Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS395878.roa
File:                     AS395878.roa (raw, json)
Hash identifier:          KYs0rCm85KdMkJsr+fTZWLCiK9gm+Xi562ZC6cbhf4A=
Subject key identifier:   99:1C:D6:4A:1D:0C:7F:C9:21:77:98:68:F7:50:D5:C0:D2:A5:C6:7E
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       3827C124C9F4A5D2E1783FE65A628E69803B3A04
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS395878.roa
Signing time:             Mon 03 Nov 2025 08:00:23 +0000
ROA not before:           Mon 03 Nov 2025 07:55:23 +0000
ROA not after:            Mon 02 Nov 2026 08:00:23 +0000
asID:                     395878
IP address blocks:        2a0f:6287:4000::/34 maxlen: 34
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 10:22:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:27:c1:24:c9:f4:a5:d2:e1:78:3f:e6:5a:62:8e:69:80:3b:3a:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Nov  3 07:55:23 2025 GMT
            Not After : Nov  2 08:00:23 2026 GMT
        Subject: CN=991CD64A1D0C7FC921779868F750D5C0D2A5C67E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5b:e0:bd:b0:c2:1e:c9:6d:09:69:f9:1a:92:
                    5e:2c:12:6f:d5:21:e6:05:4c:a0:54:c1:8a:30:84:
                    97:9f:40:a6:30:0d:59:84:be:cd:cd:97:31:41:c0:
                    63:a2:7f:b8:f5:1f:a2:fe:bf:30:42:1c:4d:39:33:
                    6f:5b:d0:9c:c6:0b:b7:33:ed:1f:0b:80:b6:d0:34:
                    23:77:43:67:e5:3b:00:07:0d:dc:3b:37:a9:9c:19:
                    27:64:07:4c:16:4f:8d:12:65:5d:ba:d1:1b:f1:e9:
                    66:ee:6a:4f:5f:88:96:2f:99:ec:13:ba:3c:18:a6:
                    cc:01:0a:fa:3f:df:a0:65:5c:93:c2:f2:b3:ef:4e:
                    d4:c4:eb:b4:c0:8f:6d:04:26:3b:8f:fa:fc:9a:6b:
                    55:2e:e2:33:75:05:a0:23:10:45:1f:ad:54:1f:e6:
                    5b:00:f5:02:d4:5a:99:ef:a0:3a:29:28:0c:ec:59:
                    9f:c7:c7:4c:c6:94:f8:d1:da:28:e9:c9:fd:8e:e2:
                    45:85:97:b0:63:7c:e0:55:1a:77:a6:c2:c2:f9:d8:
                    fc:d0:ad:36:21:50:00:31:90:9e:74:74:c9:7f:18:
                    61:97:a9:6c:0b:07:c8:1c:a6:3f:58:c0:34:8e:8c:
                    8c:09:e1:55:d6:e3:0d:9d:bd:d3:6e:63:db:9a:d0:
                    f7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:1C:D6:4A:1D:0C:7F:C9:21:77:98:68:F7:50:D5:C0:D2:A5:C6:7E
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS395878.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6287:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         30:ca:55:03:08:b2:3f:a9:f3:92:a5:31:e8:33:fb:45:80:39:
         17:57:c2:cc:b7:0a:f4:19:49:af:77:e3:a7:2e:ed:c5:d8:67:
         6b:3e:31:bf:43:cd:57:b3:8f:b5:a5:c8:3d:88:6e:6f:85:3b:
         49:3f:a8:17:b2:84:b8:89:fb:28:71:60:c7:01:39:cf:01:2e:
         30:81:90:77:e0:ac:6b:5f:34:fb:5e:00:2a:77:17:38:89:8b:
         66:4b:40:f3:6b:fb:a8:4a:63:26:e9:b4:ee:f8:7b:14:d4:0c:
         ed:ee:19:2b:8e:8a:87:b4:51:04:2b:31:be:55:36:45:e1:4f:
         05:38:63:a8:81:d7:85:1d:90:3b:64:f2:99:d7:61:80:4b:1b:
         cf:e0:38:de:10:69:db:79:c7:08:b8:1f:6f:ce:91:38:29:9d:
         93:5b:5f:db:c4:12:12:3f:c4:04:5b:f2:92:f7:7d:ed:34:37:
         3d:10:51:55:c0:e4:33:d1:33:ed:7f:c2:3b:07:62:b6:88:b8:
         9a:01:45:c1:25:f6:42:83:ab:d5:5c:1a:f5:c7:33:49:2b:8c:
         71:66:d4:8f:5f:aa:08:2f:53:e5:b5:3c:1d:85:b3:06:54:92:
         b9:b8:b9:7a:11:f8:5e:e5:2d:dc:c4:6e:0e:af:a1:b1:89:2c:
         a1:52:79:3e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUOCfBJMn0pdLheD/mWmKOaYA7OgQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTExMDMwNzU1MjNaFw0yNjExMDIwODAwMjNaMDMxMTAvBgNV
BAMTKDk5MUNENjRBMUQwQzdGQzkyMTc3OTg2OEY3NTBENUMwRDJBNUM2N0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZW+C9sMIeyW0Jafkakl4sEm/V
IeYFTKBUwYowhJefQKYwDVmEvs3NlzFBwGOif7j1H6L+vzBCHE05M29b0JzGC7cz
7R8LgLbQNCN3Q2flOwAHDdw7N6mcGSdkB0wWT40SZV260Rvx6Wbuak9fiJYvmewT
ujwYpswBCvo/36BlXJPC8rPvTtTE67TAj20EJjuP+vyaa1Uu4jN1BaAjEEUfrVQf
5lsA9QLUWpnvoDopKAzsWZ/Hx0zGlPjR2ijpyf2O4kWFl7BjfOBVGnemwsL52PzQ
rTYhUAAxkJ50dMl/GGGXqWwLB8gcpj9YwDSOjIwJ4VXW4w2dvdNuY9ua0PdnAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUmRzWSh0Mf8khd5ho91DVwNKlxn4wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMzOTU4Nzgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgYq
D2KHQDANBgkqhkiG9w0BAQsFAAOCAQEAMMpVAwiyP6nzkqUx6DP7RYA5F1fCzLcK
9BlJr3fjpy7txdhnaz4xv0PNV7OPtaXIPYhub4U7ST+oF7KEuIn7KHFgxwE5zwEu
MIGQd+Csa180+14AKncXOImLZktA82v7qEpjJum07vh7FNQM7e4ZK46Kh7RRBCsx
vlU2ReFPBThjqIHXhR2QO2TymddhgEsbz+A43hBp23nHCLgfb86ROCmdk1tf28QS
Ej/EBFvykvd97TQ3PRBRVcDkM9Ez7X/COwditoi4mgFFwSX2QoOr1Vwa9cczSSuM
cWbUj1+qCC9T5bU8HYWzBlSSubi5ehH4XuUt3MRuDq+hsYksoVJ5Pg==
-----END CERTIFICATE-----