Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS206987.roa
File:                     AS206987.roa (raw, json)
Hash identifier:          xwg5D5hys6vePC9sqDYrqw9YBCCcx/6Y//iHH70t6/Q=
Subject key identifier:   DA:8A:F0:51:15:F7:19:E5:7E:39:B9:CC:1A:B9:BB:A7:BC:38:4B:E0
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       45737CC9C8AF99356FB53585BFE43F2609F9F3C7
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS206987.roa
Signing time:             Fri 11 Jul 2025 11:02:01 +0000
ROA not before:           Fri 11 Jul 2025 10:57:01 +0000
ROA not after:            Fri 10 Jul 2026 11:02:01 +0000
asID:                     206987
IP address blocks:        2a0f:6283:1100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 21:26:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:73:7c:c9:c8:af:99:35:6f:b5:35:85:bf:e4:3f:26:09:f9:f3:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul 11 10:57:01 2025 GMT
            Not After : Jul 10 11:02:01 2026 GMT
        Subject: CN=DA8AF05115F719E57E39B9CC1AB9BBA7BC384BE0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:21:8e:3c:7c:24:b8:b1:35:31:99:f2:aa:03:
                    9d:c0:5d:dd:a9:4e:75:0a:ff:fe:ee:1e:fd:6d:2b:
                    f3:04:2a:de:76:b4:fe:ad:04:2a:38:53:d4:8b:94:
                    f7:df:6b:04:0f:e4:81:54:ed:f1:61:63:e2:fb:f2:
                    e9:89:aa:76:60:76:ad:d0:1b:9d:20:be:2e:f6:79:
                    e9:29:74:47:e5:98:c3:4a:a9:cd:e1:33:53:0c:78:
                    4f:5c:d4:ea:9f:23:60:ea:7a:45:42:26:8f:f2:de:
                    9e:b6:4f:25:54:ed:5f:f6:ad:22:ba:3b:9d:ae:24:
                    43:39:6a:ee:cc:4a:ff:c7:41:26:e0:92:e8:b1:8b:
                    75:df:68:b2:fd:2c:c8:60:48:cd:ab:a4:3e:e1:e0:
                    f0:95:0e:12:d4:15:02:31:ce:2c:ca:36:90:5a:f5:
                    3c:a8:bc:d2:b5:8c:ed:68:d5:39:1d:6c:31:55:6a:
                    9f:65:5f:fe:6c:f9:21:9e:0f:dc:18:ab:07:af:27:
                    fd:d2:bd:28:77:7f:06:1a:cd:35:59:ab:67:62:1e:
                    17:90:1a:e5:de:4c:bd:32:9b:ba:fe:ae:36:81:36:
                    74:a5:91:52:45:9b:f3:cc:4e:9a:6c:7d:ff:0a:8b:
                    75:6c:85:82:43:b0:ca:52:f3:3e:bc:25:0a:08:d4:
                    c6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:8A:F0:51:15:F7:19:E5:7E:39:B9:CC:1A:B9:BB:A7:BC:38:4B:E0
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS206987.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6283:1100::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:79:92:c1:99:c3:5b:7a:93:77:10:8c:f7:49:c0:37:34:04:
         28:ba:5b:37:ad:4b:b5:11:d4:20:28:ff:83:10:aa:be:8b:ef:
         aa:17:26:27:cc:4f:cd:9f:bf:5e:ca:56:59:e6:19:4e:ab:3f:
         cf:17:0f:63:8d:ab:c5:6c:3b:04:c1:92:6c:8b:25:4f:46:52:
         d2:7c:2f:03:90:3e:76:48:6b:68:88:2f:53:b5:60:a0:f8:ce:
         22:38:04:37:c5:03:1e:0f:1c:5e:60:e0:66:78:29:16:21:56:
         27:e1:d1:9a:7a:61:2d:06:1d:9b:34:e5:77:c6:a4:39:d7:ba:
         ed:83:fe:cf:f4:a4:77:e2:01:b2:61:7b:07:08:9e:fc:92:9f:
         89:30:94:40:83:45:95:49:87:89:d9:ca:a7:90:e1:3a:b1:ac:
         37:a1:0e:0f:f6:30:e9:5e:cc:3e:3f:0a:e3:a3:4e:6b:63:80:
         6d:d2:a9:9e:7b:fd:80:31:46:e3:18:59:3a:74:0e:11:2d:6d:
         fd:c8:b0:74:30:a2:90:0a:d9:1d:fb:4e:b5:f0:e6:52:67:8a:
         a8:22:4f:be:a2:c9:4d:c2:32:c9:dc:c7:93:3a:72:01:26:61:
         16:64:ca:8a:61:be:2f:74:a6:43:11:6f:f9:e4:e6:44:4b:e8:
         09:88:90:2e
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIURXN8ycivmTVvtTWFv+Q/Jgn588cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MTExMDU3MDFaFw0yNjA3MTAxMTAyMDFaMDMxMTAvBgNV
BAMTKERBOEFGMDUxMTVGNzE5RTU3RTM5QjlDQzFBQjlCQkE3QkMzODRCRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWIY48fCS4sTUxmfKqA53AXd2p
TnUK//7uHv1tK/MEKt52tP6tBCo4U9SLlPffawQP5IFU7fFhY+L78umJqnZgdq3Q
G50gvi72eekpdEflmMNKqc3hM1MMeE9c1OqfI2DqekVCJo/y3p62TyVU7V/2rSK6
O52uJEM5au7MSv/HQSbgkuixi3XfaLL9LMhgSM2rpD7h4PCVDhLUFQIxzizKNpBa
9TyovNK1jO1o1TkdbDFVap9lX/5s+SGeD9wYqwevJ/3SvSh3fwYazTVZq2diHheQ
GuXeTL0ym7r+rjaBNnSlkVJFm/PMTppsff8Ki3VshYJDsMpS8z68JQoI1MZ7AgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQU2orwURX3GeV+ObnMGrm7p7w4S+AwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDY5ODcucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
D2KDEQAwDQYJKoZIhvcNAQELBQADggEBAD15ksGZw1t6k3cQjPdJwDc0BCi6Wzet
S7UR1CAo/4MQqr6L76oXJifMT82fv17KVlnmGU6rP88XD2ONq8VsOwTBkmyLJU9G
UtJ8LwOQPnZIa2iIL1O1YKD4ziI4BDfFAx4PHF5g4GZ4KRYhVifh0Zp6YS0GHZs0
5XfGpDnXuu2D/s/0pHfiAbJhewcInvySn4kwlECDRZVJh4nZyqeQ4TqxrDehDg/2
MOlezD4/CuOjTmtjgG3SqZ57/YAxRuMYWTp0DhEtbf3IsHQwopAK2R37TrXw5lJn
iqgiT76iyU3CMsncx5M6cgEmYRZkyophvi90pkMRb/nk5kRL6AmIkC4=
-----END CERTIFICATE-----