Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          DQu4ypDsq7RP8dCRSP6JllBV02Af8aqsTq5q0ulk4CM=
Subject key identifier:   5B:49:B0:AD:62:EB:ED:F7:71:88:B6:18:F0:E5:23:5A:C8:D8:38:A7
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       107E41320C9E17A1BE70FE9E26F164C111601387
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS16509.roa
Signing time:             Sun 28 Jun 2026 06:02:20 +0000
ROA not before:           Sun 28 Jun 2026 05:57:20 +0000
ROA not after:            Sun 27 Jun 2027 06:02:20 +0000
asID:                     16509
IP address blocks:        2a05:dfc3:f740::/44 maxlen: 44
                          2a05:dfc3:f750::/44 maxlen: 48
                          2a0f:6280:1110::/48 maxlen: 48
                          2a0f:6284:4c00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:7e:41:32:0c:9e:17:a1:be:70:fe:9e:26:f1:64:c1:11:60:13:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jun 28 05:57:20 2026 GMT
            Not After : Jun 27 06:02:20 2027 GMT
        Subject: CN=5B49B0AD62EBEDF77188B618F0E5235AC8D838A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e1:ed:1a:cc:e2:cf:f5:64:3a:d3:86:9b:f7:
                    bd:33:e0:3a:77:79:9f:13:2e:43:8f:b4:b6:09:8c:
                    a2:f7:bf:45:1a:49:c8:2b:c4:db:b5:87:2c:79:2d:
                    12:cc:e9:2e:e0:47:07:03:06:e3:4a:83:10:9a:66:
                    0b:22:32:b9:d1:af:d7:22:a0:33:e6:e8:e5:19:40:
                    95:98:32:4f:40:00:4d:7e:5b:3f:a1:6f:33:4c:c2:
                    b6:f6:e0:b6:25:a4:f2:46:5c:76:fd:21:4b:bb:40:
                    9b:b2:17:e3:be:d4:f5:50:44:8f:84:2e:02:16:86:
                    8c:0e:27:52:82:e2:f5:f0:eb:52:13:ad:7a:de:d5:
                    3f:5d:d3:ce:3d:7a:79:f0:48:14:d7:b9:bd:4a:19:
                    e2:30:44:e3:c9:16:c5:30:82:31:49:62:de:55:10:
                    a2:17:8e:ac:6b:84:f7:57:c2:35:b6:0a:43:3e:22:
                    af:46:9b:c7:56:00:f4:36:79:a4:bb:34:66:9a:66:
                    6b:bb:04:56:95:62:71:b9:cc:ee:5e:c9:19:8f:b8:
                    fd:5f:6b:64:d8:46:dd:1e:b4:49:7e:e4:4d:2a:4c:
                    4f:94:6a:5a:62:97:2e:d6:4d:b0:d2:51:31:3d:40:
                    17:96:bf:59:91:28:7f:24:c7:58:cc:8e:2d:56:c3:
                    fe:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:49:B0:AD:62:EB:ED:F7:71:88:B6:18:F0:E5:23:5A:C8:D8:38:A7
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3:f740::/43
                  2a0f:6280:1110::/48
                  2a0f:6284:4c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         8d:f2:25:86:08:ea:7a:5b:24:fe:43:ae:e1:52:2a:9a:1b:3b:
         1e:4b:c9:26:56:01:6e:60:e3:0b:fe:12:1d:4f:85:2c:ce:5f:
         90:d6:c0:7e:b2:f9:29:9a:34:a7:47:ed:3a:df:6f:15:7a:46:
         b5:73:88:9b:31:82:b1:a7:34:02:80:04:17:b0:2e:78:66:d8:
         01:89:1c:74:c8:9a:9b:e2:42:53:80:3a:2f:0c:54:21:19:85:
         56:ed:60:c5:c9:b6:8c:53:10:a2:fe:11:ec:e9:ef:77:00:d0:
         27:53:1a:e2:61:a2:b6:88:8c:7f:28:2f:76:96:b8:13:c2:04:
         8e:36:4d:23:9f:5f:b5:8e:a7:d0:a0:93:cb:37:b9:0e:73:ab:
         3e:a4:4c:d4:f2:da:65:22:fa:fa:78:fc:9f:86:1c:62:c9:36:
         8e:64:fb:61:56:21:2a:5e:f1:7a:77:8e:ad:cd:49:79:26:14:
         d9:fe:3c:40:3a:59:0d:60:fe:18:ec:80:ad:e4:19:74:55:c7:
         6f:33:70:76:a3:d3:1c:b5:c1:c1:4a:8d:88:82:fd:af:f5:08:
         4c:cf:f2:3d:44:67:3e:bd:fd:7f:b6:08:82:e0:7f:68:40:01:
         8d:8b:e1:de:d6:70:86:9a:6e:7c:7b:b3:dd:71:3a:2a:c4:c0:
         4b:3e:25:c8
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUEH5BMgyeF6G+cP6eJvFkwRFgE4cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA2MjgwNTU3MjBaFw0yNzA2MjcwNjAyMjBaMDMxMTAvBgNV
BAMTKDVCNDlCMEFENjJFQkVERjc3MTg4QjYxOEYwRTUyMzVBQzhEODM4QTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr4e0azOLP9WQ604ab970z4Dp3
eZ8TLkOPtLYJjKL3v0UaScgrxNu1hyx5LRLM6S7gRwcDBuNKgxCaZgsiMrnRr9ci
oDPm6OUZQJWYMk9AAE1+Wz+hbzNMwrb24LYlpPJGXHb9IUu7QJuyF+O+1PVQRI+E
LgIWhowOJ1KC4vXw61ITrXre1T9d0849ennwSBTXub1KGeIwROPJFsUwgjFJYt5V
EKIXjqxrhPdXwjW2CkM+Iq9Gm8dWAPQ2eaS7NGaaZmu7BFaVYnG5zO5eyRmPuP1f
a2TYRt0etEl+5E0qTE+Ualpily7WTbDSUTE9QBeWv1mRKH8kx1jMji1Ww/5BAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUW0mwrWLr7fdxiLYY8OUjWsjYOKcwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMxNjUwOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAzBggrBgEFBQcBBwEB/wQkMCIwIAQCAAIwGgMHBSoF
38P3QAMHACoPYoAREAMGACoPYoRMMA0GCSqGSIb3DQEBCwUAA4IBAQCN8iWGCOp6
WyT+Q67hUiqaGzseS8kmVgFuYOML/hIdT4Uszl+Q1sB+svkpmjSnR+06328Veka1
c4ibMYKxpzQCgAQXsC54ZtgBiRx0yJqb4kJTgDovDFQhGYVW7WDFybaMUxCi/hHs
6e93ANAnUxriYaK2iIx/KC92lrgTwgSONk0jn1+1jqfQoJPLN7kOc6s+pEzU8tpl
Ivr6ePyfhhxiyTaOZPthViEqXvF6d46tzUl5JhTZ/jxAOlkNYP4Y7ICt5Bl0Vcdv
M3B2o9MctcHBSo2Igv2v9QhMz/I9RGc+vf1/tgiC4H9oQAGNi+He1nCGmm58e7Pd
cToqxMBLPiXI
-----END CERTIFICATE-----
Generated at Wed Jul 1 06:20:17 2026 by rpki-client