Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438343a3a2f34382d313238203d3e203437323732.roa
File:                     323030313a3637633a6438343a3a2f34382d313238203d3e203437323732.roa (raw, json)
Hash identifier:          k1L2Of8QfV2MIN/B39N63nTwZ7dvoxi+6OPXT00R6qo=
Subject key identifier:   3B:AB:36:37:BD:BD:37:AA:90:1E:3A:37:E0:75:FA:00:0C:B2:54:6A
Certificate issuer:       /CN=4add5466723084490ef491c619b8bc61a328a8b6
Certificate serial:       36C4D64FE5B2CF4A8ACF9CD0E589800E222274AA
Authority key identifier: 4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438343a3a2f34382d313238203d3e203437323732.roa
Signing time:             Thu 03 Jul 2025 15:09:48 +0000
ROA not before:           Thu 03 Jul 2025 15:04:48 +0000
ROA not after:            Thu 02 Jul 2026 15:09:48 +0000
asID:                     47272
IP address blocks:        2001:67c:d84::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl
                          rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 23:14:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:c4:d6:4f:e5:b2:cf:4a:8a:cf:9c:d0:e5:89:80:0e:22:22:74:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4add5466723084490ef491c619b8bc61a328a8b6
        Validity
            Not Before: Jul  3 15:04:48 2025 GMT
            Not After : Jul  2 15:09:48 2026 GMT
        Subject: CN=3BAB3637BDBD37AA901E3A37E075FA000CB2546A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3f:65:32:6e:22:7b:8b:6b:08:f6:65:39:c1:
                    64:69:83:22:58:2c:32:43:58:47:dd:08:41:dd:7d:
                    88:b2:f1:24:f9:4a:65:a5:a6:c0:a9:4c:52:c0:5a:
                    cf:d4:21:8d:ef:3b:1d:0b:55:f3:1e:22:ba:4f:9c:
                    f7:19:54:fe:a1:67:ab:13:32:3a:19:57:21:3f:5f:
                    6f:22:24:90:5b:87:9f:3a:6c:a7:b2:55:a8:35:35:
                    73:63:66:a8:66:70:5b:cc:2b:90:1a:0d:4a:94:5f:
                    ad:e1:73:2e:9e:d0:41:f5:4a:93:17:f7:6f:86:06:
                    93:6e:36:9e:15:84:ca:98:7c:9e:ca:2c:af:2f:01:
                    cb:f3:f2:59:e5:5e:72:2a:b9:63:6f:34:31:01:b3:
                    0d:48:f2:af:0d:f0:30:2c:00:4f:62:fa:5c:ce:df:
                    c8:27:7c:3c:09:c6:82:d7:82:d2:f9:a8:ff:96:16:
                    4f:15:97:2d:19:40:3a:fe:6d:fd:06:60:66:71:fb:
                    78:ee:45:9c:59:ba:09:31:d6:ed:da:f8:d7:b2:52:
                    7d:1f:38:4a:8e:8a:f7:c4:32:2f:64:39:e9:0b:ac:
                    e1:c5:4f:bd:9c:aa:c0:86:8b:42:5f:84:d9:fd:43:
                    55:d8:51:18:f6:7e:88:b5:d3:46:fa:ab:d8:26:03:
                    bc:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:AB:36:37:BD:BD:37:AA:90:1E:3A:37:E0:75:FA:00:0C:B2:54:6A
            X509v3 Authority Key Identifier:
                keyid:4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438343a3a2f34382d313238203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d84::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:1d:22:85:60:41:73:72:a3:32:f2:a9:7f:f0:22:43:ef:4f:
         b5:fe:8c:f1:e1:7d:50:97:97:c2:34:71:f6:0e:4c:cf:82:24:
         a5:52:7c:3d:87:db:5d:0b:4e:ff:94:0b:b6:a2:17:28:f2:5e:
         25:e0:08:ad:83:8d:ad:6a:77:f6:3a:de:d2:7c:02:9d:c3:c1:
         07:ed:d7:48:04:c7:25:b6:a3:95:a4:72:30:df:b5:21:ef:5e:
         ec:d2:2f:e9:d5:3c:c8:77:87:74:4f:51:98:d3:5e:28:2d:00:
         96:06:7a:a9:a7:ef:35:3b:31:20:3c:8a:32:ad:a1:1e:99:0d:
         19:3f:7e:79:ad:13:16:d8:19:87:97:07:b1:c4:06:f0:5c:25:
         2b:b4:7d:f2:fa:05:ca:8a:6b:37:5a:8d:bc:2a:e5:ee:a2:67:
         5c:7b:9d:2d:ff:0e:f3:20:ea:c2:5c:3c:e1:0c:4f:5a:2f:7b:
         bb:ba:07:51:d2:da:d0:0d:b8:ec:fb:b7:cd:3c:62:19:b9:fa:
         e3:eb:69:1a:2b:bb:1c:bf:b7:31:10:67:dc:88:f3:43:01:65:
         9f:61:bc:9a:55:7c:59:1f:3c:55:aa:d7:85:d5:b6:f9:45:45:
         47:62:1f:3a:55:94:4c:0d:98:86:d3:33:c4:90:91:80:34:f9:
         55:1f:d5:a6
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgIUNsTWT+Wyz0qKz5zQ5YmADiIidKowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGFkZDU0NjY3MjMwODQ0OTBlZjQ5MWM2MTliOGJjNjFh
MzI4YThiNjAeFw0yNTA3MDMxNTA0NDhaFw0yNjA3MDIxNTA5NDhaMDMxMTAvBgNV
BAMTKDNCQUIzNjM3QkRCRDM3QUE5MDFFM0EzN0UwNzVGQTAwMENCMjU0NkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4P2UybiJ7i2sI9mU5wWRpgyJY
LDJDWEfdCEHdfYiy8ST5SmWlpsCpTFLAWs/UIY3vOx0LVfMeIrpPnPcZVP6hZ6sT
MjoZVyE/X28iJJBbh586bKeyVag1NXNjZqhmcFvMK5AaDUqUX63hcy6e0EH1SpMX
92+GBpNuNp4VhMqYfJ7KLK8vAcvz8lnlXnIquWNvNDEBsw1I8q8N8DAsAE9i+lzO
38gnfDwJxoLXgtL5qP+WFk8Vly0ZQDr+bf0GYGZx+3juRZxZugkx1u3a+NeyUn0f
OEqOivfEMi9kOekLrOHFT72cqsCGi0JfhNn9Q1XYURj2foi100b6q9gmA7wdAgMB
AAGjggHkMIIB4DAdBgNVHQ4EFgQUO6s2N729N6qQHjo34HX6AAyyVGowHwYDVR0j
BBgwFoAUSt1UZnIwhEkO9JHGGbi8YaMoqLYwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC8wLzRBREQ1NDY2NzIzMDg0NDkwRUY0OTFDNjE5QjhCQzYxQTMyOEE4QjYuY3Js
MGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9TdDFVWm5Jd2hFa085SkhHR2JpOFlhTW9x
TFkuY2VyMIGDBggrBgEFBQcBCwR3MHUwcwYIKwYBBQUHMAuGZ3JzeW5jOi8va3Jp
bGwuNDcyNzIubmV0L3JlcG8vSFlFSE9TVC8wLzMyMzAzMDMxM2EzNjM3NjMzYTY0
MzgzNDNhM2EyZjM0MzgyZDMxMzIzODIwM2QzZTIwMzQzNzMyMzczMi5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACABBnwNhDANBgkqhkiG9w0BAQsFAAOCAQEASR0ihWBBc3KjMvKpf/AiQ+9P
tf6M8eF9UJeXwjRx9g5Mz4IkpVJ8PYfbXQtO/5QLtqIXKPJeJeAIrYONrWp39jre
0nwCncPBB+3XSATHJbajlaRyMN+1Ie9e7NIv6dU8yHeHdE9RmNNeKC0AlgZ6qafv
NTsxIDyKMq2hHpkNGT9+ea0TFtgZh5cHscQG8FwlK7R98voFyoprN1qNvCrl7qJn
XHudLf8O8yDqwlw84QxPWi97u7oHUdLa0A247Pu3zTxiGbn64+tpGiu7HL+3MRBn
3IjzQwFln2G8mlV8WR88VarXhdW2+UVFR2IfOlWUTA2YhtMzxJCRgDT5VR/Vpg==
-----END CERTIFICATE-----