Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS204676.roa
File:                     AS204676.roa (raw, json)
Hash identifier:          A/HZXhLoMyGThsmEkgiY20AzKe0dujZQA9ftixpIObI=
Subject key identifier:   6C:33:77:86:B9:83:E4:EC:5D:16:8A:DD:B5:13:C9:3B:FD:A8:C4:9D
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       5FDC887E0D9C2B47CD4DE043A4FAF0DC79FF7CBD
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS204676.roa
Signing time:             Thu 03 Jul 2025 15:53:04 +0000
ROA not before:           Thu 03 Jul 2025 15:48:04 +0000
ROA not after:            Thu 02 Jul 2026 15:53:04 +0000
asID:                     204676
IP address blocks:        2a09:54c6:8000::/36 maxlen: 64
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:dc:88:7e:0d:9c:2b:47:cd:4d:e0:43:a4:fa:f0:dc:79:ff:7c:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:04 2025 GMT
            Not After : Jul  2 15:53:04 2026 GMT
        Subject: CN=6C337786B983E4EC5D168ADDB513C93BFDA8C49D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6b:6c:0a:4d:cf:1b:69:97:54:c7:4e:7a:cb:
                    b2:2e:ce:4e:a3:2a:54:90:fc:25:00:e2:6d:12:b1:
                    bd:70:15:f5:aa:e2:f2:c3:9c:f5:1a:31:e1:44:04:
                    65:56:83:a2:59:a8:e5:83:df:05:86:cc:d0:92:28:
                    97:30:0d:f5:eb:d4:ae:98:5e:0c:ee:f7:1b:82:8b:
                    fe:fb:a0:d2:bf:1d:3b:36:0f:b9:a8:e9:90:2b:e0:
                    44:8b:92:0e:a7:9b:92:d6:73:6b:82:fc:65:28:76:
                    be:fb:c2:0f:07:3d:a9:a5:d8:5d:76:7b:11:47:5d:
                    e5:26:2c:d9:88:27:50:e9:a8:6d:08:4d:6d:ad:e9:
                    d0:0e:3d:ab:ad:a7:0a:37:31:30:14:f3:32:62:10:
                    f6:ed:88:67:cc:f6:c5:11:37:f9:cb:41:25:1d:be:
                    f4:42:34:b5:96:84:e4:63:5c:42:c7:6a:9a:ab:1c:
                    ac:d1:12:42:ba:1e:bc:1c:75:7b:5f:8c:da:56:c5:
                    3b:a5:30:db:22:1c:ea:0f:41:15:18:b6:41:34:e5:
                    68:88:44:94:d8:7b:28:ae:52:52:30:ff:6b:6e:54:
                    c1:ba:9a:8b:3f:5b:9b:83:60:96:78:5d:58:96:96:
                    b7:6a:f4:63:d9:af:06:c3:30:fb:97:8d:b4:10:57:
                    d6:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:33:77:86:B9:83:E4:EC:5D:16:8A:DD:B5:13:C9:3B:FD:A8:C4:9D
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS204676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c6:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1b:ae:d2:93:4a:2e:b1:5e:22:78:5e:4a:3d:28:02:53:73:71:
         a3:6e:11:f3:ad:39:ac:5d:e1:3c:44:7a:35:7b:f2:4f:16:67:
         e5:77:61:ee:1c:21:e1:8f:e0:9a:3d:20:0b:ad:33:08:1b:7d:
         a9:dc:a4:78:d1:f7:f3:fa:b8:94:50:5c:b0:80:89:66:dc:38:
         14:6d:88:74:fe:b9:8d:34:1a:d4:1c:c5:ee:6a:fc:5e:58:0d:
         f5:45:d0:a8:25:ac:d6:c6:56:7c:e9:2d:00:53:5a:1f:fd:36:
         a5:12:e2:f8:cc:cf:4a:74:31:51:f1:89:fb:43:15:c9:64:03:
         a0:a3:98:da:44:4e:80:46:5c:06:c9:d5:95:6b:8b:45:9f:10:
         6f:42:d5:36:79:95:a6:1c:ef:70:70:ad:62:a0:c8:5a:81:f5:
         a7:3e:bb:48:df:ad:19:ed:af:73:b5:6b:8d:0d:81:97:2b:a3:
         81:e6:52:06:f7:f2:c1:34:23:43:1a:fd:de:e1:34:75:60:90:
         3c:65:8c:61:2a:24:83:14:e3:ce:b1:3f:25:ce:60:62:ff:ac:
         38:8b:dc:24:9b:45:dd:2c:cd:b8:d6:f9:8b:b4:cf:33:c7:e9:
         1a:33:36:84:1d:1f:d6:71:14:1b:f4:4d:f7:0a:0d:a5:a5:5c:
         10:a7:b2:9a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUX9yIfg2cK0fNTeBDpPrw3Hn/fL0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDRaFw0yNjA3MDIxNTUzMDRaMDMxMTAvBgNV
BAMTKDZDMzM3Nzg2Qjk4M0U0RUM1RDE2OEFEREI1MTNDOTNCRkRBOEM0OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4a2wKTc8baZdUx056y7Iuzk6j
KlSQ/CUA4m0Ssb1wFfWq4vLDnPUaMeFEBGVWg6JZqOWD3wWGzNCSKJcwDfXr1K6Y
Xgzu9xuCi/77oNK/HTs2D7mo6ZAr4ESLkg6nm5LWc2uC/GUodr77wg8HPaml2F12
exFHXeUmLNmIJ1DpqG0ITW2t6dAOPautpwo3MTAU8zJiEPbtiGfM9sURN/nLQSUd
vvRCNLWWhORjXELHapqrHKzREkK6HrwcdXtfjNpWxTulMNsiHOoPQRUYtkE05WiI
RJTYeyiuUlIw/2tuVMG6mos/W5uDYJZ4XViWlrdq9GPZrwbDMPuXjbQQV9btAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUbDN3hrmD5OxdFordtRPJO/2oxJ0wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDQ2NzYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
CVTGgDANBgkqhkiG9w0BAQsFAAOCAQEAG67Sk0ousV4ieF5KPSgCU3Nxo24R8605
rF3hPER6NXvyTxZn5Xdh7hwh4Y/gmj0gC60zCBt9qdykeNH38/q4lFBcsICJZtw4
FG2IdP65jTQa1BzF7mr8XlgN9UXQqCWs1sZWfOktAFNaH/02pRLi+MzPSnQxUfGJ
+0MVyWQDoKOY2kROgEZcBsnVlWuLRZ8Qb0LVNnmVphzvcHCtYqDIWoH1pz67SN+t
Ge2vc7VrjQ2BlyujgeZSBvfywTQjQxr93uE0dWCQPGWMYSokgxTjzrE/Jc5gYv+s
OIvcJJtF3SzNuNb5i7TPM8fpGjM2hB0f1nEUG/RN9woNpaVcEKeymg==
-----END CERTIFICATE-----