Route Origin Authorization
$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa
File: 326130343a623930373a3a2f34382d3438203d3e2030.roa (raw, json)
Hash identifier: /xnxiOeZe4RUPZsXL0vjp7QXRGVs8BxZ08hPmiOocY8=
Subject key identifier: 16:67:5C:BB:F3:4A:BA:27:02:C7:C2:C4:0B:66:AC:EC:5B:27:F3:57
Certificate issuer: /CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Certificate serial: 8CB8520C41F5EE272A3C5037113A4A443EBB5F
Authority key identifier: DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject info access: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa
Signing time: Thu 31 Jul 2025 13:37:43 +0000
ROA not before: Thu 31 Jul 2025 13:32:43 +0000
ROA not after: Thu 30 Jul 2026 13:37:43 +0000
asID: 0
IP address blocks: 2a04:b907::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 11:52:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8c:b8:52:0c:41:f5:ee:27:2a:3c:50:37:11:3a:4a:44:3e:bb:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Validity
Not Before: Jul 31 13:32:43 2025 GMT
Not After : Jul 30 13:37:43 2026 GMT
Subject: CN=16675CBBF34ABA2702C7C2C40B66ACEC5B27F357
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:84:67:6c:a6:47:df:bc:0b:8b:8c:94:21:7d:
2e:35:5a:10:29:21:54:27:68:10:29:d8:e9:d4:0f:
4f:e5:6f:02:83:34:09:79:ea:d4:6a:f9:fc:c2:06:
21:66:76:87:6f:21:88:11:6a:ba:3c:dd:93:8e:04:
a3:30:fc:18:d4:81:f1:be:a3:d3:5c:db:91:c7:4b:
e6:08:cf:9b:91:a4:fe:a9:be:97:21:7e:7c:6e:a3:
8b:a5:1b:d1:e9:86:9a:b2:94:a0:c5:89:a8:0b:25:
1c:ba:55:30:10:61:7b:9d:01:f9:69:c2:b9:ee:e6:
48:5f:72:ef:f0:97:e9:71:ac:c8:91:65:de:a2:83:
41:8b:1e:a8:e4:9c:91:92:ea:66:a8:c4:f6:7d:93:
85:83:c8:a0:06:7a:2d:43:c8:94:4e:08:f4:cf:c8:
08:d8:9c:46:2a:c4:13:fb:8b:a3:11:ab:5b:17:1e:
cb:28:0e:77:ec:eb:53:f1:c0:43:14:7b:72:7d:e8:
f8:d9:67:4b:55:fa:ff:c2:86:33:06:a5:7a:fd:5b:
cd:58:4a:dc:8b:a7:b3:3f:04:70:d2:9b:41:3c:2c:
30:4e:29:7e:26:63:f7:1f:5b:15:e8:69:11:9b:ad:
aa:b2:20:cd:4c:da:a1:7b:cf:ae:b2:91:49:5a:39:
60:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:67:5C:BB:F3:4A:BA:27:02:C7:C2:C4:0B:66:AC:EC:5B:27:F3:57
X509v3 Authority Key Identifier:
keyid:DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/326130343a623930373a3a2f34382d3438203d3e2030.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a04:b907::/48
Signature Algorithm: sha256WithRSAEncryption
22:c9:94:1f:5f:75:c6:66:94:89:fa:5f:74:92:8c:54:68:fb:
0f:c5:44:f2:cb:1f:ee:06:0d:3e:a3:46:3c:2a:b4:15:df:9d:
e2:d8:c2:e8:32:27:59:7a:de:a6:e3:03:e7:c3:32:8f:a6:4d:
f8:09:27:f5:e1:38:b5:7a:af:de:40:29:e5:b1:06:a8:18:89:
e7:dd:17:a9:61:70:13:0b:8c:b0:8f:54:72:b0:2f:76:fc:24:
d2:8b:d5:78:83:4c:0e:6d:18:3e:45:92:67:9e:68:58:8f:3f:
01:fd:b9:3e:35:c4:99:27:6d:3b:1d:62:13:74:13:81:cd:16:
dc:ef:d6:8d:6a:0e:20:ca:63:13:12:2d:00:fc:bc:0c:d9:12:
e0:da:6b:5e:69:ef:7b:22:15:7b:d9:94:b7:af:69:2b:31:10:
6b:22:da:47:85:19:87:93:6e:62:63:7c:20:1c:95:d1:bc:36:
1c:77:91:d8:f3:74:1a:06:cc:50:f3:52:58:5b:4d:e2:53:39:
d3:7d:64:49:da:3a:47:ce:cd:39:80:fc:09:72:e5:18:eb:e1:
33:0b:c1:08:b5:8f:b1:ce:a3:9b:df:b6:e0:1b:2e:76:0b:4c:
cb:2a:2b:84:6c:35:8c:d6:11:0a:43:dc:4a:97:47:92:c8:e0:
be:54:32:8b
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIUAIy4UgxB9e4nKjxQNxE6SkQ+u18wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM3ODBkOTkzNWRhYmM3MDFhNGM0ODMyYjE2YzExZDc3
NDNjMzk5YTAeFw0yNTA3MzExMzMyNDNaFw0yNjA3MzAxMzM3NDNaMDMxMTAvBgNV
BAMTKDE2Njc1Q0JCRjM0QUJBMjcwMkM3QzJDNDBCNjZBQ0VDNUIyN0YzNTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDShGdspkffvAuLjJQhfS41WhAp
IVQnaBAp2OnUD0/lbwKDNAl56tRq+fzCBiFmdodvIYgRaro83ZOOBKMw/BjUgfG+
o9Nc25HHS+YIz5uRpP6pvpchfnxuo4ulG9HphpqylKDFiagLJRy6VTAQYXudAflp
wrnu5khfcu/wl+lxrMiRZd6ig0GLHqjknJGS6maoxPZ9k4WDyKAGei1DyJROCPTP
yAjYnEYqxBP7i6MRq1sXHssoDnfs61PxwEMUe3J96PjZZ0tV+v/ChjMGpXr9W81Y
StyLp7M/BHDSm0E8LDBOKX4mY/cfWxXoaRGbraqyIM1M2qF7z66ykUlaOWBfAgMB
AAGjggHpMIIB5TAdBgNVHQ4EFgQUFmdcu/NKuicCx8LEC2as7Fsn81cwHwYDVR0j
BBgwFoAU3HgNmTXavHAaTEgysWwR13Q8OZowDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvREM3ODBEOTkzNURBQkM3MDFBNEM0ODMyQjE2QzExRDc3
NDNDMzk5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNIZ05tVFhhdkhBYVRF
Z3lzV3dSMTNROE9aby5jZXIwfgYIKwYBBQUHAQsEcjBwMG4GCCsGAQUFBzALhmJy
c3luYzovL3JzeW5jLmtyaWxsLm5sbmV0bGFicy5ubC9yZXBvL25sbmV0bGFicy8x
LzMyNjEzMDM0M2E2MjM5MzAzNzNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMwLnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAKgS5BwAAMA0GCSqGSIb3DQEBCwUAA4IBAQAiyZQfX3XGZpSJ+l90
koxUaPsPxUTyyx/uBg0+o0Y8KrQV353i2MLoMidZet6m4wPnwzKPpk34CSf14Ti1
eq/eQCnlsQaoGInn3RepYXATC4ywj1RysC92/CTSi9V4g0wObRg+RZJnnmhYjz8B
/bk+NcSZJ207HWITdBOBzRbc79aNag4gymMTEi0A/LwM2RLg2mteae97IhV72ZS3
r2krMRBrItpHhRmHk25iY3wgHJXRvDYcd5HY83QaBsxQ81JYW03iUznTfWRJ2jpH
zs05gPwJcuUY6+EzC8EItY+xzqOb37bgGy52C0zLKiuEbDWM1hEKQ9xKl0eSyOC+
VDKL
-----END CERTIFICATE-----
Generated at Mon Aug 4 13:56:05 2025 by rpki-client