Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS197963.roa
File:                     AS197963.roa (raw, json)
Hash identifier:          S4OivIVnWpJNXfL643JzH5A4OCpwpcHK98AaZETjSqg=
Subject key identifier:   D7:1C:5D:35:48:75:B8:DD:E1:2C:B4:BD:D7:C2:A8:4F:79:40:45:77
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       571DE9072C2193B4FA13249FF7534962AA56B47F
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS197963.roa
Signing time:             Tue 09 Sep 2025 11:03:35 +0000
ROA not before:           Tue 09 Sep 2025 10:58:35 +0000
ROA not after:            Tue 08 Sep 2026 11:03:35 +0000
asID:                     197963
IP address blocks:        2a0f:6284:4215::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 03:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:1d:e9:07:2c:21:93:b4:fa:13:24:9f:f7:53:49:62:aa:56:b4:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Sep  9 10:58:35 2025 GMT
            Not After : Sep  8 11:03:35 2026 GMT
        Subject: CN=D71C5D354875B8DDE12CB4BDD7C2A84F79404577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:37:8d:68:3d:84:a6:8e:99:93:60:9f:dc:f4:
                    cf:80:c1:fa:3f:7c:50:55:c7:ad:b5:bc:55:3f:61:
                    9f:4c:dc:c4:3d:39:b0:85:78:8a:19:ac:df:30:58:
                    be:05:05:72:42:78:6e:13:e5:c5:90:60:09:09:3e:
                    e4:b0:f2:7f:0b:52:ec:02:97:d5:e5:2b:91:ac:ae:
                    e2:bf:3f:5c:8e:71:3a:17:a8:5a:eb:08:dd:5c:88:
                    f0:2c:7b:02:27:46:28:8f:bc:5b:ba:70:a9:2d:60:
                    26:d7:a9:72:d2:d8:2a:14:7f:e9:39:a2:80:3b:28:
                    10:6e:39:5e:d8:e8:ab:81:02:72:ac:48:a7:1d:f7:
                    d8:07:02:08:0f:3d:0f:f4:5a:e6:9a:14:34:aa:61:
                    7e:6e:5b:d6:33:ec:8e:4a:e7:3c:48:cd:52:03:9f:
                    8b:5b:82:77:09:7b:0b:85:65:bf:e9:20:ae:06:84:
                    38:a4:c4:a8:f8:3d:fd:ad:93:20:9c:03:36:7d:18:
                    5d:60:de:da:a7:9a:7c:2b:e2:4a:23:b0:39:5a:51:
                    50:13:82:c3:b1:22:f9:fb:01:ea:88:ce:9b:31:9f:
                    2f:a5:74:5d:bd:69:0c:b8:7b:f2:c2:09:f2:06:59:
                    b9:9b:c3:13:87:c4:72:f4:95:ce:53:74:ea:da:90:
                    e1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:1C:5D:35:48:75:B8:DD:E1:2C:B4:BD:D7:C2:A8:4F:79:40:45:77
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS197963.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:4215::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:86:b3:e8:e8:89:15:4e:86:85:d6:18:27:d8:b5:e9:33:1e:
         45:e6:c0:68:53:41:ee:a5:18:59:81:a5:ab:3c:4d:d6:f2:7c:
         67:9d:5f:d0:42:de:d8:32:25:0a:15:d3:2f:0c:41:83:f5:64:
         86:46:3f:d2:04:b4:2d:ee:6e:4b:ab:11:74:49:ef:96:e7:05:
         7b:e4:e4:ee:70:86:90:32:5f:12:c2:76:20:5d:d0:40:8b:45:
         f2:f8:aa:97:14:a0:5d:d2:3c:05:c7:0b:a6:a7:89:16:50:90:
         ba:80:0d:91:33:75:17:de:39:89:47:b3:f9:fb:82:37:f4:cd:
         42:a8:22:88:29:a8:29:b7:09:4f:b6:ec:dc:34:82:dc:19:4b:
         1c:9a:ec:83:14:60:98:d5:7f:5c:af:b9:00:df:4e:f8:5d:78:
         c7:b4:84:9b:47:54:1f:1c:c5:b1:ef:31:6b:90:67:ab:fb:f8:
         b7:04:d3:53:3d:56:5d:1d:80:8a:61:7f:e6:19:cd:56:03:34:
         1e:23:33:c7:cd:e8:86:6b:7e:6f:44:8e:41:d0:9b:c9:0a:91:
         64:d0:d8:ee:3e:2a:bf:d5:78:97:a3:9d:8c:ad:1e:28:ca:e9:
         46:19:70:30:e1:fb:96:c0:e7:78:ca:02:df:86:58:28:1e:5a:
         d0:cd:29:da
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUVx3pBywhk7T6EySf91NJYqpWtH8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA5MDkxMDU4MzVaFw0yNjA5MDgxMTAzMzVaMDMxMTAvBgNV
BAMTKEQ3MUM1RDM1NDg3NUI4RERFMTJDQjRCREQ3QzJBODRGNzk0MDQ1NzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClN41oPYSmjpmTYJ/c9M+Awfo/
fFBVx621vFU/YZ9M3MQ9ObCFeIoZrN8wWL4FBXJCeG4T5cWQYAkJPuSw8n8LUuwC
l9XlK5GsruK/P1yOcToXqFrrCN1ciPAsewInRiiPvFu6cKktYCbXqXLS2CoUf+k5
ooA7KBBuOV7Y6KuBAnKsSKcd99gHAggPPQ/0WuaaFDSqYX5uW9Yz7I5K5zxIzVID
n4tbgncJewuFZb/pIK4GhDikxKj4Pf2tkyCcAzZ9GF1g3tqnmnwr4kojsDlaUVAT
gsOxIvn7AeqIzpsxny+ldF29aQy4e/LCCfIGWbmbwxOHxHL0lc5TdOrakOFJAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQU1xxdNUh1uN3hLLS918KoT3lARXcwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMxOTc5NjMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
D2KEQhUwDQYJKoZIhvcNAQELBQADggEBAHaGs+joiRVOhoXWGCfYtekzHkXmwGhT
Qe6lGFmBpas8TdbyfGedX9BC3tgyJQoV0y8MQYP1ZIZGP9IEtC3ubkurEXRJ75bn
BXvk5O5whpAyXxLCdiBd0ECLRfL4qpcUoF3SPAXHC6aniRZQkLqADZEzdRfeOYlH
s/n7gjf0zUKoIogpqCm3CU+27Nw0gtwZSxya7IMUYJjVf1yvuQDfTvhdeMe0hJtH
VB8cxbHvMWuQZ6v7+LcE01M9Vl0dgIphf+YZzVYDNB4jM8fN6IZrfm9EjkHQm8kK
kWTQ2O4+Kr/VeJejnYytHijK6UYZcDDh+5bA53jKAt+GWCgeWtDNKdo=
-----END CERTIFICATE-----