Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438383a3a2f34382d313238203d3e203437323732.roa
File:                     323030313a3637633a6438383a3a2f34382d313238203d3e203437323732.roa (raw, json)
Hash identifier:          Izrj79wt+RBQV12QVEUOu15QuWkg9UzFqRUkmutLJto=
Subject key identifier:   FB:E6:3C:83:F7:FC:40:34:C5:49:EA:A5:F0:89:15:D2:CD:66:13:EC
Certificate issuer:       /CN=4add5466723084490ef491c619b8bc61a328a8b6
Certificate serial:       1FF1F67FB69438AEEB5D13A0E536FCE158522AA5
Authority key identifier: 4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438383a3a2f34382d313238203d3e203437323732.roa
Signing time:             Thu 04 Jun 2026 15:51:42 +0000
ROA not before:           Thu 04 Jun 2026 15:46:42 +0000
ROA not after:            Thu 03 Jun 2027 15:51:42 +0000
asID:                     47272
IP address blocks:        2001:67c:d88::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl
                          rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:f1:f6:7f:b6:94:38:ae:eb:5d:13:a0:e5:36:fc:e1:58:52:2a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4add5466723084490ef491c619b8bc61a328a8b6
        Validity
            Not Before: Jun  4 15:46:42 2026 GMT
            Not After : Jun  3 15:51:42 2027 GMT
        Subject: CN=FBE63C83F7FC4034C549EAA5F08915D2CD6613EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d6:e9:f4:0b:56:c6:08:95:b3:53:42:a3:4e:
                    33:89:f6:5f:e8:7a:2a:22:da:ab:d5:01:46:35:b7:
                    90:ad:b9:51:e1:23:10:46:04:98:af:e8:4f:7e:c0:
                    f8:6c:8a:d2:d1:be:51:0e:44:83:6b:c0:47:83:7b:
                    49:ec:97:8e:ad:7b:e6:90:e7:95:9b:53:73:ec:bd:
                    a6:d6:d9:83:78:f3:bc:c9:43:8a:f8:7a:eb:a2:f9:
                    a2:da:d7:8c:91:12:fb:6d:bc:be:c1:d9:8b:fa:7e:
                    ff:d0:53:0c:a0:b2:d8:2d:0a:35:00:4e:78:89:12:
                    62:c1:36:e2:d3:93:d9:9f:e2:e4:d3:65:00:67:47:
                    f4:c2:7c:9d:46:80:51:63:5d:fa:6b:83:d3:57:64:
                    31:d7:05:72:cd:1e:36:df:ca:7a:81:77:ad:ba:80:
                    6a:4c:e3:5f:d6:29:e5:44:96:74:c8:71:b3:1d:ae:
                    85:e3:72:c4:3e:6f:24:ab:98:53:5c:29:66:a2:3d:
                    6d:90:f4:20:e7:d1:09:af:95:b7:e7:3e:fd:f0:82:
                    ec:1a:0f:d9:d5:e1:f1:67:d9:67:18:2a:0b:3c:3d:
                    b8:a9:6b:a6:32:db:b8:68:3a:83:a4:55:d5:bc:e8:
                    09:f8:03:f9:88:9f:e2:82:07:46:bb:9e:72:f9:5d:
                    3d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:E6:3C:83:F7:FC:40:34:C5:49:EA:A5:F0:89:15:D2:CD:66:13:EC
            X509v3 Authority Key Identifier:
                keyid:4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438383a3a2f34382d313238203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d88::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:45:6a:66:ae:7a:52:86:e9:a0:83:b3:45:dc:b2:60:11:61:
         4b:ed:c9:af:27:95:0f:83:9f:30:7e:3c:a5:5b:3d:82:65:b2:
         6a:37:2e:44:d0:e8:ec:e0:87:6d:d7:ee:33:a6:2d:9c:f8:0c:
         af:9f:f8:ce:01:77:25:d4:6a:b8:c6:36:f8:44:c9:62:6e:e7:
         f9:98:38:ca:a9:ef:4a:59:ce:24:c3:7c:26:84:78:b4:4a:42:
         a6:97:af:35:de:10:96:bb:92:df:09:5a:ec:4c:3d:fa:d7:f0:
         a2:ba:fd:c1:00:c3:4d:b1:cc:20:3a:0a:dd:57:95:fd:e2:ba:
         f3:d9:75:fc:ba:6a:12:73:5f:45:e9:7e:15:fd:f6:a4:36:16:
         e3:3c:b5:36:6a:a7:e9:8b:4c:9b:f4:54:fe:22:95:cd:61:c3:
         da:48:94:7d:e2:de:e6:29:bb:42:c2:a3:ab:87:89:fd:05:40:
         4a:16:45:8b:c8:19:f4:6a:65:09:b0:20:38:95:3b:3a:84:df:
         de:3c:38:47:a3:89:97:5a:1d:4f:a7:a3:71:92:68:b5:fd:d4:
         74:c4:f6:c9:59:70:20:1f:58:65:49:6b:53:ce:70:2a:4a:09:
         ab:a0:3a:c3:a6:c5:22:0a:46:5e:a7:67:1a:fe:13:b6:7e:2e:
         80:01:32:76
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgIUH/H2f7aUOK7rXROg5Tb84VhSKqUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGFkZDU0NjY3MjMwODQ0OTBlZjQ5MWM2MTliOGJjNjFh
MzI4YThiNjAeFw0yNjA2MDQxNTQ2NDJaFw0yNzA2MDMxNTUxNDJaMDMxMTAvBgNV
BAMTKEZCRTYzQzgzRjdGQzQwMzRDNTQ5RUFBNUYwODkxNUQyQ0Q2NjEzRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO1un0C1bGCJWzU0KjTjOJ9l/o
eioi2qvVAUY1t5CtuVHhIxBGBJiv6E9+wPhsitLRvlEORINrwEeDe0nsl46te+aQ
55WbU3PsvabW2YN487zJQ4r4euui+aLa14yREvttvL7B2Yv6fv/QUwygstgtCjUA
TniJEmLBNuLTk9mf4uTTZQBnR/TCfJ1GgFFjXfprg9NXZDHXBXLNHjbfynqBd626
gGpM41/WKeVElnTIcbMdroXjcsQ+bySrmFNcKWaiPW2Q9CDn0QmvlbfnPv3wguwa
D9nV4fFn2WcYKgs8Pbipa6Yy27hoOoOkVdW86An4A/mIn+KCB0a7nnL5XT1xAgMB
AAGjggHkMIIB4DAdBgNVHQ4EFgQU++Y8g/f8QDTFSeql8IkV0s1mE+wwHwYDVR0j
BBgwFoAUSt1UZnIwhEkO9JHGGbi8YaMoqLYwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC8wLzRBREQ1NDY2NzIzMDg0NDkwRUY0OTFDNjE5QjhCQzYxQTMyOEE4QjYuY3Js
MGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9TdDFVWm5Jd2hFa085SkhHR2JpOFlhTW9x
TFkuY2VyMIGDBggrBgEFBQcBCwR3MHUwcwYIKwYBBQUHMAuGZ3JzeW5jOi8va3Jp
bGwuNDcyNzIubmV0L3JlcG8vSFlFSE9TVC8wLzMyMzAzMDMxM2EzNjM3NjMzYTY0
MzgzODNhM2EyZjM0MzgyZDMxMzIzODIwM2QzZTIwMzQzNzMyMzczMi5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACABBnwNiDANBgkqhkiG9w0BAQsFAAOCAQEAe0VqZq56UobpoIOzRdyyYBFh
S+3JryeVD4OfMH48pVs9gmWyajcuRNDo7OCHbdfuM6YtnPgMr5/4zgF3JdRquMY2
+ETJYm7n+Zg4yqnvSlnOJMN8JoR4tEpCppevNd4QlruS3wla7Ew9+tfworr9wQDD
TbHMIDoK3VeV/eK689l1/LpqEnNfRel+Ff32pDYW4zy1Nmqn6YtMm/RU/iKVzWHD
2kiUfeLe5im7QsKjq4eJ/QVAShZFi8gZ9GplCbAgOJU7OoTf3jw4R6OJl1odT6ej
cZJotf3UdMT2yVlwIB9YZUlrU85wKkoJq6A6w6bFIgpGXqdnGv4Ttn4ugAEydg==
-----END CERTIFICATE-----