Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438633a3a2f34382d313238203d3e203437323732.roa
File:                     323030313a3637633a6438633a3a2f34382d313238203d3e203437323732.roa (raw, json)
Hash identifier:          5FkiKEMEsvRMc75EhhhqzQGAWBAp/vUFv5o2r+QS74o=
Subject key identifier:   A4:D1:E7:DE:C0:AA:2B:41:DC:CF:4E:FD:F9:A2:4E:B6:70:97:82:7B
Certificate issuer:       /CN=4add5466723084490ef491c619b8bc61a328a8b6
Certificate serial:       6E993C42C2D60B4F40822C06950EFB807BB70E27
Authority key identifier: 4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438633a3a2f34382d313238203d3e203437323732.roa
Signing time:             Thu 03 Jul 2025 15:09:47 +0000
ROA not before:           Thu 03 Jul 2025 15:04:47 +0000
ROA not after:            Thu 02 Jul 2026 15:09:47 +0000
asID:                     47272
IP address blocks:        2001:67c:d8c::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl
                          rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 23:14:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:99:3c:42:c2:d6:0b:4f:40:82:2c:06:95:0e:fb:80:7b:b7:0e:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4add5466723084490ef491c619b8bc61a328a8b6
        Validity
            Not Before: Jul  3 15:04:47 2025 GMT
            Not After : Jul  2 15:09:47 2026 GMT
        Subject: CN=A4D1E7DEC0AA2B41DCCF4EFDF9A24EB67097827B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e3:e5:46:68:f7:a4:7d:2e:6e:07:95:26:09:
                    3a:8b:97:0e:84:bd:bb:ea:56:0c:d3:b8:3f:85:a8:
                    56:30:9f:27:5a:27:e0:1f:e9:b7:93:67:a4:6b:99:
                    24:5b:63:17:c0:b6:16:f5:bb:7c:ac:52:e4:57:db:
                    cc:20:80:51:50:24:f2:21:ac:bc:f2:e6:d5:52:19:
                    9f:94:77:ef:a1:7a:82:74:19:cb:11:ae:e4:07:37:
                    d4:e5:3e:0b:03:bf:a5:e3:3e:77:0c:ac:88:43:b9:
                    0a:ce:b6:97:aa:9d:c5:d3:92:7e:a3:4c:9f:12:0a:
                    29:70:ab:16:aa:4f:72:28:6d:01:04:67:73:b9:14:
                    b4:c0:af:88:87:81:14:0a:4b:a1:02:b1:4d:d6:54:
                    6e:a4:11:10:3c:05:1a:e8:a1:7a:8a:f9:5e:05:fb:
                    d4:10:9f:65:91:bf:5c:21:25:ac:de:eb:83:0c:15:
                    71:9a:52:eb:ba:fb:90:1c:f6:f1:0d:34:eb:96:38:
                    66:71:0a:fd:53:eb:b7:c3:86:89:46:fc:f7:41:b3:
                    6a:18:64:2d:40:fc:5b:45:76:f9:17:ad:e4:a1:2e:
                    96:8a:25:2e:9f:a5:18:84:00:fb:5d:83:6a:40:44:
                    e4:17:d5:96:aa:b9:52:4b:dc:2f:31:f3:1c:22:34:
                    32:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:D1:E7:DE:C0:AA:2B:41:DC:CF:4E:FD:F9:A2:4E:B6:70:97:82:7B
            X509v3 Authority Key Identifier:
                keyid:4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6438633a3a2f34382d313238203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:0d:1c:25:aa:9e:05:86:1d:61:12:0d:15:c1:03:59:86:bb:
         26:72:bc:96:70:28:41:42:7d:32:c9:f6:77:5b:6c:45:72:e6:
         32:21:62:af:2b:76:ed:c3:7d:d9:84:a9:e3:7e:e9:9b:2a:7e:
         50:91:53:2a:5a:aa:63:a7:71:27:21:ee:b4:c1:c0:95:16:53:
         da:b1:04:46:2d:3a:10:07:36:b1:41:ed:1f:af:f5:41:5f:0b:
         4f:5c:f4:e9:79:2a:a1:78:ab:b3:9a:cc:9f:5c:b2:b1:05:f1:
         45:af:73:6a:e6:b8:5f:73:9b:ce:c7:df:ab:10:18:10:35:f8:
         a8:05:e5:8d:8c:1c:08:ee:7e:48:e1:e5:e2:1f:3b:ed:65:d4:
         84:df:90:70:cb:40:dc:4a:af:87:fa:03:9a:af:31:22:31:24:
         fd:b8:fd:1d:24:79:55:ab:90:f2:35:41:7c:14:fb:39:f2:d6:
         79:fe:1e:d1:99:84:63:61:b1:80:04:ee:e0:e5:cc:97:5c:36:
         03:46:7f:82:44:fb:df:5f:82:45:e9:5f:59:c5:af:ad:e4:5d:
         ff:bc:20:84:49:6f:36:7b:d9:c0:d8:d1:9e:40:cc:ef:bd:d9:
         61:96:00:a6:43:e0:53:2b:d9:ec:63:ea:3b:c8:fb:96:da:7a:
         70:44:46:77
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgIUbpk8QsLWC09AgiwGlQ77gHu3DicwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGFkZDU0NjY3MjMwODQ0OTBlZjQ5MWM2MTliOGJjNjFh
MzI4YThiNjAeFw0yNTA3MDMxNTA0NDdaFw0yNjA3MDIxNTA5NDdaMDMxMTAvBgNV
BAMTKEE0RDFFN0RFQzBBQTJCNDFEQ0NGNEVGREY5QTI0RUI2NzA5NzgyN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV4+VGaPekfS5uB5UmCTqLlw6E
vbvqVgzTuD+FqFYwnydaJ+Af6beTZ6RrmSRbYxfAthb1u3ysUuRX28wggFFQJPIh
rLzy5tVSGZ+Ud++heoJ0GcsRruQHN9TlPgsDv6XjPncMrIhDuQrOtpeqncXTkn6j
TJ8SCilwqxaqT3IobQEEZ3O5FLTAr4iHgRQKS6ECsU3WVG6kERA8BRrooXqK+V4F
+9QQn2WRv1whJaze64MMFXGaUuu6+5Ac9vENNOuWOGZxCv1T67fDholG/PdBs2oY
ZC1A/FtFdvkXreShLpaKJS6fpRiEAPtdg2pAROQX1ZaquVJL3C8x8xwiNDJfAgMB
AAGjggHkMIIB4DAdBgNVHQ4EFgQUpNHn3sCqK0Hcz079+aJOtnCXgnswHwYDVR0j
BBgwFoAUSt1UZnIwhEkO9JHGGbi8YaMoqLYwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC8wLzRBREQ1NDY2NzIzMDg0NDkwRUY0OTFDNjE5QjhCQzYxQTMyOEE4QjYuY3Js
MGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9TdDFVWm5Jd2hFa085SkhHR2JpOFlhTW9x
TFkuY2VyMIGDBggrBgEFBQcBCwR3MHUwcwYIKwYBBQUHMAuGZ3JzeW5jOi8va3Jp
bGwuNDcyNzIubmV0L3JlcG8vSFlFSE9TVC8wLzMyMzAzMDMxM2EzNjM3NjMzYTY0
Mzg2MzNhM2EyZjM0MzgyZDMxMzIzODIwM2QzZTIwMzQzNzMyMzczMi5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACABBnwNjDANBgkqhkiG9w0BAQsFAAOCAQEAGA0cJaqeBYYdYRINFcEDWYa7
JnK8lnAoQUJ9Msn2d1tsRXLmMiFiryt27cN92YSp437pmyp+UJFTKlqqY6dxJyHu
tMHAlRZT2rEERi06EAc2sUHtH6/1QV8LT1z06XkqoXirs5rMn1yysQXxRa9zaua4
X3ObzsffqxAYEDX4qAXljYwcCO5+SOHl4h877WXUhN+QcMtA3Eqvh/oDmq8xIjEk
/bj9HSR5VauQ8jVBfBT7OfLWef4e0ZmEY2GxgATu4OXMl1w2A0Z/gkT731+CRelf
WcWvreRd/7wghElvNnvZwNjRnkDM773ZYZYApkPgUyvZ7GPqO8j7ltp6cERGdw==
-----END CERTIFICATE-----