Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          rpq1A1dRZUYTJxHxVW7yuKsGZO2afAwqnQ4GFWBvgao=
Subject key identifier:   F3:86:88:9F:77:69:AD:FE:3D:C8:E2:2D:C5:E2:4C:7B:04:B7:43:D1
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       27A77FD5E0C9355120142079C77C8AB88A91F793
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa
Signing time:             Fri 12 Jun 2026 06:00:09 +0000
ROA not before:           Fri 12 Jun 2026 05:55:09 +0000
ROA not after:            Fri 11 Jun 2027 06:00:09 +0000
asID:                     0
IP address blocks:        2a0f:6282:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:55:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:a7:7f:d5:e0:c9:35:51:20:14:20:79:c7:7c:8a:b8:8a:91:f7:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jun 12 05:55:09 2026 GMT
            Not After : Jun 11 06:00:09 2027 GMT
        Subject: CN=F386889F7769ADFE3DC8E22DC5E24C7B04B743D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:07:6f:dd:84:ec:35:35:90:f0:a2:ef:13:d4:
                    ed:84:c8:e1:52:d2:41:7c:76:1d:c0:d2:bd:5e:e2:
                    fa:d8:9c:f5:95:98:19:f4:74:29:fc:a9:ec:2f:eb:
                    08:7d:2b:f9:53:f0:54:50:bc:ae:a4:31:36:62:08:
                    12:f4:ee:ce:8f:76:16:73:b7:3b:0f:d4:3c:2b:3d:
                    9c:2d:f7:93:95:f9:9b:1f:93:68:f9:5f:62:32:06:
                    c3:ed:43:e3:b1:9a:9d:e6:fd:aa:77:c1:98:8f:04:
                    9e:bc:78:62:00:c4:04:ec:fa:95:12:3d:e5:0d:bb:
                    06:f8:c1:75:38:c2:74:fe:1f:b6:cb:5a:61:b1:7c:
                    b7:7a:c6:45:6b:9d:9e:bd:3c:f5:70:48:c0:10:a4:
                    ca:fb:75:08:82:e3:32:90:14:32:d5:f3:90:8a:bc:
                    75:31:bf:07:8c:85:85:4c:45:fe:70:50:3b:3b:17:
                    56:0f:21:62:8d:eb:d1:83:15:b4:a4:86:39:1b:3e:
                    74:55:e0:10:20:12:bf:b3:3b:79:91:f3:90:3f:c7:
                    c5:99:d2:8e:4f:48:fb:9b:71:32:5b:5d:97:9f:85:
                    73:42:5f:28:19:b2:51:61:bc:04:d1:69:12:a7:4f:
                    0d:53:7f:8f:0b:00:32:52:c0:13:ce:d2:c3:5e:37:
                    c6:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:86:88:9F:77:69:AD:FE:3D:C8:E2:2D:C5:E2:4C:7B:04:B7:43:D1
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6282:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         33:fc:dc:f9:5f:59:e7:ea:35:e4:10:f4:c7:6d:bb:83:c5:6d:
         4d:fd:45:66:1a:df:35:d3:11:b9:06:8a:a7:23:8b:1c:1d:14:
         fa:f2:b3:e3:ee:a7:16:ba:0f:64:70:01:ea:ed:10:d2:31:c2:
         ad:67:9d:a8:96:81:1d:00:11:fd:28:45:9a:0e:95:cb:19:04:
         e6:26:46:8f:e6:b3:82:4a:18:3e:4c:c9:d6:ec:14:b1:a8:80:
         e9:01:ff:ee:bd:99:72:ba:8c:3a:49:88:38:0a:17:98:38:da:
         6a:82:c7:fd:97:3b:41:ba:90:e6:4d:12:47:be:73:c4:1b:2e:
         b6:9c:5d:6b:0e:02:1f:1b:1e:0c:98:ea:bf:93:f0:f8:c4:51:
         f5:bd:27:2a:ab:a0:9f:2a:95:0c:df:db:c0:11:c8:b8:c9:d3:
         5e:b3:c4:a8:7f:51:f0:99:6c:41:34:05:a6:a6:11:91:34:58:
         d9:89:3f:d5:06:44:e3:74:ef:30:e7:5d:be:a3:56:93:92:66:
         fd:f5:c2:3a:d2:78:f3:74:4b:36:79:80:9e:d4:8a:13:80:03:
         4d:75:a4:d1:c3:ee:a1:6f:8a:a0:76:ae:28:67:61:6e:cd:e9:
         b1:94:1c:6f:3c:14:65:40:e8:98:ff:2d:ce:73:9e:ae:a4:e4:
         f6:6d:ae:14
-----BEGIN CERTIFICATE-----
MIIEzzCCA7egAwIBAgIUJ6d/1eDJNVEgFCB5x3yKuIqR95MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA2MTIwNTU1MDlaFw0yNzA2MTEwNjAwMDlaMDMxMTAvBgNV
BAMTKEYzODY4ODlGNzc2OUFERkUzREM4RTIyREM1RTI0QzdCMDRCNzQzRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCB2/dhOw1NZDwou8T1O2EyOFS
0kF8dh3A0r1e4vrYnPWVmBn0dCn8qewv6wh9K/lT8FRQvK6kMTZiCBL07s6PdhZz
tzsP1DwrPZwt95OV+Zsfk2j5X2IyBsPtQ+Oxmp3m/ap3wZiPBJ68eGIAxATs+pUS
PeUNuwb4wXU4wnT+H7bLWmGxfLd6xkVrnZ69PPVwSMAQpMr7dQiC4zKQFDLV85CK
vHUxvweMhYVMRf5wUDs7F1YPIWKN69GDFbSkhjkbPnRV4BAgEr+zO3mR85A/x8WZ
0o5PSPubcTJbXZefhXNCXygZslFhvATRaRKnTw1Tf48LADJSwBPO0sNeN8a/AgMB
AAGjggHZMIIB1TAdBgNVHQ4EFgQU84aIn3dprf49yOItxeJMewS3Q9EwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyMEoGCCsGAQUFBwELBD4wPDA6BggrBgEFBQcwC4YucnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg9ighAw
DQYJKoZIhvcNAQELBQADggEBADP83PlfWefqNeQQ9Mdtu4PFbU39RWYa3zXTEbkG
iqcjixwdFPrys+Pupxa6D2RwAertENIxwq1nnaiWgR0AEf0oRZoOlcsZBOYmRo/m
s4JKGD5MydbsFLGogOkB/+69mXK6jDpJiDgKF5g42mqCx/2XO0G6kOZNEke+c8Qb
LracXWsOAh8bHgyY6r+T8PjEUfW9JyqroJ8qlQzf28ARyLjJ016zxKh/UfCZbEE0
BaamEZE0WNmJP9UGRON07zDnXb6jVpOSZv31wjrSePN0SzZ5gJ7UihOAA011pNHD
7qFviqB2rihnYW7N6bGUHG88FGVA6Jj/Lc5znq6k5PZtrhQ=
-----END CERTIFICATE-----