Route Origin Authorization

$ rpki-client -vvf krill.signalx.cloud/repo/signalx-rpki/6/326130623a346238313a313030303a3a2f34382d3438203d3e20323134343032.roa
File:                     326130623a346238313a313030303a3a2f34382d3438203d3e20323134343032.roa (raw, json)
Hash identifier:          kH/MtqMD4GBrxNbGxiKtOK2S9dP8RTkPgNVL8rpxdLk=
Subject key identifier:   D2:5B:87:F6:43:7C:8E:D8:6C:39:11:C6:57:9A:AC:3E:2D:5E:86:CD
Certificate issuer:       /CN=88332c8750cc71629e694fddb3615ae083589921
Certificate serial:       20E29BCD7B1B7B3D9EF32804468606C6BFD82EB3
Authority key identifier: 88:33:2C:87:50:CC:71:62:9E:69:4F:DD:B3:61:5A:E0:83:58:99:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iDMsh1DMcWKeaU_ds2Fa4INYmSE.cer
Subject info access:      rsync://krill.signalx.cloud/repo/signalx-rpki/6/326130623a346238313a313030303a3a2f34382d3438203d3e20323134343032.roa
Signing time:             Fri 15 Aug 2025 09:25:55 +0000
ROA not before:           Fri 15 Aug 2025 09:20:55 +0000
ROA not after:            Fri 14 Aug 2026 09:25:55 +0000
asID:                     214402
IP address blocks:        2a0b:4b81:1000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.signalx.cloud/repo/signalx-rpki/6/88332C8750CC71629E694FDDB3615AE083589921.crl
                          rsync://krill.signalx.cloud/repo/signalx-rpki/6/88332C8750CC71629E694FDDB3615AE083589921.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iDMsh1DMcWKeaU_ds2Fa4INYmSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:e2:9b:cd:7b:1b:7b:3d:9e:f3:28:04:46:86:06:c6:bf:d8:2e:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88332c8750cc71629e694fddb3615ae083589921
        Validity
            Not Before: Aug 15 09:20:55 2025 GMT
            Not After : Aug 14 09:25:55 2026 GMT
        Subject: CN=D25B87F6437C8ED86C3911C6579AAC3E2D5E86CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:23:c3:cf:ad:2f:f6:e5:20:2f:5d:43:fb:ca:
                    c0:3e:ae:71:b0:40:49:2b:fc:a2:81:3e:76:1b:4a:
                    7d:53:ab:e2:86:53:9f:b5:9a:5d:04:5e:ae:30:5e:
                    31:a6:13:41:0d:c2:8e:15:c7:e4:43:86:33:db:2b:
                    61:e2:dc:ff:a8:cc:b7:bc:a2:63:02:68:5f:f2:fe:
                    67:8a:0f:3e:24:8a:4a:7c:62:e8:4b:e6:84:4f:c5:
                    cc:50:25:6f:2c:4d:b5:fa:3f:54:2a:40:92:09:75:
                    e2:1c:f6:7e:b5:2a:4b:e1:30:e8:5a:c5:d1:79:34:
                    6b:96:23:0d:81:b6:4f:c7:17:af:51:8b:c0:4b:01:
                    3e:8f:35:6f:c2:e7:18:c8:2a:c6:be:f3:fc:88:3b:
                    3a:ed:23:68:14:74:2d:35:e5:39:26:8c:83:7a:0c:
                    bc:52:55:5d:b8:1b:eb:0c:3c:ec:09:4f:8c:0a:ca:
                    7e:e6:b2:29:41:73:3b:4b:a7:2c:40:76:ee:26:f5:
                    47:db:4d:79:ea:e1:ca:06:c7:59:a0:c8:e9:51:3a:
                    65:55:e9:27:dc:42:a6:72:17:2b:3b:26:15:10:ea:
                    14:a6:a5:6b:04:90:7f:a7:b8:5a:5d:83:82:fc:23:
                    90:68:01:89:61:37:45:11:63:d7:97:ca:71:ef:0c:
                    48:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:5B:87:F6:43:7C:8E:D8:6C:39:11:C6:57:9A:AC:3E:2D:5E:86:CD
            X509v3 Authority Key Identifier:
                keyid:88:33:2C:87:50:CC:71:62:9E:69:4F:DD:B3:61:5A:E0:83:58:99:21

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.signalx.cloud/repo/signalx-rpki/6/88332C8750CC71629E694FDDB3615AE083589921.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iDMsh1DMcWKeaU_ds2Fa4INYmSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.signalx.cloud/repo/signalx-rpki/6/326130623a346238313a313030303a3a2f34382d3438203d3e20323134343032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4b81:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:7e:51:c7:fa:b1:eb:27:6e:bb:4b:a2:69:f5:b1:8e:a2:bc:
         24:40:58:cd:9b:65:64:e2:0c:e7:ff:c5:f5:4e:10:f3:18:67:
         c3:9f:13:46:28:ee:22:64:4e:50:c4:fd:34:1c:6f:5e:1f:f2:
         d7:40:bc:c3:85:43:00:b1:e8:6f:32:86:c7:66:bd:ce:a3:46:
         95:ec:26:d8:88:bc:40:23:42:09:5a:f4:d8:0d:67:48:88:bf:
         a8:ef:b7:85:7c:72:08:24:37:bf:96:7a:6a:25:40:09:1c:3e:
         ec:19:60:77:eb:57:e5:18:33:04:00:29:52:ef:86:43:32:c4:
         ab:ae:58:22:82:2f:95:1e:f4:52:29:db:3f:ad:e9:43:28:b1:
         fb:c9:b3:44:50:b9:d1:17:b0:68:64:c6:d7:39:30:86:1d:1d:
         92:72:df:c9:58:0f:f8:0f:af:99:6e:82:78:60:e8:d9:02:ad:
         a9:18:fe:e9:ce:f3:d2:ad:10:2d:43:1d:dd:f3:fe:72:fd:12:
         b0:1f:8a:71:36:cc:c3:2c:6a:6d:59:e6:55:df:25:39:e5:d2:
         06:4b:30:ce:17:b8:ae:d0:94:58:7d:27:90:67:96:df:9f:c7:
         81:5d:77:59:c8:7d:4f:9b:22:23:da:c9:94:b1:4c:b3:da:20:
         d7:09:93:23
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUIOKbzXsbez2e8ygERoYGxr/YLrMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODgzMzJjODc1MGNjNzE2MjllNjk0ZmRkYjM2MTVhZTA4
MzU4OTkyMTAeFw0yNTA4MTUwOTIwNTVaFw0yNjA4MTQwOTI1NTVaMDMxMTAvBgNV
BAMTKEQyNUI4N0Y2NDM3QzhFRDg2QzM5MTFDNjU3OUFBQzNFMkQ1RTg2Q0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbI8PPrS/25SAvXUP7ysA+rnGw
QEkr/KKBPnYbSn1Tq+KGU5+1ml0EXq4wXjGmE0ENwo4Vx+RDhjPbK2Hi3P+ozLe8
omMCaF/y/meKDz4kikp8YuhL5oRPxcxQJW8sTbX6P1QqQJIJdeIc9n61KkvhMOha
xdF5NGuWIw2Btk/HF69Ri8BLAT6PNW/C5xjIKsa+8/yIOzrtI2gUdC015TkmjIN6
DLxSVV24G+sMPOwJT4wKyn7msilBcztLpyxAdu4m9UfbTXnq4coGx1mgyOlROmVV
6SfcQqZyFys7JhUQ6hSmpWsEkH+nuFpdg4L8I5BoAYlhN0URY9eXynHvDEjZAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQU0luH9kN8jthsORHGV5qsPi1ehs0wHwYDVR0j
BBgwFoAUiDMsh1DMcWKeaU/ds2Fa4INYmSEwDgYDVR0PAQH/BAQDAgeAMG0GA1Ud
HwRmMGQwYqBgoF6GXHJzeW5jOi8va3JpbGwuc2lnbmFseC5jbG91ZC9yZXBvL3Np
Z25hbHgtcnBraS82Lzg4MzMyQzg3NTBDQzcxNjI5RTY5NEZEREIzNjE1QUUwODM1
ODk5MjEuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9pRE1zaDFETWNXS2VhVV9k
czJGYTRJTlltU0UuY2VyMIGTBggrBgEFBQcBCwSBhjCBgzCBgAYIKwYBBQUHMAuG
dHJzeW5jOi8va3JpbGwuc2lnbmFseC5jbG91ZC9yZXBvL3NpZ25hbHgtcnBraS82
LzMyNjEzMDYyM2EzNDYyMzgzMTNhMzEzMDMwMzAzYTNhMmYzNDM4MmQzNDM4MjAz
ZDNlMjAzMjMxMzQzNDMwMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqC0uBEAAwDQYJKoZIhvcNAQEL
BQADggEBADd+Ucf6sesnbrtLomn1sY6ivCRAWM2bZWTiDOf/xfVOEPMYZ8OfE0Yo
7iJkTlDE/TQcb14f8tdAvMOFQwCx6G8yhsdmvc6jRpXsJtiIvEAjQgla9NgNZ0iI
v6jvt4V8cggkN7+WemolQAkcPuwZYHfrV+UYMwQAKVLvhkMyxKuuWCKCL5Ue9FIp
2z+t6UMosfvJs0RQudEXsGhkxtc5MIYdHZJy38lYD/gPr5lugnhg6NkCrakY/unO
89KtEC1DHd3z/nL9ErAfinE2zMMsam1Z5lXfJTnl0gZLMM4XuK7QlFh9J5Bnlt+f
x4Fdd1nIfU+bIiPayZSxTLPaINcJkyM=
-----END CERTIFICATE-----