Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS208913.roa
File:                     AS208913.roa (raw, json)
Hash identifier:          8mllHoNPsIx+d4DQkFcwAPl1vte0iImUoz6PEgExMLE=
Subject key identifier:   8E:15:12:77:F3:64:6D:F6:E3:5D:C1:22:37:8B:7B:D9:18:54:18:17
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       1EC8F29532D8E1D5494C0002BBA2430D39E5F0DF
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS208913.roa
Signing time:             Thu 03 Jul 2025 15:53:08 +0000
ROA not before:           Thu 03 Jul 2025 15:48:08 +0000
ROA not after:            Thu 02 Jul 2026 15:53:08 +0000
asID:                     208913
IP address blocks:        2a05:dfc3:fd30::/44 maxlen: 52
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:43:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:c8:f2:95:32:d8:e1:d5:49:4c:00:02:bb:a2:43:0d:39:e5:f0:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:08 2025 GMT
            Not After : Jul  2 15:53:08 2026 GMT
        Subject: CN=8E151277F3646DF6E35DC122378B7BD918541817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:c2:55:51:bc:c3:75:df:9b:d6:52:00:eb:3b:
                    d8:6b:9e:9b:df:24:77:41:33:91:67:bb:c4:39:12:
                    62:5f:d4:b2:14:1e:83:47:a1:09:22:28:50:19:44:
                    de:39:7d:50:ba:00:6c:b6:b3:76:df:ac:a7:36:eb:
                    e2:14:62:10:e2:3a:22:05:ce:a5:ba:f3:e6:71:22:
                    81:3b:26:ad:e6:51:ea:99:84:e4:85:a7:41:78:51:
                    a2:22:28:7b:13:16:f5:f1:38:ae:18:c9:c8:25:05:
                    16:ed:fd:27:95:fd:b7:e0:f6:b4:d4:d7:5c:ad:ac:
                    95:23:ca:86:43:0d:ba:65:66:e3:fc:ac:25:60:f8:
                    36:c1:9f:34:8d:6c:c6:73:59:8f:ad:3f:8f:c1:9d:
                    b1:83:32:31:4f:c9:d6:ea:c1:a7:a7:73:95:b6:13:
                    37:0f:62:30:04:2a:a7:e8:26:92:00:15:1b:cc:55:
                    bd:1a:82:c8:5c:ea:04:ed:d1:82:d5:44:e5:2b:98:
                    0a:15:43:c8:d0:7c:cf:2e:3d:19:85:f5:52:83:28:
                    2c:2d:d5:61:e4:54:33:b6:7c:df:0c:ac:6a:24:44:
                    e3:ed:07:af:0d:8d:68:88:01:3e:22:75:90:fe:19:
                    62:6c:e5:62:7b:07:68:52:5e:d3:7a:39:22:a2:9e:
                    3e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:15:12:77:F3:64:6D:F6:E3:5D:C1:22:37:8B:7B:D9:18:54:18:17
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS208913.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3:fd30::/44

    Signature Algorithm: sha256WithRSAEncryption
         69:1f:06:14:4f:76:8f:57:c6:ec:d1:4b:17:33:5b:1a:3e:3d:
         da:58:68:04:d9:3e:6b:0b:c0:4d:69:43:90:49:03:49:15:d9:
         2e:dd:56:3e:04:d3:d9:ec:aa:6a:2a:38:3e:8f:ae:4e:51:e3:
         82:19:b5:52:1b:b4:f1:04:3a:40:b5:27:3c:42:c1:5c:9c:40:
         0f:ea:2f:b0:1b:93:ac:9b:51:b8:c7:97:d9:0d:f8:ba:2c:0e:
         97:f5:af:2b:3a:64:57:25:b0:09:95:6a:7a:d5:30:75:0a:60:
         43:0f:fb:1a:df:b7:74:9c:f5:06:1d:53:36:de:8a:9f:52:00:
         a3:26:40:6f:34:b9:46:3f:1c:6f:9d:81:d3:ee:de:80:ed:bd:
         a1:eb:06:2f:90:4a:5d:77:39:9d:31:d8:fa:d4:a1:84:2e:de:
         0e:62:be:f5:05:b1:d0:f7:9b:9d:2b:0d:95:af:68:ab:76:bc:
         23:ac:79:aa:d2:fb:f8:d3:24:4e:3c:aa:a6:06:80:24:61:5b:
         e4:13:ce:31:13:f0:78:d0:f7:a8:c9:c9:a5:ad:58:16:ad:19:
         47:10:cf:e7:4f:37:9d:4e:ce:0c:b5:e7:7c:eb:7e:8c:96:16:
         45:b7:b6:c9:da:38:5d:67:14:d9:03:fc:41:f6:48:a6:6d:5d:
         36:a4:53:3e
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUHsjylTLY4dVJTAACu6JDDTnl8N8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDhaFw0yNjA3MDIxNTUzMDhaMDMxMTAvBgNV
BAMTKDhFMTUxMjc3RjM2NDZERjZFMzVEQzEyMjM3OEI3QkQ5MTg1NDE4MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxwlVRvMN135vWUgDrO9hrnpvf
JHdBM5Fnu8Q5EmJf1LIUHoNHoQkiKFAZRN45fVC6AGy2s3bfrKc26+IUYhDiOiIF
zqW68+ZxIoE7Jq3mUeqZhOSFp0F4UaIiKHsTFvXxOK4YycglBRbt/SeV/bfg9rTU
11ytrJUjyoZDDbplZuP8rCVg+DbBnzSNbMZzWY+tP4/BnbGDMjFPydbqwaenc5W2
EzcPYjAEKqfoJpIAFRvMVb0agshc6gTt0YLVROUrmAoVQ8jQfM8uPRmF9VKDKCwt
1WHkVDO2fN8MrGokROPtB68NjWiIAT4idZD+GWJs5WJ7B2hSXtN6OSKinj4/AgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUjhUSd/NkbfbjXcEiN4t72RhUGBcwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDg5MTMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQq
Bd/D/TAwDQYJKoZIhvcNAQELBQADggEBAGkfBhRPdo9XxuzRSxczWxo+PdpYaATZ
PmsLwE1pQ5BJA0kV2S7dVj4E09nsqmoqOD6Prk5R44IZtVIbtPEEOkC1JzxCwVyc
QA/qL7Abk6ybUbjHl9kN+LosDpf1rys6ZFclsAmVanrVMHUKYEMP+xrft3Sc9QYd
Uzbeip9SAKMmQG80uUY/HG+dgdPu3oDtvaHrBi+QSl13OZ0x2PrUoYQu3g5ivvUF
sdD3m50rDZWvaKt2vCOsearS+/jTJE48qqYGgCRhW+QTzjET8HjQ96jJyaWtWBat
GUcQz+dPN51Ozgy153zrfoyWFkW3tsnaOF1nFNkD/EH2SKZtXTakUz4=
-----END CERTIFICATE-----