Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          7e2ehfi9+qJsKx085b9PCAOYpE65T3z7Sg1EMs3II/Q=
Subject key identifier:   CC:40:0B:86:3A:41:0D:DD:D9:30:69:9F:20:B7:03:09:61:80:4E:14
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       2477ED1BD72D5C0490BA83F8C93E25CF46140320
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa
Signing time:             Fri 10 Jul 2026 06:00:03 +0000
ROA not before:           Fri 10 Jul 2026 05:55:03 +0000
ROA not after:            Fri 09 Jul 2027 06:00:03 +0000
asID:                     0
IP address blocks:        2a0f:6280:1000::/40 maxlen: 48
                          2a0f:6283:1000::/40 maxlen: 48
                          2a0f:6283:1110::/48 maxlen: 48
                          2a0f:6283:1200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Jul 2026 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:77:ed:1b:d7:2d:5c:04:90:ba:83:f8:c9:3e:25:cf:46:14:03:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul 10 05:55:03 2026 GMT
            Not After : Jul  9 06:00:03 2027 GMT
        Subject: CN=CC400B863A410DDDD930699F20B7030961804E14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ad:ee:a7:3b:61:01:92:52:0d:44:de:20:fe:
                    83:03:60:d3:bf:04:84:24:6a:37:86:ea:25:0b:c7:
                    36:4f:4c:39:2c:5d:ff:ca:86:11:ea:08:83:5b:fc:
                    c4:32:f5:b6:00:46:e8:7b:e7:92:ea:3d:e7:6d:9c:
                    9f:e4:11:c0:5e:9e:7a:58:cb:b6:da:98:2a:45:3a:
                    76:b9:04:14:b1:f2:3e:e0:03:79:ee:2a:98:48:2d:
                    f1:1a:1d:c9:4d:49:c3:aa:b1:88:0b:41:26:67:7b:
                    6d:23:40:44:2e:ea:0d:e0:67:a4:f6:b3:c2:f7:52:
                    29:aa:9a:de:04:a5:1f:e9:ac:2b:69:f4:cf:1d:8e:
                    36:9d:66:1b:0d:93:c7:80:cc:91:f1:b8:69:66:e4:
                    0b:d9:5d:c5:f2:99:73:eb:04:be:be:dc:e8:62:7b:
                    9e:2f:65:de:23:f0:73:a2:e9:d7:fd:01:18:32:1c:
                    9d:7f:4b:b9:5c:ac:fd:2f:79:17:74:3a:61:fa:ef:
                    13:c7:40:73:39:73:f5:d6:43:a6:35:f1:6d:53:d6:
                    c2:5e:6f:04:68:23:77:dc:2a:51:86:e2:e8:58:ff:
                    84:4c:ad:ee:77:46:3a:bb:6f:ea:70:98:b3:3d:51:
                    5c:86:4a:f3:5c:f6:3c:96:b8:93:f7:66:3a:f7:c0:
                    d7:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:40:0B:86:3A:41:0D:DD:D9:30:69:9F:20:B7:03:09:61:80:4E:14
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6280:1000::/40
                  2a0f:6283:1000::/40
                  2a0f:6283:1110::/48
                  2a0f:6283:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         32:ea:27:da:bc:52:1a:39:bb:cd:dc:5f:0b:25:32:2b:8a:55:
         05:a6:5e:35:26:a1:d1:a8:01:3d:da:25:2a:1d:fc:09:c9:0f:
         2c:bb:85:12:9b:59:b9:08:18:8b:a1:7e:8b:09:f6:95:6a:99:
         fd:a1:31:30:d4:e0:8a:e9:aa:10:ce:08:20:07:2a:9a:09:2e:
         5d:9e:df:5e:cc:14:4b:7f:67:62:c1:a2:fb:5b:e2:d5:7b:ca:
         69:9f:ab:9c:2f:69:da:4d:1c:7b:13:19:e5:0f:39:16:94:a4:
         e5:27:cb:b0:73:2a:a1:e1:17:da:83:ab:f5:87:64:b0:1b:bc:
         c2:81:21:9d:51:24:8e:3a:99:e6:cc:63:76:22:42:de:05:12:
         6e:ec:d1:a9:79:a8:b8:d2:01:b2:e7:c4:01:6b:2b:dd:60:04:
         49:4b:03:5b:00:ad:26:22:22:7b:b4:47:9b:ed:17:56:21:37:
         87:2b:0c:8d:9f:d9:ed:8d:b6:3a:98:35:47:61:4d:78:f1:ad:
         3c:4e:f6:fb:04:a9:50:38:7d:0b:8b:9a:dd:ad:a8:42:c5:0f:
         71:28:5f:9b:ea:d9:b5:c5:eb:02:d8:4a:8f:22:21:c4:c2:0b:
         34:31:63:65:b6:01:69:ec:b1:84:51:ed:bb:04:28:c3:98:22:
         c3:cd:09:c0
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUJHftG9ctXASQuoP4yT4lz0YUAyAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA3MTAwNTU1MDNaFw0yNzA3MDkwNjAwMDNaMDMxMTAvBgNV
BAMTKENDNDAwQjg2M0E0MTBEREREOTMwNjk5RjIwQjcwMzA5NjE4MDRFMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAre6nO2EBklINRN4g/oMDYNO/
BIQkajeG6iULxzZPTDksXf/KhhHqCINb/MQy9bYARuh755LqPedtnJ/kEcBennpY
y7bamCpFOna5BBSx8j7gA3nuKphILfEaHclNScOqsYgLQSZne20jQEQu6g3gZ6T2
s8L3Uimqmt4EpR/prCtp9M8djjadZhsNk8eAzJHxuGlm5AvZXcXymXPrBL6+3Ohi
e54vZd4j8HOi6df9ARgyHJ1/S7lcrP0veRd0OmH67xPHQHM5c/XWQ6Y18W1T1sJe
bwRoI3fcKlGG4uhY/4RMre53Rjq7b+pwmLM9UVyGSvNc9jyWuJP3Zjr3wNenAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUzEALhjpBDd3ZMGmfILcDCWGAThQwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyMEoGCCsGAQUFBwELBD4wPDA6BggrBgEFBQcwC4YucnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAnBAIAAjAhAwYAKg9igBAD
BgAqD2KDEAMHACoPYoMREAMGACoPYoMSMA0GCSqGSIb3DQEBCwUAA4IBAQAy6ifa
vFIaObvN3F8LJTIrilUFpl41JqHRqAE92iUqHfwJyQ8su4USm1m5CBiLoX6LCfaV
apn9oTEw1OCK6aoQzgggByqaCS5dnt9ezBRLf2diwaL7W+LVe8ppn6ucL2naTRx7
ExnlDzkWlKTlJ8uwcyqh4Rfag6v1h2SwG7zCgSGdUSSOOpnmzGN2IkLeBRJu7NGp
eai40gGy58QBayvdYARJSwNbAK0mIiJ7tEeb7RdWITeHKwyNn9ntjbY6mDVHYU14
8a08Tvb7BKlQOH0Li5rdrahCxQ9xKF+b6tm1xesC2EqPIiHEwgs0MWNltgFp7LGE
Ue27BCjDmCLDzQnA
-----END CERTIFICATE-----
Generated at Fri Jul 10 16:10:34 2026 by rpki-client