Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/0/323030313a3637633a6439303a3a2f34382d313238203d3e203437323732.roa
File:                     323030313a3637633a6439303a3a2f34382d313238203d3e203437323732.roa (raw, json)
Hash identifier:          WqnPhejGIpkZ0xjXVvvod9Bjx2w1OURfMjc0Q0hE0uQ=
Subject key identifier:   C4:61:A4:A6:45:C3:07:42:03:90:62:D5:2D:7E:B0:5D:9A:F0:E0:F8
Certificate issuer:       /CN=4add5466723084490ef491c619b8bc61a328a8b6
Certificate serial:       5644203A39461DA5CC4B9CD0F87E1A36A06E43F9
Authority key identifier: 4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6439303a3a2f34382d313238203d3e203437323732.roa
Signing time:             Thu 03 Jul 2025 15:09:47 +0000
ROA not before:           Thu 03 Jul 2025 15:04:47 +0000
ROA not after:            Thu 02 Jul 2026 15:09:47 +0000
asID:                     47272
IP address blocks:        2001:67c:d90::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl
                          rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 23:14:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:44:20:3a:39:46:1d:a5:cc:4b:9c:d0:f8:7e:1a:36:a0:6e:43:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4add5466723084490ef491c619b8bc61a328a8b6
        Validity
            Not Before: Jul  3 15:04:47 2025 GMT
            Not After : Jul  2 15:09:47 2026 GMT
        Subject: CN=C461A4A645C30742039062D52D7EB05D9AF0E0F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:73:11:bf:b2:15:6e:48:63:8d:c5:02:8a:23:
                    e0:b2:a8:ec:af:e9:7b:b6:f7:fd:4a:61:d8:d5:a7:
                    3b:5e:1c:ce:71:e2:13:82:7d:e0:98:19:3e:5d:9b:
                    14:9e:30:ea:73:b2:dc:16:df:48:2e:5c:a0:7b:87:
                    63:51:aa:3e:c1:e4:e0:d7:ba:1e:b1:53:b9:0d:1e:
                    42:b6:22:3d:37:01:4f:19:c3:a3:34:3e:1b:e6:0a:
                    b4:0f:b5:60:5e:86:15:8c:fd:09:5c:40:7d:81:2a:
                    c6:c0:cc:4f:cc:3a:49:af:53:fa:fe:a1:35:b2:04:
                    b7:8f:c6:75:e3:87:4e:19:74:bc:75:28:8b:af:08:
                    3a:f4:88:9d:fe:a8:eb:1b:7a:da:69:f0:3c:19:38:
                    f6:87:5f:7c:23:1e:27:a8:85:6c:26:bd:d5:de:2e:
                    de:e4:9b:de:2d:de:36:77:81:3f:6e:21:75:ad:2d:
                    9c:11:24:51:11:fd:49:c5:f6:ee:37:35:ac:ef:f6:
                    c6:21:78:b0:5a:86:dd:b3:34:6d:ca:9c:31:e5:55:
                    20:02:5e:4a:05:93:2e:70:27:cf:b6:0a:46:f7:fc:
                    51:7c:88:74:ce:46:5e:97:af:00:8a:c7:42:af:1f:
                    da:d6:c3:77:ac:f9:bc:1d:49:70:06:c5:ff:b8:c4:
                    59:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:61:A4:A6:45:C3:07:42:03:90:62:D5:2D:7E:B0:5D:9A:F0:E0:F8
            X509v3 Authority Key Identifier:
                keyid:4A:DD:54:66:72:30:84:49:0E:F4:91:C6:19:B8:BC:61:A3:28:A8:B6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/0/4ADD5466723084490EF491C619B8BC61A328A8B6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/St1UZnIwhEkO9JHGGbi8YaMoqLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/0/323030313a3637633a6439303a3a2f34382d313238203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d90::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:06:d0:fe:fb:ab:47:91:9d:d2:c9:be:f9:ad:40:74:f9:7b:
         84:24:c9:4e:ed:ec:7d:da:77:ff:62:06:1d:5b:21:75:1d:5d:
         cf:32:82:cf:50:e6:85:b2:75:4f:5c:01:ec:d2:74:69:69:7b:
         13:c5:af:d9:ca:e8:c2:6f:a3:19:43:89:a0:a3:a2:df:ef:fa:
         fa:ad:7c:a6:25:40:17:15:96:4d:10:15:92:18:17:b6:1a:5e:
         8f:76:ef:40:89:4c:a6:b2:fd:70:89:ff:8b:26:a4:27:77:b9:
         3b:df:38:ce:8c:72:8d:15:28:39:65:90:25:68:d5:fe:61:d7:
         8b:83:52:28:16:bd:92:28:1f:ce:a3:6e:84:8a:75:3e:c1:b4:
         14:a3:f1:9a:fb:df:6f:ed:2d:93:88:86:f0:4a:31:b9:33:2a:
         de:db:5a:87:a8:1a:84:b3:1c:28:e0:54:ba:87:3f:52:67:45:
         53:1f:94:1d:a6:9b:a9:6e:c6:24:4c:69:cb:d8:22:4e:e7:04:
         1c:38:5d:57:5a:b5:2d:2c:74:80:42:0c:e4:2f:fc:0b:50:ac:
         65:c6:fc:01:11:5c:a5:d4:21:fc:27:24:3b:2f:b1:8d:a5:c2:
         98:91:46:b2:e4:7e:b3:79:fc:d9:a5:a1:3f:d7:9c:2f:03:95:
         7d:60:81:3d
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgIUVkQgOjlGHaXMS5zQ+H4aNqBuQ/kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGFkZDU0NjY3MjMwODQ0OTBlZjQ5MWM2MTliOGJjNjFh
MzI4YThiNjAeFw0yNTA3MDMxNTA0NDdaFw0yNjA3MDIxNTA5NDdaMDMxMTAvBgNV
BAMTKEM0NjFBNEE2NDVDMzA3NDIwMzkwNjJENTJEN0VCMDVEOUFGMEUwRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZcxG/shVuSGONxQKKI+CyqOyv
6Xu29/1KYdjVpzteHM5x4hOCfeCYGT5dmxSeMOpzstwW30guXKB7h2NRqj7B5ODX
uh6xU7kNHkK2Ij03AU8Zw6M0PhvmCrQPtWBehhWM/QlcQH2BKsbAzE/MOkmvU/r+
oTWyBLePxnXjh04ZdLx1KIuvCDr0iJ3+qOsbetpp8DwZOPaHX3wjHieohWwmvdXe
Lt7km94t3jZ3gT9uIXWtLZwRJFER/UnF9u43Nazv9sYheLBaht2zNG3KnDHlVSAC
XkoFky5wJ8+2Ckb3/FF8iHTORl6XrwCKx0KvH9rWw3es+bwdSXAGxf+4xFnXAgMB
AAGjggHkMIIB4DAdBgNVHQ4EFgQUxGGkpkXDB0IDkGLVLX6wXZrw4PgwHwYDVR0j
BBgwFoAUSt1UZnIwhEkO9JHGGbi8YaMoqLYwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC8wLzRBREQ1NDY2NzIzMDg0NDkwRUY0OTFDNjE5QjhCQzYxQTMyOEE4QjYuY3Js
MGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9TdDFVWm5Jd2hFa085SkhHR2JpOFlhTW9x
TFkuY2VyMIGDBggrBgEFBQcBCwR3MHUwcwYIKwYBBQUHMAuGZ3JzeW5jOi8va3Jp
bGwuNDcyNzIubmV0L3JlcG8vSFlFSE9TVC8wLzMyMzAzMDMxM2EzNjM3NjMzYTY0
MzkzMDNhM2EyZjM0MzgyZDMxMzIzODIwM2QzZTIwMzQzNzMyMzczMi5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACABBnwNkDANBgkqhkiG9w0BAQsFAAOCAQEAQgbQ/vurR5Gd0sm++a1AdPl7
hCTJTu3sfdp3/2IGHVshdR1dzzKCz1DmhbJ1T1wB7NJ0aWl7E8Wv2crowm+jGUOJ
oKOi3+/6+q18piVAFxWWTRAVkhgXthpej3bvQIlMprL9cIn/iyakJ3e5O984zoxy
jRUoOWWQJWjV/mHXi4NSKBa9kigfzqNuhIp1PsG0FKPxmvvfb+0tk4iG8EoxuTMq
3ttah6gahLMcKOBUuoc/UmdFUx+UHaabqW7GJExpy9giTucEHDhdV1q1LSx0gEIM
5C/8C1CsZcb8ARFcpdQh/CckOy+xjaXCmJFGsuR+s3n82aWhP9ecLwOVfWCBPQ==
-----END CERTIFICATE-----