Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS204208.roa
File:                     AS204208.roa (raw, json)
Hash identifier:          M/4KZeQjxfK0+xLY0dleWI4rZr3QIX7BwhKxvAwrAR0=
Subject key identifier:   B6:C4:9D:86:3F:1E:F1:EB:F6:3F:0A:1E:9C:45:0A:A6:D9:8A:C7:C7
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       016DD78D7C3A09D7C987ADB5CB204EA2E8E0FC2D
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS204208.roa
Signing time:             Fri 12 Jun 2026 16:58:22 +0000
ROA not before:           Fri 12 Jun 2026 16:53:22 +0000
ROA not after:            Fri 11 Jun 2027 16:58:22 +0000
asID:                     204208
IP address blocks:        2a05:dfc3::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:55:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:6d:d7:8d:7c:3a:09:d7:c9:87:ad:b5:cb:20:4e:a2:e8:e0:fc:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jun 12 16:53:22 2026 GMT
            Not After : Jun 11 16:58:22 2027 GMT
        Subject: CN=B6C49D863F1EF1EBF63F0A1E9C450AA6D98AC7C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:47:e6:54:9c:68:e8:79:9a:96:cd:51:c4:75:
                    4c:98:62:f7:45:41:48:d9:5f:a0:9c:58:e4:2d:08:
                    81:ff:5d:2f:97:df:b1:1d:dd:ed:91:a5:0b:b1:9d:
                    d6:3e:31:bd:59:42:20:d8:43:45:9c:85:f8:be:5f:
                    fe:c5:70:8c:14:f9:81:fb:8a:c2:63:ed:ba:f3:ea:
                    b6:e9:d0:fa:02:fc:40:cd:6d:bf:4b:3f:3a:79:9e:
                    c3:3e:ed:ca:5f:43:e3:af:7b:a0:a5:09:31:5b:ea:
                    ed:2e:5c:cf:29:bb:4a:80:54:56:4b:3c:af:5d:32:
                    4f:59:91:79:03:62:f7:eb:21:15:d2:9b:ed:6d:67:
                    16:cd:38:3b:ba:61:a5:1c:ec:2d:5d:97:10:7d:36:
                    f9:55:5e:a6:0b:10:e7:d5:28:94:f7:1c:38:84:d3:
                    ec:53:23:86:45:f8:0f:1b:6b:2a:4d:79:93:7f:88:
                    b9:f5:88:d9:66:27:c2:75:0a:46:62:38:37:1b:db:
                    be:ac:14:a0:77:d1:31:10:f0:94:05:0b:ad:84:46:
                    6c:f3:c5:11:17:45:a8:11:cb:29:c2:63:cb:9b:cd:
                    1e:2d:7a:11:06:9d:47:5b:9d:9b:85:93:30:97:87:
                    1e:d6:a3:c8:d9:00:3a:e0:8c:87:d6:19:f9:c6:79:
                    57:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:C4:9D:86:3F:1E:F1:EB:F6:3F:0A:1E:9C:45:0A:A6:D9:8A:C7:C7
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS204208.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3::/40

    Signature Algorithm: sha256WithRSAEncryption
         88:2d:34:a9:b9:28:f3:88:de:e0:a8:e2:92:79:b1:72:a4:cd:
         3a:aa:37:3d:cf:ca:bd:49:41:42:7f:13:da:68:84:85:aa:1d:
         85:e9:0f:34:28:e3:9c:b7:0c:57:bb:f3:37:93:79:8b:20:dc:
         4d:60:ef:63:d9:79:c2:c1:43:ad:1a:71:7f:f9:91:6d:dc:09:
         46:c5:56:1b:84:18:29:e0:06:00:fa:3c:0f:84:8d:a4:39:dd:
         14:f0:f6:66:a0:dc:1c:23:f3:67:d6:bf:d4:a5:6a:6f:50:70:
         64:d0:9f:0c:c8:24:f8:b1:7b:9d:97:d4:b0:b9:86:03:74:68:
         3c:3a:20:e1:78:58:d7:88:dc:a0:06:17:b7:50:0e:11:1b:fb:
         05:cb:47:f6:24:ee:bc:26:3a:92:5f:72:db:17:93:58:95:5d:
         94:6a:1e:ee:42:09:a4:73:e7:88:1b:7f:27:7c:89:45:c8:70:
         52:46:dc:ea:3f:04:54:54:ae:86:b1:1c:9f:1f:7a:a8:16:b8:
         d6:a3:59:df:bb:0c:07:ac:ad:94:7b:06:48:90:d6:bd:04:f9:
         a8:87:d0:1e:64:68:4d:5e:b2:0b:2a:c6:bf:f1:9b:71:4d:13:
         b7:8f:68:d7:b8:1f:d7:fc:1d:98:86:94:6e:6e:be:17:b1:84:
         f4:22:48:40
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUAW3XjXw6CdfJh621yyBOoujg/C0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA2MTIxNjUzMjJaFw0yNzA2MTExNjU4MjJaMDMxMTAvBgNV
BAMTKEI2QzQ5RDg2M0YxRUYxRUJGNjNGMEExRTlDNDUwQUE2RDk4QUM3QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOR+ZUnGjoeZqWzVHEdUyYYvdF
QUjZX6CcWOQtCIH/XS+X37Ed3e2RpQuxndY+Mb1ZQiDYQ0Wchfi+X/7FcIwU+YH7
isJj7brz6rbp0PoC/EDNbb9LPzp5nsM+7cpfQ+Ove6ClCTFb6u0uXM8pu0qAVFZL
PK9dMk9ZkXkDYvfrIRXSm+1tZxbNODu6YaUc7C1dlxB9NvlVXqYLEOfVKJT3HDiE
0+xTI4ZF+A8baypNeZN/iLn1iNlmJ8J1CkZiODcb276sFKB30TEQ8JQFC62ERmzz
xREXRagRyynCY8ubzR4tehEGnUdbnZuFkzCXhx7Wo8jZADrgjIfWGfnGeVfhAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUtsSdhj8e8ev2PwoenEUKptmKx8cwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDQyMDgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
Bd/DADANBgkqhkiG9w0BAQsFAAOCAQEAiC00qbko84je4KjiknmxcqTNOqo3Pc/K
vUlBQn8T2miEhaodhekPNCjjnLcMV7vzN5N5iyDcTWDvY9l5wsFDrRpxf/mRbdwJ
RsVWG4QYKeAGAPo8D4SNpDndFPD2ZqDcHCPzZ9a/1KVqb1BwZNCfDMgk+LF7nZfU
sLmGA3RoPDog4XhY14jcoAYXt1AOERv7BctH9iTuvCY6kl9y2xeTWJVdlGoe7kIJ
pHPniBt/J3yJRchwUkbc6j8EVFSuhrEcnx96qBa41qNZ37sMB6ytlHsGSJDWvQT5
qIfQHmRoTV6yCyrGv/GbcU0Tt49o17gf1/wdmIaUbm6+F7GE9CJIQA==
-----END CERTIFICATE-----