Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/0/323030313a3637633a6439303a3a2f34382d313238203d3e203437323732.roa
File:                     323030313a3637633a6439303a3a2f34382d313238203d3e203437323732.roa (raw, json)
Hash identifier:          BUTxHk0P7Sq5NL7BcLmY1tdtKOM/VMawb2QJSMtO1Q0=
Subject key identifier:   65:83:7A:55:F3:75:83:4F:DC:17:F6:24:D5:41:31:AF:79:BC:39:0B
Certificate issuer:       /CN=4add5466723084490ef491c619b8bc61a328a8b6
Certificate serial:       125E5297A7CE7D2568A5575F3EAD7C2F26D66EA6
Authority key identifier: 4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6439303a3a2f34382d313238203d3e203437323732.roa
Signing time:             Thu 04 Jun 2026 15:51:42 +0000
ROA not before:           Thu 04 Jun 2026 15:46:42 +0000
ROA not after:            Thu 03 Jun 2027 15:51:42 +0000
asID:                     47272
IP address blocks:        2001:67c:d90::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl
                          rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:35:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:5e:52:97:a7:ce:7d:25:68:a5:57:5f:3e:ad:7c:2f:26:d6:6e:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4add5466723084490ef491c619b8bc61a328a8b6
        Validity
            Not Before: Jun  4 15:46:42 2026 GMT
            Not After : Jun  3 15:51:42 2027 GMT
        Subject: CN=65837A55F375834FDC17F624D54131AF79BC390B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:61:da:b4:8a:cd:a3:b1:f8:e8:9a:34:c9:0a:
                    42:4d:69:e8:f3:2e:20:72:7b:35:69:b0:47:65:73:
                    bb:c1:d8:ac:d0:a5:c1:6b:f8:7a:f7:12:89:be:de:
                    f1:c3:6c:1f:1b:0a:5f:2b:bb:81:ef:43:86:c4:eb:
                    a7:0f:ca:be:2a:61:6e:ed:60:59:62:b4:b6:4e:13:
                    89:7c:f5:f3:0d:10:c0:05:d5:93:76:d5:10:d1:0b:
                    a9:65:a5:a0:91:d7:0d:8e:44:fd:29:04:16:cb:6b:
                    fa:74:0f:76:18:52:14:52:51:8c:0e:fd:2c:5f:69:
                    23:c1:75:ce:c8:44:80:19:58:b6:4c:6f:04:6c:79:
                    f6:f4:e5:95:55:72:bc:1b:da:74:71:77:a0:2b:ea:
                    f1:ae:2a:10:b5:a3:0c:d9:20:64:63:0c:97:eb:75:
                    d9:2b:83:8f:cb:04:d7:20:a3:e0:59:43:0c:18:86:
                    2e:33:7e:40:30:e3:69:0a:d3:78:24:5f:6f:03:d8:
                    50:dc:9b:b1:7d:b5:3a:bb:93:6d:35:be:ff:66:79:
                    b5:16:0d:09:d3:19:c8:00:93:8d:8f:01:81:ba:33:
                    47:31:82:97:17:f5:05:b1:bc:8f:32:fb:dc:8e:09:
                    23:40:8c:2d:09:e8:42:59:f7:6c:4a:d9:ca:7f:b5:
                    ae:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:83:7A:55:F3:75:83:4F:DC:17:F6:24:D5:41:31:AF:79:BC:39:0B
            X509v3 Authority Key Identifier:
                keyid:4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6439303a3a2f34382d313238203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d90::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:5d:12:67:02:1b:bb:46:71:b7:5b:9d:f8:7f:bb:f8:a4:a9:
         b0:e7:63:a2:b9:bd:20:b5:19:74:08:f3:f6:a8:ed:2a:91:83:
         c5:76:ca:42:2c:ff:f9:ae:3f:a7:8d:33:f5:78:33:64:8b:5f:
         fa:18:d9:e1:fa:6b:48:2e:9a:a2:16:72:bb:96:47:a7:28:ac:
         f3:98:0d:43:23:9e:83:e7:fe:e6:47:78:53:0c:68:c7:61:43:
         e7:62:f4:61:18:82:b1:9f:d6:0b:25:74:25:88:ea:7d:51:77:
         73:80:81:61:23:f8:fb:50:00:09:31:a0:d0:5f:9e:c4:45:ea:
         6e:ed:7f:08:a8:2c:e0:50:a2:92:a5:41:c4:25:6f:2a:1c:96:
         b0:a6:9f:82:0b:d9:c3:6c:d4:29:e5:59:2a:36:18:44:34:a3:
         8b:16:20:b5:71:92:cf:de:1d:39:09:ba:68:01:69:76:64:0b:
         6d:96:ec:b9:f6:b0:bd:d8:be:c0:46:45:51:77:e5:08:21:0b:
         50:0c:0c:b5:32:9a:b3:b6:09:5a:b2:c4:90:39:17:54:12:54:
         28:7e:1c:29:7d:17:87:e4:49:90:43:c8:89:ee:b9:27:36:65:
         d5:fd:62:e2:1d:93:e3:8e:ff:49:ab:74:74:1f:90:dd:35:f0:
         ac:18:47:20
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgIUEl5Sl6fOfSVopVdfPq18LybWbqYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGFkZDU0NjY3MjMwODQ0OTBlZjQ5MWM2MTliOGJjNjFh
MzI4YThiNjAeFw0yNjA2MDQxNTQ2NDJaFw0yNzA2MDMxNTUxNDJaMDMxMTAvBgNV
BAMTKDY1ODM3QTU1RjM3NTgzNEZEQzE3RjYyNEQ1NDEzMUFGNzlCQzM5MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTYdq0is2jsfjomjTJCkJNaejz
LiByezVpsEdlc7vB2KzQpcFr+Hr3Eom+3vHDbB8bCl8ru4HvQ4bE66cPyr4qYW7t
YFlitLZOE4l89fMNEMAF1ZN21RDRC6llpaCR1w2ORP0pBBbLa/p0D3YYUhRSUYwO
/SxfaSPBdc7IRIAZWLZMbwRsefb05ZVVcrwb2nRxd6Ar6vGuKhC1owzZIGRjDJfr
ddkrg4/LBNcgo+BZQwwYhi4zfkAw42kK03gkX28D2FDcm7F9tTq7k201vv9mebUW
DQnTGcgAk42PAYG6M0cxgpcX9QWxvI8y+9yOCSNAjC0J6EJZ92xK2cp/ta4bAgMB
AAGjggHkMIIB4DAdBgNVHQ4EFgQUZYN6VfN1g0/cF/Yk1UExr3m8OQswHwYDVR0j
BBgwFoAUSt1UZnIwhEkO9JHGGbi8YaMoqLYwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC8wLzRBREQ1NDY2NzIzMDg0NDkwRUY0OTFDNjE5QjhCQzYxQTMyOEE4QjYuY3Js
MGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9TdDFVWm5Jd2hFa085SkhHR2JpOFlhTW9x
TFkuY2VyMIGDBggrBgEFBQcBCwR3MHUwcwYIKwYBBQUHMAuGZ3JzeW5jOi8va3Jp
bGwuNDcyNzIubmV0L3JlcG8vSFlFSE9TVC8wLzMyMzAzMDMxM2EzNjM3NjMzYTY0
MzkzMDNhM2EyZjM0MzgyZDMxMzIzODIwM2QzZTIwMzQzNzMyMzczMi5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACABBnwNkDANBgkqhkiG9w0BAQsFAAOCAQEAmF0SZwIbu0Zxt1ud+H+7+KSp
sOdjorm9ILUZdAjz9qjtKpGDxXbKQiz/+a4/p40z9XgzZItf+hjZ4fprSC6aohZy
u5ZHpyis85gNQyOeg+f+5kd4Uwxox2FD52L0YRiCsZ/WCyV0JYjqfVF3c4CBYSP4
+1AACTGg0F+exEXqbu1/CKgs4FCikqVBxCVvKhyWsKafggvZw2zUKeVZKjYYRDSj
ixYgtXGSz94dOQm6aAFpdmQLbZbsufawvdi+wEZFUXflCCELUAwMtTKas7YJWrLE
kDkXVBJUKH4cKX0Xh+RJkEPIie65JzZl1f1i4h2T447/Sat0dB+Q3TXwrBhHIA==
-----END CERTIFICATE-----