Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS153997.roa
File:                     AS153997.roa (raw, json)
Hash identifier:          YYHxMJMkCGJugb70BmAKsSXNkdQBM/fVmABvLlC3/W0=
Subject key identifier:   8A:CB:DE:7D:33:F5:FF:6A:8A:1D:00:BF:1B:3E:CF:F0:BE:1A:67:69
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       454B6103F6FE58B39223504469ED4C45BC283B7D
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS153997.roa
Signing time:             Tue 24 Feb 2026 03:25:36 +0000
ROA not before:           Tue 24 Feb 2026 03:20:36 +0000
ROA not after:            Tue 23 Feb 2027 03:25:36 +0000
asID:                     153997
IP address blocks:        2a0f:6284:e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:08:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:4b:61:03:f6:fe:58:b3:92:23:50:44:69:ed:4c:45:bc:28:3b:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Feb 24 03:20:36 2026 GMT
            Not After : Feb 23 03:25:36 2027 GMT
        Subject: CN=8ACBDE7D33F5FF6A8A1D00BF1B3ECFF0BE1A6769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9f:38:dd:28:16:ae:c3:8b:b1:97:fe:7c:b0:
                    2d:d2:36:e4:da:6a:1f:6b:67:76:df:67:8e:b3:88:
                    66:8b:9a:73:63:6a:b4:1b:08:0b:4f:75:d6:d7:f2:
                    d8:c3:a2:ad:66:fc:23:af:99:bb:01:4c:25:31:5c:
                    5a:81:51:4c:eb:05:66:09:5b:30:78:ad:5a:f2:d6:
                    95:66:2c:e5:09:d9:d1:54:95:ec:ec:28:76:e4:c0:
                    0f:23:96:b3:70:c2:c1:25:7e:53:4b:d8:fb:18:72:
                    ef:86:3e:01:99:de:73:06:8f:20:91:ea:b6:39:3d:
                    cf:00:fb:4a:90:a4:5e:ee:fe:4e:c9:6b:b1:fd:01:
                    e1:32:c0:5a:0e:75:7a:31:ee:62:74:ae:96:ce:42:
                    0b:8f:b9:d8:49:9f:8a:d8:28:18:3e:f0:31:12:12:
                    a7:2d:55:01:14:cb:38:4c:6a:36:6e:f5:1e:37:5f:
                    0d:ce:2b:7d:55:83:db:40:31:a2:b7:bb:0d:e8:e6:
                    9a:1a:3f:10:5f:96:53:2b:00:b4:7b:5d:20:63:f4:
                    31:5b:85:98:3d:1c:81:32:63:24:bd:89:25:d9:37:
                    2c:86:8a:df:e4:ff:54:9d:6e:6d:9f:7c:72:aa:9a:
                    0e:b7:91:6e:b5:6b:d0:e0:c9:cc:86:7f:76:f3:a5:
                    fe:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:CB:DE:7D:33:F5:FF:6A:8A:1D:00:BF:1B:3E:CF:F0:BE:1A:67:69
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS153997.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:e::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:d6:9a:82:2d:f9:37:65:6a:1c:10:b0:19:ee:a2:6b:09:34:
         a4:71:71:86:17:fa:c5:d6:d2:48:79:50:0b:1b:08:6e:6d:74:
         12:96:7f:a7:03:94:3c:6c:c9:79:99:92:af:9d:60:e8:8d:28:
         f5:5b:59:e5:25:ee:f2:59:83:8d:d7:99:be:20:17:d7:b6:da:
         2c:fb:26:78:0d:e5:25:8c:7f:61:c3:43:ae:27:83:80:0b:2a:
         9e:c4:3e:92:ec:21:a8:94:f1:79:85:30:39:29:1a:7b:00:ba:
         33:6c:da:e7:51:8f:d3:d3:19:c5:c4:c8:e8:b3:e6:47:81:4d:
         13:2d:f6:30:3b:ae:ce:6a:4d:67:06:85:c2:ff:b7:83:a4:c9:
         7e:25:b5:56:58:74:42:68:59:64:b7:dd:ac:c0:fb:a2:bd:64:
         2c:39:d6:45:5e:3d:43:aa:19:7b:21:84:d6:35:c4:fd:de:93:
         4d:c9:3f:2a:94:c7:b7:8e:fd:be:8f:a9:66:4a:7f:44:3d:d6:
         8d:fe:67:68:ae:dc:9f:29:92:e6:a7:33:e2:d1:77:57:6a:d7:
         dd:aa:cf:d7:b8:f2:de:fb:5a:73:2f:a7:cd:26:d1:22:d5:d0:
         87:5b:ff:6d:67:bf:a3:85:d7:28:f3:bb:d0:27:6e:84:1d:91:
         3c:11:24:12
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIURUthA/b+WLOSI1BEae1MRbwoO30wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjAyMjQwMzIwMzZaFw0yNzAyMjMwMzI1MzZaMDMxMTAvBgNV
BAMTKDhBQ0JERTdEMzNGNUZGNkE4QTFEMDBCRjFCM0VDRkYwQkUxQTY3NjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnnzjdKBauw4uxl/58sC3SNuTa
ah9rZ3bfZ46ziGaLmnNjarQbCAtPddbX8tjDoq1m/COvmbsBTCUxXFqBUUzrBWYJ
WzB4rVry1pVmLOUJ2dFUlezsKHbkwA8jlrNwwsElflNL2PsYcu+GPgGZ3nMGjyCR
6rY5Pc8A+0qQpF7u/k7Ja7H9AeEywFoOdXox7mJ0rpbOQguPudhJn4rYKBg+8DES
EqctVQEUyzhMajZu9R43Xw3OK31Vg9tAMaK3uw3o5poaPxBfllMrALR7XSBj9DFb
hZg9HIEyYyS9iSXZNyyGit/k/1Sdbm2ffHKqmg63kW61a9DgycyGf3bzpf6zAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUisvefTP1/2qKHQC/Gz7P8L4aZ2kwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMxNTM5OTcucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
D2KEAA4wDQYJKoZIhvcNAQELBQADggEBAGHWmoIt+TdlahwQsBnuomsJNKRxcYYX
+sXW0kh5UAsbCG5tdBKWf6cDlDxsyXmZkq+dYOiNKPVbWeUl7vJZg43Xmb4gF9e2
2iz7JngN5SWMf2HDQ64ng4ALKp7EPpLsIaiU8XmFMDkpGnsAujNs2udRj9PTGcXE
yOiz5keBTRMt9jA7rs5qTWcGhcL/t4OkyX4ltVZYdEJoWWS33azA+6K9ZCw51kVe
PUOqGXshhNY1xP3ek03JPyqUx7eO/b6PqWZKf0Q91o3+Z2iu3J8pkuanM+LRd1dq
192qz9e48t77WnMvp80m0SLV0Idb/21nv6OF1yjzu9AnboQdkTwRJBI=
-----END CERTIFICATE-----