Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS198138.roa
File:                     AS198138.roa (raw, json)
Hash identifier:          4b3uenSqPiMGJrqHLsjjB5G89NDbpHbn5owmMRwh2vo=
Subject key identifier:   3A:C0:34:F3:D6:9D:36:C1:0C:C3:02:FD:65:17:C3:B1:B6:3D:6C:33
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       6C0B4CA77F6E79B19BDBE5A8D52509BF2258AF1F
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS198138.roa
Signing time:             Tue 09 Jun 2026 10:57:13 +0000
ROA not before:           Tue 09 Jun 2026 10:52:13 +0000
ROA not after:            Tue 08 Jun 2027 10:57:13 +0000
asID:                     198138
IP address blocks:        2a0f:6284:7000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:55:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:0b:4c:a7:7f:6e:79:b1:9b:db:e5:a8:d5:25:09:bf:22:58:af:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jun  9 10:52:13 2026 GMT
            Not After : Jun  8 10:57:13 2027 GMT
        Subject: CN=3AC034F3D69D36C10CC302FD6517C3B1B63D6C33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:33:7d:7f:76:76:fd:e8:92:af:e3:e3:75:d6:
                    63:ec:96:f5:f1:01:2a:b9:0a:36:fd:2d:e4:7e:06:
                    40:8c:3e:ad:b1:53:03:f9:1b:5a:18:2f:79:b5:f9:
                    ae:67:28:4b:3c:65:e2:dc:7c:6d:2c:42:a1:76:1c:
                    d1:48:94:db:39:db:3b:7b:20:1a:dd:5a:9f:b0:99:
                    1d:a4:d0:b4:68:8b:71:b5:19:e4:6b:52:22:9a:ed:
                    e1:79:ba:42:34:68:2c:bb:49:0d:23:35:f8:92:1a:
                    f5:bd:af:33:cd:82:c5:65:98:2f:e5:2d:39:b9:56:
                    8c:04:e7:2a:a2:19:d2:69:05:23:62:b8:4a:9a:69:
                    6e:e6:32:91:5c:44:6f:2b:5b:e4:57:83:de:70:78:
                    ae:70:81:7a:63:53:4d:96:b3:70:e8:0c:6e:f1:8d:
                    44:56:1d:51:60:4b:b2:60:fc:ee:00:0a:d6:f2:5a:
                    ad:df:9a:56:eb:83:fc:19:57:ae:9b:54:06:29:84:
                    3e:7d:66:73:9b:74:de:94:ab:21:11:ed:19:d3:53:
                    16:03:6a:b2:b4:e5:bb:38:75:98:21:7c:c4:33:f5:
                    7f:e4:dc:4e:c6:a6:59:9b:f4:57:09:e0:a9:40:61:
                    ec:ba:73:d8:14:48:86:85:09:06:f6:fe:26:b0:9b:
                    b7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:C0:34:F3:D6:9D:36:C1:0C:C3:02:FD:65:17:C3:B1:B6:3D:6C:33
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS198138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:7000::/36

    Signature Algorithm: sha256WithRSAEncryption
         35:f6:e9:fa:d8:d5:66:c9:ea:bd:2f:b2:5a:8d:36:f8:5f:e8:
         bd:a1:a0:31:8b:75:85:db:c9:ca:73:1f:44:3b:04:39:77:33:
         95:bf:a1:52:19:6c:6a:e6:bd:60:a7:da:45:47:53:13:76:8e:
         24:3c:94:e7:4e:6b:9f:d0:f2:66:5f:cc:22:d0:33:b7:2f:e6:
         5d:b2:98:33:6d:ff:e1:df:3a:c5:62:5f:a5:2d:20:5d:72:64:
         12:f3:45:7a:61:3a:1c:17:20:35:09:f8:0d:3e:ea:2f:12:4e:
         e0:c4:95:0f:4e:5f:d9:3c:4f:f0:ff:7c:eb:de:5b:61:62:62:
         d0:f2:60:ba:d0:70:b4:ec:cd:6d:56:08:ad:b4:40:11:36:83:
         3c:a0:a7:36:91:96:34:ac:c4:28:a0:d9:6b:1a:f8:60:2c:b6:
         bc:be:3c:45:90:93:bf:9f:de:a8:ad:49:41:b4:1f:a7:b2:6f:
         87:37:b4:97:c0:43:4e:70:09:ad:fd:e8:fa:c9:2f:e5:89:b1:
         7e:56:f4:98:ff:e8:18:fe:16:b1:01:4d:22:16:82:24:2c:97:
         61:76:90:2e:5f:d4:51:2d:42:99:6b:79:84:7f:d9:2d:e2:ae:
         be:02:16:dc:c7:bd:ee:17:b8:4f:55:f8:f7:de:64:7a:be:46:
         19:f4:48:73
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUbAtMp39uebGb2+Wo1SUJvyJYrx8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA2MDkxMDUyMTNaFw0yNzA2MDgxMDU3MTNaMDMxMTAvBgNV
BAMTKDNBQzAzNEYzRDY5RDM2QzEwQ0MzMDJGRDY1MTdDM0IxQjYzRDZDMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSM31/dnb96JKv4+N11mPslvXx
ASq5Cjb9LeR+BkCMPq2xUwP5G1oYL3m1+a5nKEs8ZeLcfG0sQqF2HNFIlNs52zt7
IBrdWp+wmR2k0LRoi3G1GeRrUiKa7eF5ukI0aCy7SQ0jNfiSGvW9rzPNgsVlmC/l
LTm5VowE5yqiGdJpBSNiuEqaaW7mMpFcRG8rW+RXg95weK5wgXpjU02Ws3DoDG7x
jURWHVFgS7Jg/O4ACtbyWq3fmlbrg/wZV66bVAYphD59ZnObdN6UqyER7RnTUxYD
arK05bs4dZghfMQz9X/k3E7Gplmb9FcJ4KlAYey6c9gUSIaFCQb2/iawm7e/AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUOsA089adNsEMwwL9ZRfDsbY9bDMwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMxOTgxMzgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
D2KEcDANBgkqhkiG9w0BAQsFAAOCAQEANfbp+tjVZsnqvS+yWo02+F/ovaGgMYt1
hdvJynMfRDsEOXczlb+hUhlsaua9YKfaRUdTE3aOJDyU505rn9DyZl/MItAzty/m
XbKYM23/4d86xWJfpS0gXXJkEvNFemE6HBcgNQn4DT7qLxJO4MSVD05f2TxP8P98
695bYWJi0PJgutBwtOzNbVYIrbRAETaDPKCnNpGWNKzEKKDZaxr4YCy2vL48RZCT
v5/eqK1JQbQfp7Jvhze0l8BDTnAJrf3o+skv5Ymxflb0mP/oGP4WsQFNIhaCJCyX
YXaQLl/UUS1CmWt5hH/ZLeKuvgIW3Me97he4T1X4995ker5GGfRIcw==
-----END CERTIFICATE-----