Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS199529.roa
File:                     AS199529.roa (raw, json)
Hash identifier:          Eh0IUd57j8rM7EEaVBNybvFmecsBkzCMu2T0tMErazY=
Subject key identifier:   51:E5:F5:35:B4:F2:D5:33:8B:00:46:B4:38:A9:89:5B:98:38:24:73
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       7E2C6B42A8FDAF295D027174F2FCC5CED8555268
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS199529.roa
Signing time:             Wed 01 Apr 2026 17:18:52 +0000
ROA not before:           Wed 01 Apr 2026 17:13:52 +0000
ROA not after:            Wed 31 Mar 2027 17:18:52 +0000
asID:                     199529
IP address blocks:        2a0f:6282:1fff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Apr 2026 13:53:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:2c:6b:42:a8:fd:af:29:5d:02:71:74:f2:fc:c5:ce:d8:55:52:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Apr  1 17:13:52 2026 GMT
            Not After : Mar 31 17:18:52 2027 GMT
        Subject: CN=51E5F535B4F2D5338B0046B438A9895B98382473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:56:98:d2:72:83:a8:6c:57:34:cc:51:bb:61:
                    8a:f9:68:4a:a5:3d:9e:48:63:15:63:01:c0:89:bb:
                    14:c4:26:02:85:a9:9e:71:8d:3e:85:b7:95:09:de:
                    41:92:8b:5c:0c:aa:b3:33:32:cb:92:90:2e:29:9e:
                    b0:92:0a:23:e4:9f:03:98:20:e2:76:6d:d5:29:61:
                    1c:48:13:8c:f5:6b:e4:bc:bf:a9:68:18:71:b4:ce:
                    93:e8:47:be:1c:cc:2f:75:90:1b:2c:df:86:ae:e9:
                    a3:7a:7b:91:8a:64:3b:48:fd:64:d0:44:a5:7d:04:
                    26:8a:ce:cc:2a:47:ae:66:47:2c:d6:7b:c7:5f:ac:
                    6a:c7:c1:f8:1b:ce:b1:65:b2:33:cc:cf:a5:4c:4f:
                    98:9f:d9:bc:3f:fb:b2:13:5c:bd:6b:22:6b:3b:26:
                    c6:d7:74:4f:b9:7d:1a:59:9a:a8:9c:c1:6c:ca:2c:
                    d8:c2:e0:cc:6e:af:d4:53:5e:ea:a3:5b:c5:52:89:
                    e9:9a:2d:80:cf:ed:a0:40:f4:5f:6f:2b:18:93:a8:
                    e7:20:73:5b:c8:1d:89:70:a9:d4:66:22:c8:79:49:
                    76:92:12:eb:65:48:34:6f:55:eb:2c:8b:62:ab:d8:
                    82:c3:43:88:56:20:91:f5:7d:17:db:1f:f4:98:5a:
                    f2:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:E5:F5:35:B4:F2:D5:33:8B:00:46:B4:38:A9:89:5B:98:38:24:73
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS199529.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6282:1fff::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:3f:17:10:07:f1:b5:df:dc:63:0f:4e:b5:49:9a:6e:10:9a:
         58:45:67:b0:0f:ad:a1:5d:07:16:ec:d9:57:74:5d:bf:47:42:
         2f:fa:53:11:4d:33:cd:5e:c5:25:75:06:8c:8f:e6:59:b8:c9:
         52:77:b3:a2:30:7b:7b:7b:2d:ec:31:73:fb:3a:fc:98:0b:3d:
         f8:57:96:04:d8:37:bf:2d:63:f9:00:6f:af:f8:2b:38:ed:0f:
         ed:9c:23:53:97:35:eb:4d:90:70:d8:3a:d0:dd:0d:b9:4c:01:
         aa:92:57:49:a7:17:fc:55:8b:fa:ae:fa:f8:d1:70:8b:35:e1:
         e6:6a:84:7e:75:f5:a7:5f:5b:50:0f:1d:72:65:f6:67:1e:7f:
         18:68:e8:31:71:8f:d1:2c:e5:7b:38:a5:61:67:07:11:65:5b:
         63:de:8e:bb:bd:49:e8:02:81:75:d5:a5:4e:68:f5:b0:da:e9:
         37:26:cd:3c:f6:db:0d:26:38:59:cc:da:a7:1b:ca:31:a5:76:
         e6:30:8b:f9:a1:27:78:2d:f9:3c:6b:00:09:f3:e7:63:2e:2a:
         ad:04:36:0d:ae:49:7a:bb:d0:22:c8:f5:e8:05:2f:8f:e7:e1:
         44:b7:d7:37:f6:12:22:48:f3:61:68:fd:7f:f8:29:93:79:be:
         1c:43:2e:75
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUfixrQqj9ryldAnF08vzFzthVUmgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA0MDExNzEzNTJaFw0yNzAzMzExNzE4NTJaMDMxMTAvBgNV
BAMTKDUxRTVGNTM1QjRGMkQ1MzM4QjAwNDZCNDM4QTk4OTVCOTgzODI0NzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcVpjScoOobFc0zFG7YYr5aEql
PZ5IYxVjAcCJuxTEJgKFqZ5xjT6Ft5UJ3kGSi1wMqrMzMsuSkC4pnrCSCiPknwOY
IOJ2bdUpYRxIE4z1a+S8v6loGHG0zpPoR74czC91kBss34au6aN6e5GKZDtI/WTQ
RKV9BCaKzswqR65mRyzWe8dfrGrHwfgbzrFlsjPMz6VMT5if2bw/+7ITXL1rIms7
JsbXdE+5fRpZmqicwWzKLNjC4Mxur9RTXuqjW8VSiemaLYDP7aBA9F9vKxiTqOcg
c1vIHYlwqdRmIsh5SXaSEutlSDRvVessi2Kr2ILDQ4hWIJH1fRfbH/SYWvIfAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUUeX1NbTy1TOLAEa0OKmJW5g4JHMwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMxOTk1Mjkucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
D2KCH/8wDQYJKoZIhvcNAQELBQADggEBACY/FxAH8bXf3GMPTrVJmm4QmlhFZ7AP
raFdBxbs2Vd0Xb9HQi/6UxFNM81exSV1BoyP5lm4yVJ3s6Iwe3t7Lewxc/s6/JgL
PfhXlgTYN78tY/kAb6/4KzjtD+2cI1OXNetNkHDYOtDdDblMAaqSV0mnF/xVi/qu
+vjRcIs14eZqhH519adfW1APHXJl9mcefxho6DFxj9Es5Xs4pWFnBxFlW2Pejru9
SegCgXXVpU5o9bDa6TcmzTz22w0mOFnM2qcbyjGlduYwi/mhJ3gt+TxrAAnz52Mu
Kq0ENg2uSXq70CLI9egFL4/n4US31zf2EiJI82Fo/X/4KZN5vhxDLnU=
-----END CERTIFICATE-----