Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          IuJ32SD6zYptW8NxUvir0/RcCMIDztmSdJstljttnec=
Subject key identifier:   FD:17:F9:9C:71:BB:21:73:C0:13:1A:84:FE:A6:54:E6:B7:19:09:90
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       55F59DF90132F7C0F85DD3B0AD5EAC4AB7F65163
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa
Signing time:             Sun 22 Feb 2026 09:44:24 +0000
ROA not before:           Sun 22 Feb 2026 09:39:24 +0000
ROA not after:            Sun 21 Feb 2027 09:44:24 +0000
asID:                     0
IP address blocks:        2a0f:6283:6000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 19:39:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:f5:9d:f9:01:32:f7:c0:f8:5d:d3:b0:ad:5e:ac:4a:b7:f6:51:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Feb 22 09:39:24 2026 GMT
            Not After : Feb 21 09:44:24 2027 GMT
        Subject: CN=FD17F99C71BB2173C0131A84FEA654E6B7190990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:03:e5:6a:e3:f0:56:9c:64:80:c0:26:85:49:
                    49:d9:35:a2:48:4c:d4:b2:da:93:ab:86:25:e7:41:
                    fc:f0:d3:66:ff:58:a7:3f:c6:df:7a:92:10:14:d5:
                    c9:1b:5c:e6:73:b4:ba:7c:84:ce:62:2b:8c:af:70:
                    a9:1b:d7:20:65:8c:c2:cd:90:e8:d9:4a:7e:ab:d5:
                    c4:f8:48:44:13:4f:ba:aa:14:61:2a:d3:0b:5b:20:
                    d7:1d:76:4a:ef:d1:00:44:dd:64:13:7d:e7:7c:7a:
                    a8:3f:20:01:64:e5:c6:dd:c9:d4:ce:b1:c2:b6:4c:
                    72:3a:51:99:9b:67:5e:0a:55:89:50:ff:6e:27:5e:
                    7c:3b:5a:1c:54:5f:65:78:86:e8:b0:8f:4d:ba:32:
                    4c:a5:3e:5e:8a:bf:23:58:25:51:82:4b:2a:ec:33:
                    76:eb:1e:72:04:3b:23:3a:44:06:ab:69:6a:64:96:
                    59:64:c5:3a:23:99:4b:2f:ca:00:d9:e2:50:a2:91:
                    3c:0e:b6:77:3f:35:e5:07:80:d7:92:c5:ab:7a:52:
                    ad:a1:66:7c:a6:46:c3:77:05:3a:fb:60:bb:f7:7d:
                    31:88:97:80:89:fd:ce:0e:6b:bc:e4:42:e6:7e:86:
                    7e:ab:46:82:ba:cf:7d:e5:4e:cb:b9:d1:bb:db:8c:
                    df:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:17:F9:9C:71:BB:21:73:C0:13:1A:84:FE:A6:54:E6:B7:19:09:90
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6283:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         44:9b:8a:18:ca:a0:21:c9:e1:3c:48:6a:e1:59:40:4b:c7:75:
         91:fe:c0:79:5c:2b:dd:ec:f9:53:61:41:49:38:13:e2:bd:1d:
         09:03:11:bb:98:09:6b:ad:0a:f9:0d:86:1e:a5:ee:25:ba:ea:
         e4:93:b5:d2:44:3c:48:c3:15:e4:a1:03:79:20:32:3a:f6:d7:
         57:8c:6a:b9:c1:22:f8:ef:b0:99:54:ec:62:77:d7:0e:76:72:
         30:19:af:33:41:9c:5c:32:ce:23:20:81:dc:2a:f4:73:a0:ce:
         df:91:af:03:58:04:0e:e3:6d:13:9c:48:c0:98:2c:23:f2:04:
         7c:b0:9a:db:1b:7e:09:82:d0:9c:e6:bc:fc:a4:a8:a4:e1:11:
         23:36:e3:02:d4:82:8a:74:5f:61:9a:1c:61:dd:05:91:3e:fa:
         c5:2c:b7:13:7d:cf:1d:99:3d:5c:fe:0e:10:b7:19:70:83:38:
         0d:19:49:07:56:7c:a8:3e:5c:4d:63:95:c7:fa:1b:0b:f1:8b:
         49:70:d3:f0:43:74:f0:b8:b8:28:6d:2c:a7:c1:3a:d0:0e:64:
         c8:96:b5:c0:17:4f:2b:1b:84:25:d6:d2:b7:32:12:52:ea:dc:
         1b:8f:63:66:77:9b:f9:b3:2a:81:c5:bc:c6:e3:c2:35:de:51:
         e5:8f:fb:54
-----BEGIN CERTIFICATE-----
MIIEzzCCA7egAwIBAgIUVfWd+QEy98D4XdOwrV6sSrf2UWMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjAyMjIwOTM5MjRaFw0yNzAyMjEwOTQ0MjRaMDMxMTAvBgNV
BAMTKEZEMTdGOTlDNzFCQjIxNzNDMDEzMUE4NEZFQTY1NEU2QjcxOTA5OTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhA+Vq4/BWnGSAwCaFSUnZNaJI
TNSy2pOrhiXnQfzw02b/WKc/xt96khAU1ckbXOZztLp8hM5iK4yvcKkb1yBljMLN
kOjZSn6r1cT4SEQTT7qqFGEq0wtbINcddkrv0QBE3WQTfed8eqg/IAFk5cbdydTO
scK2THI6UZmbZ14KVYlQ/24nXnw7WhxUX2V4huiwj026MkylPl6KvyNYJVGCSyrs
M3brHnIEOyM6RAaraWpklllkxTojmUsvygDZ4lCikTwOtnc/NeUHgNeSxat6Uq2h
ZnymRsN3BTr7YLv3fTGIl4CJ/c4Oa7zkQuZ+hn6rRoK6z33lTsu50bvbjN8VAgMB
AAGjggHZMIIB1TAdBgNVHQ4EFgQU/Rf5nHG7IXPAExqE/qZU5rcZCZAwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyMEoGCCsGAQUFBwELBD4wPDA6BggrBgEFBQcwC4YucnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg9ig2Aw
DQYJKoZIhvcNAQELBQADggEBAESbihjKoCHJ4TxIauFZQEvHdZH+wHlcK93s+VNh
QUk4E+K9HQkDEbuYCWutCvkNhh6l7iW66uSTtdJEPEjDFeShA3kgMjr211eMarnB
IvjvsJlU7GJ31w52cjAZrzNBnFwyziMggdwq9HOgzt+RrwNYBA7jbROcSMCYLCPy
BHywmtsbfgmC0JzmvPykqKThESM24wLUgop0X2GaHGHdBZE++sUstxN9zx2ZPVz+
DhC3GXCDOA0ZSQdWfKg+XE1jlcf6Gwvxi0lw0/BDdPC4uChtLKfBOtAOZMiWtcAX
TysbhCXW0rcyElLq3BuPY2Z3m/mzKoHFvMbjwjXeUeWP+1Q=
-----END CERTIFICATE-----