Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          dGzBSqqMFszVxW6Hh7Jwjvh0y/TgW8AYrVzf6IPm7Ao=
Subject key identifier:   2D:F8:91:05:C3:17:F7:B3:F5:6C:E4:A8:08:1D:B7:14:14:34:1B:2A
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       716105E2F5D4BC7EEA165455B106B372A705BEAF
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa
Signing time:             Thu 09 Apr 2026 08:00:22 +0000
ROA not before:           Thu 09 Apr 2026 07:55:22 +0000
ROA not after:            Thu 08 Apr 2027 08:00:22 +0000
asID:                     0
IP address blocks:        2a09:54c6::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Apr 2026 13:53:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:61:05:e2:f5:d4:bc:7e:ea:16:54:55:b1:06:b3:72:a7:05:be:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Apr  9 07:55:22 2026 GMT
            Not After : Apr  8 08:00:22 2027 GMT
        Subject: CN=2DF89105C317F7B3F56CE4A8081DB71414341B2A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:3f:bc:31:ed:10:4a:b9:55:70:60:af:bb:dd:
                    fe:40:02:0c:31:71:f7:57:5f:39:c9:e4:05:09:79:
                    e9:92:d5:4f:55:bc:8d:91:97:48:36:49:fe:50:ce:
                    1a:f0:04:53:c3:03:33:6f:f4:f1:d0:9a:0e:b7:11:
                    95:21:4b:14:3f:46:d3:d3:5e:d9:e4:01:24:5e:f0:
                    75:0c:98:2b:a6:b5:b5:bb:01:db:ea:5a:60:5d:a4:
                    dd:68:7c:f6:1f:dd:e8:a1:cf:ba:c8:23:fa:10:3f:
                    9a:2b:94:c4:45:4b:6b:32:6a:b8:85:b0:d4:b3:f1:
                    dd:99:cc:f8:a2:27:5a:d3:31:6d:0e:24:f1:aa:8e:
                    35:dd:6e:19:e2:43:36:6e:4f:cc:9e:5d:a1:d6:bc:
                    b9:b8:b9:3b:b5:7c:ed:fa:17:69:ca:4a:a7:66:c2:
                    c5:e5:2e:4a:0f:70:4f:4d:6d:b7:fe:69:c0:8a:09:
                    de:23:bc:ac:3c:2a:99:10:44:40:58:44:27:b1:cc:
                    63:6f:c0:b9:73:fe:f3:c0:71:d7:d9:b2:ea:9b:e8:
                    60:a6:2b:c8:aa:8d:3e:8d:f3:7e:0b:a1:5d:58:7b:
                    f1:93:96:1f:3c:e5:a0:cb:d5:51:ba:46:ad:7b:6c:
                    57:a1:fe:d3:c7:8d:34:49:5b:2b:54:07:ea:19:ae:
                    17:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:F8:91:05:C3:17:F7:B3:F5:6C:E4:A8:08:1D:B7:14:14:34:1B:2A
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c6::/31

    Signature Algorithm: sha256WithRSAEncryption
         86:f1:12:78:a0:2e:83:38:60:2c:ff:5c:1f:c2:95:29:a5:a7:
         c8:6b:89:54:95:be:27:02:3c:dd:ef:7a:28:8d:0a:2d:7a:38:
         52:09:8d:c8:97:5e:ee:a6:33:92:74:cc:a5:91:0d:c3:7e:16:
         08:58:97:10:ab:7e:cb:b0:6c:85:e7:54:b7:6c:52:95:d1:0c:
         09:79:98:75:0a:79:c8:a7:3f:08:69:bc:d7:80:4d:71:eb:a1:
         31:38:f5:65:51:64:e8:62:56:04:e7:da:90:a9:43:83:09:4f:
         a3:17:ab:95:c2:4b:0b:fd:59:4a:4e:3b:43:35:92:1c:36:c4:
         c8:60:0c:04:6b:9d:7c:d6:e0:91:01:10:dc:d8:70:63:ed:6f:
         24:f1:19:45:19:7f:e3:63:38:d1:db:38:af:2f:e0:54:a7:11:
         fb:16:67:26:87:95:89:1c:4a:e1:05:2f:fa:cf:f5:88:cc:ae:
         27:74:6c:d1:b1:15:43:f0:e9:22:b6:78:7c:23:23:2a:b1:8e:
         c4:8c:05:20:df:ef:e5:e9:f1:e6:db:2d:67:e9:18:de:77:30:
         51:76:d1:a8:38:77:c5:b9:35:eb:04:0a:0d:e0:ea:11:54:77:
         00:13:57:1c:f1:63:8f:95:73:ae:70:b9:3b:04:21:d4:eb:f9:
         b6:bd:36:59
-----BEGIN CERTIFICATE-----
MIIEzjCCA7agAwIBAgIUcWEF4vXUvH7qFlRVsQazcqcFvq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA0MDkwNzU1MjJaFw0yNzA0MDgwODAwMjJaMDMxMTAvBgNV
BAMTKDJERjg5MTA1QzMxN0Y3QjNGNTZDRTRBODA4MURCNzE0MTQzNDFCMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcP7wx7RBKuVVwYK+73f5AAgwx
cfdXXznJ5AUJeemS1U9VvI2Rl0g2Sf5QzhrwBFPDAzNv9PHQmg63EZUhSxQ/RtPT
XtnkASRe8HUMmCumtbW7AdvqWmBdpN1ofPYf3eihz7rII/oQP5orlMRFS2syariF
sNSz8d2ZzPiiJ1rTMW0OJPGqjjXdbhniQzZuT8yeXaHWvLm4uTu1fO36F2nKSqdm
wsXlLkoPcE9Nbbf+acCKCd4jvKw8KpkQREBYRCexzGNvwLlz/vPAcdfZsuqb6GCm
K8iqjT6N834LoV1Ye/GTlh885aDL1VG6Rq17bFeh/tPHjTRJWytUB+oZrhc9AgMB
AAGjggHYMIIB1DAdBgNVHQ4EFgQULfiRBcMX97P1bOSoCB23FBQ0GyowHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyMEoGCCsGAQUFBwELBD4wPDA6BggrBgEFBQcwC4YucnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKglUxjAN
BgkqhkiG9w0BAQsFAAOCAQEAhvESeKAugzhgLP9cH8KVKaWnyGuJVJW+JwI83e96
KI0KLXo4UgmNyJde7qYzknTMpZENw34WCFiXEKt+y7BshedUt2xSldEMCXmYdQp5
yKc/CGm814BNceuhMTj1ZVFk6GJWBOfakKlDgwlPoxerlcJLC/1ZSk47QzWSHDbE
yGAMBGudfNbgkQEQ3NhwY+1vJPEZRRl/42M40ds4ry/gVKcR+xZnJoeViRxK4QUv
+s/1iMyuJ3Rs0bEVQ/DpIrZ4fCMjKrGOxIwFIN/v5enx5tstZ+kY3ncwUXbRqDh3
xbk16wQKDeDqEVR3ABNXHPFjj5VzrnC5OwQh1Ov5tr02WQ==
-----END CERTIFICATE-----