7:f1:51:5d:a3:bc:75:97:46:0a:97:
         da:6e:f8:3e:08:2b:54:36:e3:9d:4c:67:f5:6e:13:1e:44:52:
         dc:04:56:df:49:0c:a0:62:3a:24:75:a9:41:e9:00:14:9a:45:
         45:60:64:47:cb:c7:94:85:cd:59:0b:06:d8:68:25:8b:2a:0a:
         62:54:bc:12:14:e5:ab:92:2a:09:b8:6e:f7:e4:ac:d8:90:67:
         57:24:b0:01:e2:81:8e:be:c6:fe:7b:0f:c1:ce:2d:26:90:b7:
         93:23:69:46:56:85:53:a1:aa:91:ab:15:0e:f7:6e:fa:00:f9:
         83:fc:3a:2d:5c:c3:31:e2:5f:eb:66:d0:3a:28:13:57:7e:76:
         6d:72:97:0d:d7:26:47:73:aa:01:2d:3e:b5:03:63:c4:19:3a:
         42:aa:99:1f:f9:f6:91:ff:fe:22:4f:15:52:80:f2:db:48:f2:
         67:32:82:fe:a4:09:13:12:6c:1d:4a:ef:6a:80:14:37:f5:50:
         32:b4:3f:2a:64:5c:dc:6d:5b:22:b5:f7:21:ae:38:0c:5f:37:
         97:e5:37:aa:bc:76:00:40:30:51:3c:fc:82:77:7f:df:5e:04:
         1e:9f:50:7e:b1:8e:de:e7:44:29:db:a2:06:a1:a9:b6:84:e2:
         e8:f5:b8:f2
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUf6Fcy0OTNFGnoKfKFXcuKUcJ10MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FjYTJiNzY4ZGVmOGJiOTU0NDQ2OGVkNWY3MjYyNTZj
MzY0MzM2ZTAeFw0yNTA1MTIxNDAyMjJaFw0yNjA1MTExNDA3MjJaMDMxMTAvBgNV
BAMTKERFRkYyMEMwMzY1OUM1ODZFNTFBREU3QjEyRUYyMkQwNkZFRjU5QkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+lHhRND5AaLYuFW0nabSnlpGY
74apaT394LNwaHADX8jdHNRRYSYkArwUihVaRmDnb0JRg3pk2+cZ2Er92aB5XHw7
koViCe2cHICsljPORBfPSFvLHwOC+ocs1QP2GMXbDzDrNlN5l4wXZspTbOHIrPqO
IRgZK9BsnSzPYdZUqAjtv3v3h2Sgqqi6wLP4RXIRyisJlzzWG9Ev43MJoiotAKic
dXOXFj1KLC92U2Ebg0hDQRFyNVbSD9PSTXFf29Ap7mraZy4Q84bhhhUPvayAGwx6
2EPJHqDGYT4+Bf8vk1y6cXTpyHkThUqCVC+ppRwke2X2ZrNbljrXQyezA7NBAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQU3v8gwDZZxYblGt57Eu8i0G/vWb4wHwYDVR0j
BBgwFoAUesordo3vi7lURGjtX3JiVsNkM24wDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvN0FDQTJCNzY4REVGOEJCOTU0NDQ2OEVENUY3MjYyNTZD
MzY0MzM2RS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Vzb3JkbzN2aTdsVVJH
anRYM0ppVnNOa00yNC5jZXIwgYYGCCsGAQUFBwELBHoweDB2BggrBgEFBQcwC4Zq
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MS8zMjYxMzAzNDNhNjIzOTMwMzUzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMTM2
MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgS5BQAAMA0GCSqGSIb3DQEBCwUAA4IBAQATfe3Y
7P8b1/FRXaO8dZdGCpfabvg+CCtUNuOdTGf1bhMeRFLcBFbfSQygYjokdalB6QAU
mkVFYGRHy8eUhc1ZCwbYaCWLKgpiVLwSFOWrkioJuG735KzYkGdXJLAB4oGOvsb+
ew/Bzi0mkLeTI2lGVoVToaqRqxUO9276APmD/DotXMMx4l/rZtA6KBNXfnZtcpcN
1yZHc6oBLT61A2PEGTpCqpkf+faR//4iTxVSgPLbSPJnMoL+pAkTEmwdSu9qgBQ3
9VAytD8qZFzcbVsitfchrjgMXzeX5TeqvHYAQDBRPPyCd3/fXgQen1B+sY7e50Qp
26IGoam2hOLo9bjy
-----END CERTIFICATE-----