Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS47509.roa
File:                     AS47509.roa (raw, json)
Hash identifier:          xwqW4B/M655jsyKteDse0mylczKBov1jB2FxvksZ4Ck=
Subject key identifier:   1E:4E:D1:08:38:52:1E:76:61:77:FA:9E:CD:32:98:FE:78:87:82:61
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       68D5F44D5F1C0CD0F80035267AF75A1726DFE44C
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS47509.roa
Signing time:             Fri 18 Jul 2025 08:19:59 +0000
ROA not before:           Fri 18 Jul 2025 08:14:59 +0000
ROA not after:            Fri 17 Jul 2026 08:19:59 +0000
asID:                     47509
IP address blocks:        2a0a:6044:b100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 21:49:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:d5:f4:4d:5f:1c:0c:d0:f8:00:35:26:7a:f7:5a:17:26:df:e4:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul 18 08:14:59 2025 GMT
            Not After : Jul 17 08:19:59 2026 GMT
        Subject: CN=1E4ED10838521E766177FA9ECD3298FE78878261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ac:58:38:c9:40:45:3a:6e:f8:c7:1b:c3:98:
                    96:83:03:85:95:97:6a:ce:f3:55:07:5e:81:63:0e:
                    c6:2b:a6:d8:66:36:23:56:10:11:cc:86:77:a4:ad:
                    b5:d7:6d:3a:bc:70:23:eb:26:59:5b:2a:e7:88:fc:
                    98:35:20:55:29:8c:dd:37:c1:d3:c0:91:05:8e:50:
                    c4:36:94:65:d1:5b:ee:f7:b4:95:07:43:40:4f:5e:
                    ad:2f:31:a8:f7:ce:f9:61:5b:65:46:19:81:8d:e6:
                    41:be:77:1e:78:cf:a9:94:15:6b:7a:85:01:63:44:
                    12:33:91:3e:bd:ec:ce:1f:a0:ca:82:96:62:61:66:
                    54:c2:14:2f:c2:70:81:7f:0f:ee:33:a4:a5:50:7a:
                    ff:e7:cb:6d:37:99:ce:39:0f:bc:07:4e:91:2f:a6:
                    5b:ff:a3:89:82:9f:4a:fa:50:1f:9a:f3:3c:3d:d4:
                    3d:13:7d:4b:98:01:ba:53:bc:02:b2:85:1b:64:87:
                    2c:4c:c9:6d:0a:4e:8f:97:89:36:6f:a3:04:d6:83:
                    d9:18:c6:22:c2:d5:23:ba:4b:46:db:40:1a:42:b6:
                    0a:ef:bb:6f:32:3b:67:ac:22:9f:38:4e:59:77:71:
                    14:54:ca:d4:f5:a3:a5:f8:4f:68:9c:db:db:65:6c:
                    42:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:4E:D1:08:38:52:1E:76:61:77:FA:9E:CD:32:98:FE:78:87:82:61
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS47509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:b100::/40

    Signature Algorithm: sha256WithRSAEncryption
         5d:4a:37:09:cb:0e:ef:6e:c2:56:4b:f5:cd:09:63:c6:73:b5:
         54:4e:5f:05:31:67:b0:9a:e7:66:00:75:de:55:65:d1:28:bd:
         68:f8:80:ef:07:f6:fb:f9:6e:9c:8f:66:0a:23:4c:a8:68:76:
         56:86:95:d0:b6:f3:bf:a7:5c:3a:dd:a6:d6:a2:d9:d9:3a:2b:
         34:7f:1f:1e:18:c1:c3:cc:85:3d:1e:c2:23:85:39:34:5f:ed:
         c0:14:b1:38:96:fd:5f:c0:7a:dd:37:59:78:bd:61:5f:4c:a5:
         51:e2:e0:76:f4:50:89:d7:ae:53:6f:84:aa:59:03:3a:a4:ce:
         cd:51:5e:95:59:3e:e9:7e:74:47:2f:40:ca:6e:47:76:74:89:
         21:21:c2:97:4c:5e:00:b2:28:41:8c:81:45:dc:9d:50:b5:45:
         4b:97:69:79:59:a1:6d:d6:87:8d:49:2b:ca:f8:08:34:66:75:
         28:96:79:78:ab:fb:e2:be:ef:25:91:f4:0e:29:4f:ef:90:00:
         ca:14:95:ae:f0:1a:a1:fc:ec:2e:62:4e:3d:8d:92:76:ac:41:
         02:48:e8:70:8d:25:1c:1f:1c:79:3c:bc:51:f9:77:b1:7d:31:
         19:16:b8:c0:2b:a5:71:bf:fd:fe:0b:54:09:aa:45:ab:fc:b0:
         ee:fd:3b:8b
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIUaNX0TV8cDND4ADUmevdaFybf5EwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MTgwODE0NTlaFw0yNjA3MTcwODE5NTlaMDMxMTAvBgNV
BAMTKDFFNEVEMTA4Mzg1MjFFNzY2MTc3RkE5RUNEMzI5OEZFNzg4NzgyNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCprFg4yUBFOm74xxvDmJaDA4WV
l2rO81UHXoFjDsYrpthmNiNWEBHMhnekrbXXbTq8cCPrJllbKueI/Jg1IFUpjN03
wdPAkQWOUMQ2lGXRW+73tJUHQ0BPXq0vMaj3zvlhW2VGGYGN5kG+dx54z6mUFWt6
hQFjRBIzkT697M4foMqClmJhZlTCFC/CcIF/D+4zpKVQev/ny203mc45D7wHTpEv
plv/o4mCn0r6UB+a8zw91D0TfUuYAbpTvAKyhRtkhyxMyW0KTo+XiTZvowTWg9kY
xiLC1SO6S0bbQBpCtgrvu28yO2esIp84Tll3cRRUytT1o6X4T2ic29tlbEIxAgMB
AAGjggHdMIIB2TAdBgNVHQ4EFgQUHk7RCDhSHnZhd/qezTKY/niHgmEwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVM0NzUwOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoK
YESxMA0GCSqGSIb3DQEBCwUAA4IBAQBdSjcJyw7vbsJWS/XNCWPGc7VUTl8FMWew
mudmAHXeVWXRKL1o+IDvB/b7+W6cj2YKI0yoaHZWhpXQtvO/p1w63abWotnZOis0
fx8eGMHDzIU9HsIjhTk0X+3AFLE4lv1fwHrdN1l4vWFfTKVR4uB29FCJ165Tb4Sq
WQM6pM7NUV6VWT7pfnRHL0DKbkd2dIkhIcKXTF4AsihBjIFF3J1QtUVLl2l5WaFt
1oeNSSvK+Ag0ZnUolnl4q/vivu8lkfQOKU/vkADKFJWu8Bqh/OwuYk49jZJ2rEEC
SOhwjSUcHxx5PLxR+XexfTEZFrjAK6Vxv/3+C1QJqkWr/LDu/TuL
-----END CERTIFICATE-----