Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS209874.roa
File:                     AS209874.roa (raw, json)
Hash identifier:          Ral5hqkFALbvNm1JYnroC3wXU+4scLEhtvyB8vrPVU4=
Subject key identifier:   9E:E3:DC:E4:62:FC:C3:A1:B7:63:E8:3F:E1:2F:0B:33:0D:9C:B1:F6
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       1642CC40D9E00D586F71401D0EBDBCE0EBB2158F
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS209874.roa
Signing time:             Fri 25 Jul 2025 14:16:58 +0000
ROA not before:           Fri 25 Jul 2025 14:11:58 +0000
ROA not after:            Fri 24 Jul 2026 14:16:58 +0000
asID:                     209874
IP address blocks:        2a0f:6283:4000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:42:cc:40:d9:e0:0d:58:6f:71:40:1d:0e:bd:bc:e0:eb:b2:15:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul 25 14:11:58 2025 GMT
            Not After : Jul 24 14:16:58 2026 GMT
        Subject: CN=9EE3DCE462FCC3A1B763E83FE12F0B330D9CB1F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d1:45:3c:3e:18:cf:41:d1:f5:b0:e6:b3:c4:
                    dd:40:99:4e:3e:cf:c8:24:8d:f0:74:a8:e0:8b:64:
                    6e:b0:32:e3:55:94:91:22:8c:f4:57:4c:ac:ab:75:
                    b2:31:01:a2:31:fb:ca:4a:84:65:3a:53:06:66:0f:
                    d8:69:63:96:9c:68:09:ce:c8:05:85:4e:77:b0:ba:
                    ff:d8:92:7b:47:60:18:72:06:f2:ae:b4:82:de:b9:
                    9d:04:57:f0:c8:ca:4f:23:37:81:67:33:71:71:63:
                    c0:88:1c:67:4c:e6:89:d3:1f:1e:dd:19:2f:c2:f8:
                    2e:c2:0d:8d:8a:fd:7a:b9:2f:41:8a:06:5c:cc:ff:
                    7f:ef:f2:d3:88:97:cd:de:35:fa:6f:e8:6d:d3:bb:
                    33:94:50:b2:b2:2c:4e:7c:2f:fd:b0:db:5d:c3:0c:
                    2b:1a:ff:38:3f:12:98:43:f8:8f:af:92:1e:6b:48:
                    03:70:52:61:a1:77:0f:d3:7f:cc:a6:3e:49:2e:49:
                    c0:92:b0:a2:e7:f8:4b:f6:99:d8:cb:d9:87:bc:75:
                    7f:13:fe:55:02:39:ec:f8:48:1d:b9:97:57:23:69:
                    d1:29:07:39:1c:e4:06:bb:19:ff:83:e7:0e:e1:da:
                    f9:86:01:56:3b:0e:83:cb:ad:dc:c1:f7:2e:df:98:
                    f0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:E3:DC:E4:62:FC:C3:A1:B7:63:E8:3F:E1:2F:0B:33:0D:9C:B1:F6
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS209874.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6283:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         05:4e:4b:46:0d:5a:47:7e:08:02:87:20:79:fc:af:2b:be:f1:
         8e:14:55:ae:8e:44:72:15:fa:88:1c:99:c0:94:c2:a4:25:e3:
         2e:f9:03:72:e6:6b:2d:6a:b3:81:95:71:04:e5:f4:a5:eb:4a:
         1e:e9:61:b6:cd:e9:e5:13:ee:33:04:3f:69:f0:de:a0:09:1f:
         a7:b2:ba:0e:3b:35:ca:ee:e8:d1:75:c6:df:f7:ab:a7:74:37:
         e4:69:2c:62:1b:f4:59:fd:dd:85:5a:c2:be:05:a4:e8:c9:3c:
         a1:1d:d4:df:31:46:d3:50:ea:f2:d6:31:32:6c:cb:8e:6e:05:
         54:32:09:21:50:f4:b3:fa:e1:57:cd:39:23:84:1e:19:45:f2:
         cf:81:7c:ea:f3:6b:e7:26:ff:50:47:e7:28:07:ec:a4:ae:da:
         d4:ca:0e:c2:81:90:45:c5:da:23:d6:9e:f1:fa:ac:04:ac:e6:
         17:f4:1d:12:cb:6f:da:e3:95:55:95:73:75:63:6b:7e:2d:f1:
         54:d9:c2:63:1d:e7:0f:37:ce:cb:99:22:72:4a:e4:bf:01:77:
         63:a9:ac:ec:04:37:e1:6c:44:04:c2:d5:63:c6:8c:a2:5e:52:
         2c:41:d4:2a:d8:1f:cc:69:93:0c:00:4f:44:82:e3:99:89:c5:
         c3:bc:da:83
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUFkLMQNngDVhvcUAdDr284OuyFY8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MjUxNDExNThaFw0yNjA3MjQxNDE2NThaMDMxMTAvBgNV
BAMTKDlFRTNEQ0U0NjJGQ0MzQTFCNzYzRTgzRkUxMkYwQjMzMEQ5Q0IxRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn0UU8PhjPQdH1sOazxN1AmU4+
z8gkjfB0qOCLZG6wMuNVlJEijPRXTKyrdbIxAaIx+8pKhGU6UwZmD9hpY5acaAnO
yAWFTnewuv/YkntHYBhyBvKutILeuZ0EV/DIyk8jN4FnM3FxY8CIHGdM5onTHx7d
GS/C+C7CDY2K/Xq5L0GKBlzM/3/v8tOIl83eNfpv6G3TuzOUULKyLE58L/2w213D
DCsa/zg/EphD+I+vkh5rSANwUmGhdw/Tf8ymPkkuScCSsKLn+Ev2mdjL2Ye8dX8T
/lUCOez4SB25l1cjadEpBzkc5Aa7Gf+D5w7h2vmGAVY7DoPLrdzB9y7fmPATAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUnuPc5GL8w6G3Y+g/4S8LMw2csfYwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDk4NzQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
D2KDQDANBgkqhkiG9w0BAQsFAAOCAQEABU5LRg1aR34IAocgefyvK77xjhRVro5E
chX6iByZwJTCpCXjLvkDcuZrLWqzgZVxBOX0petKHulhts3p5RPuMwQ/afDeoAkf
p7K6Djs1yu7o0XXG3/erp3Q35GksYhv0Wf3dhVrCvgWk6Mk8oR3U3zFG01Dq8tYx
MmzLjm4FVDIJIVD0s/rhV805I4QeGUXyz4F86vNr5yb/UEfnKAfspK7a1MoOwoGQ
RcXaI9ae8fqsBKzmF/QdEstv2uOVVZVzdWNrfi3xVNnCYx3nDzfOy5kickrkvwF3
Y6ms7AQ34WxEBMLVY8aMol5SLEHUKtgfzGmTDABPRILjmYnFw7zagw==
-----END CERTIFICATE-----