Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438383a3a2f34382d313238203d3e203437323732.roa
File:                     323030313a3637633a6438383a3a2f34382d313238203d3e203437323732.roa (raw, json)
Hash identifier:          +0GPXjQoS+N412w6ofV8eg2e5UX1asnUPxI6dYS84sA=
Subject key identifier:   85:49:76:DD:F7:0F:28:58:58:4F:F8:B4:58:DF:0C:8C:51:06:D9:36
Certificate issuer:       /CN=4add5466723084490ef491c619b8bc61a328a8b6
Certificate serial:       09EABFD6288B779CEB24F9987E19D73E0C3758D1
Authority key identifier: 4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438383a3a2f34382d313238203d3e203437323732.roa
Signing time:             Thu 03 Jul 2025 15:09:47 +0000
ROA not before:           Thu 03 Jul 2025 15:04:47 +0000
ROA not after:            Thu 02 Jul 2026 15:09:47 +0000
asID:                     47272
IP address blocks:        2001:67c:d88::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl
                          rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 23:14:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:ea:bf:d6:28:8b:77:9c:eb:24:f9:98:7e:19:d7:3e:0c:37:58:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4add5466723084490ef491c619b8bc61a328a8b6
        Validity
            Not Before: Jul  3 15:04:47 2025 GMT
            Not After : Jul  2 15:09:47 2026 GMT
        Subject: CN=854976DDF70F2858584FF8B458DF0C8C5106D936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:38:df:03:c6:74:7b:32:8c:6e:72:96:c6:7e:
                    bf:83:88:13:02:ae:2b:b5:76:e9:1d:72:5f:3a:d5:
                    85:c6:46:16:0b:52:ee:6d:3d:07:16:c1:be:fc:1f:
                    88:1f:d6:fb:63:3d:96:7b:28:2f:ba:fa:bf:fc:22:
                    f7:75:38:d6:ce:8d:e2:2c:87:bf:94:b7:96:6c:d8:
                    dc:40:8e:ca:40:20:72:49:3a:5e:46:ef:7d:cd:b4:
                    08:c7:05:aa:1f:be:9d:b0:d7:37:b5:5b:9d:0d:84:
                    53:13:33:08:1a:71:3f:38:63:18:2f:4b:a3:7a:e2:
                    e4:50:e6:86:97:db:24:78:6b:97:84:55:4a:ee:2f:
                    83:3c:96:72:3f:6e:c6:db:1f:4e:1e:ec:00:a1:89:
                    a5:55:f3:7f:a4:b9:7c:4d:d5:ce:dd:8b:0e:49:68:
                    54:4c:d6:20:d0:10:31:96:14:98:3f:54:95:2d:6f:
                    ab:82:0b:81:5f:30:53:01:20:47:b8:0e:dd:90:b7:
                    7d:0b:6a:0b:9e:45:a8:75:4e:e4:50:ba:7b:99:f4:
                    68:ee:be:2e:f2:16:1c:7c:43:43:b5:a8:85:6f:cc:
                    0a:33:83:dd:02:a1:04:a1:0d:5b:86:29:ad:07:fe:
                    d6:f3:b7:6d:6f:eb:e7:ab:77:75:f6:ae:c5:12:d9:
                    2b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:49:76:DD:F7:0F:28:58:58:4F:F8:B4:58:DF:0C:8C:51:06:D9:36
            X509v3 Authority Key Identifier:
                keyid:4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438383a3a2f34382d313238203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d88::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:d7:c3:7b:07:26:c3:a2:a7:01:21:ab:70:a6:33:47:62:0e:
         60:ff:15:f4:9c:d9:60:d7:e1:34:d6:2f:dc:c2:64:20:02:9b:
         e2:13:69:f2:50:8e:20:a1:de:b9:1b:45:52:ee:20:df:15:57:
         c2:01:55:24:11:0e:dc:84:a9:42:30:ce:fa:e7:39:ac:76:44:
         28:1c:1d:1a:d9:a6:71:0a:76:49:ad:67:13:d6:64:8b:fc:e9:
         96:ba:22:c4:7d:cb:90:f5:93:b4:a5:a3:fa:22:14:6d:2b:e7:
         fb:3b:d5:33:55:55:da:2c:0d:65:f2:c5:7b:38:99:dc:f8:a8:
         6c:a9:90:80:0d:8c:1f:7f:a7:f1:b4:17:77:04:54:57:9c:85:
         35:aa:ae:13:e0:f5:34:e4:9d:35:74:58:6f:37:d9:03:0a:43:
         f7:df:23:6f:12:eb:5b:2f:fa:ee:d8:3d:ae:3a:5b:c2:e3:20:
         d3:34:26:25:7d:48:7c:d4:25:63:37:81:92:02:0e:08:9c:db:
         b6:65:7b:53:7b:47:53:4d:8e:93:78:63:af:43:86:2e:a9:7e:
         5e:7c:7e:90:e6:4e:ce:6a:80:de:cd:af:1d:66:c3:0c:a1:ef:
         06:c9:5f:d4:fb:b3:21:80:ee:84:15:7a:00:01:f1:1b:2f:53:
         2b:30:72:62
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgIUCeq/1iiLd5zrJPmYfhnXPgw3WNEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGFkZDU0NjY3MjMwODQ0OTBlZjQ5MWM2MTliOGJjNjFh
MzI4YThiNjAeFw0yNTA3MDMxNTA0NDdaFw0yNjA3MDIxNTA5NDdaMDMxMTAvBgNV
BAMTKDg1NDk3NkRERjcwRjI4NTg1ODRGRjhCNDU4REYwQzhDNTEwNkQ5MzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfON8DxnR7MoxucpbGfr+DiBMC
riu1dukdcl861YXGRhYLUu5tPQcWwb78H4gf1vtjPZZ7KC+6+r/8Ivd1ONbOjeIs
h7+Ut5Zs2NxAjspAIHJJOl5G733NtAjHBaofvp2w1ze1W50NhFMTMwgacT84Yxgv
S6N64uRQ5oaX2yR4a5eEVUruL4M8lnI/bsbbH04e7AChiaVV83+kuXxN1c7diw5J
aFRM1iDQEDGWFJg/VJUtb6uCC4FfMFMBIEe4Dt2Qt30LagueRah1TuRQunuZ9Gju
vi7yFhx8Q0O1qIVvzAozg90CoQShDVuGKa0H/tbzt21v6+erd3X2rsUS2SuLAgMB
AAGjggHkMIIB4DAdBgNVHQ4EFgQUhUl23fcPKFhYT/i0WN8MjFEG2TYwHwYDVR0j
BBgwFoAUSt1UZnIwhEkO9JHGGbi8YaMoqLYwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC8wLzRBREQ1NDY2NzIzMDg0NDkwRUY0OTFDNjE5QjhCQzYxQTMyOEE4QjYuY3Js
MGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9TdDFVWm5Jd2hFa085SkhHR2JpOFlhTW9x
TFkuY2VyMIGDBggrBgEFBQcBCwR3MHUwcwYIKwYBBQUHMAuGZ3JzeW5jOi8va3Jp
bGwuNDcyNzIubmV0L3JlcG8vSFlFSE9TVC8wLzMyMzAzMDMxM2EzNjM3NjMzYTY0
MzgzODNhM2EyZjM0MzgyZDMxMzIzODIwM2QzZTIwMzQzNzMyMzczMi5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACABBnwNiDANBgkqhkiG9w0BAQsFAAOCAQEAPdfDewcmw6KnASGrcKYzR2IO
YP8V9JzZYNfhNNYv3MJkIAKb4hNp8lCOIKHeuRtFUu4g3xVXwgFVJBEO3ISpQjDO
+uc5rHZEKBwdGtmmcQp2Sa1nE9Zki/zplroixH3LkPWTtKWj+iIUbSvn+zvVM1VV
2iwNZfLFeziZ3PiobKmQgA2MH3+n8bQXdwRUV5yFNaquE+D1NOSdNXRYbzfZAwpD
998jbxLrWy/67tg9rjpbwuMg0zQmJX1IfNQlYzeBkgIOCJzbtmV7U3tHU02Ok3hj
r0OGLql+Xnx+kOZOzmqA3s2vHWbDDKHvBslf1PuzIYDuhBV6AAHxGy9TKzByYg==
-----END CERTIFICATE-----