Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS204676.roa
File:                     AS204676.roa (raw, json)
Hash identifier:          zGrPBAEdI1KahGob6RGlmVh/pmF6+6D5me0q/dc0yqA=
Subject key identifier:   05:B2:C1:24:C2:D5:C9:0D:6A:7A:CF:54:3D:21:1E:50:16:79:2F:13
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       7D3A0E8570DF3262F2BE10F5F842C67CB27E84AD
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS204676.roa
Signing time:             Sat 30 Aug 2025 23:08:13 +0000
ROA not before:           Sat 30 Aug 2025 23:03:13 +0000
ROA not after:            Sat 29 Aug 2026 23:08:13 +0000
asID:                     204676
IP address blocks:        2a09:54c6:8000::/36 maxlen: 64
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 03:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:3a:0e:85:70:df:32:62:f2:be:10:f5:f8:42:c6:7c:b2:7e:84:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Aug 30 23:03:13 2025 GMT
            Not After : Aug 29 23:08:13 2026 GMT
        Subject: CN=05B2C124C2D5C90D6A7ACF543D211E5016792F13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:69:c0:60:36:39:42:a0:7d:d7:10:16:45:6d:
                    7b:21:f5:18:09:b0:da:a7:57:46:92:e5:b6:bf:c4:
                    2a:36:f4:18:d8:42:db:c4:47:55:66:a0:19:4d:f4:
                    03:76:35:13:f5:18:43:72:09:73:44:b1:53:28:b3:
                    3d:45:f0:ce:f3:e6:bb:ab:90:77:4b:c3:48:4d:ec:
                    6d:68:e8:9a:d9:36:42:e3:8e:a3:60:8f:14:b0:e8:
                    21:de:20:3a:f9:a6:e3:fb:45:72:8a:da:3b:1b:96:
                    26:8f:77:d6:35:14:e7:d7:73:f5:4c:50:94:6f:4b:
                    db:f3:63:83:d5:3b:ab:fe:ba:6b:ce:11:e6:b2:78:
                    2b:fa:fe:e1:55:42:ed:22:a1:ae:29:f0:05:c7:ee:
                    5f:fe:ec:87:2f:dc:e7:cc:f8:11:b6:26:10:1c:87:
                    fc:c8:40:b7:25:2b:d2:55:7f:d1:9c:05:45:06:f9:
                    4c:35:1e:8f:e5:2e:dd:d4:14:dd:be:f2:06:a4:d9:
                    ca:67:c4:ce:7a:0f:7b:ca:42:03:6c:2a:da:0f:40:
                    b4:67:10:cc:5f:41:59:03:8f:e7:2e:23:43:d0:fc:
                    0d:46:72:b3:4a:bd:09:be:c8:d6:b2:f2:1d:18:2b:
                    91:53:bc:52:5d:c9:3d:4b:61:55:c8:6d:ee:cd:54:
                    b4:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:B2:C1:24:C2:D5:C9:0D:6A:7A:CF:54:3D:21:1E:50:16:79:2F:13
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS204676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c6:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         12:c6:0f:0d:e6:29:3f:e2:01:ff:6c:3c:e2:ef:70:61:7b:d5:
         2b:30:35:e4:a7:9c:23:e0:bf:35:78:1b:d3:6f:df:00:ef:54:
         94:af:01:b6:72:34:89:6f:72:ca:ac:18:82:3b:6a:c5:6b:9b:
         ab:3c:83:94:5d:32:88:86:6a:e2:a6:5a:5f:13:18:5b:12:0c:
         8e:16:81:09:66:7f:ee:a9:48:77:2e:8c:30:1b:43:82:a4:9c:
         47:e6:ae:f6:15:1f:c0:95:2f:81:3d:86:16:28:66:0a:48:ea:
         78:51:75:e9:6e:81:c7:f1:d2:fb:54:d5:e4:b7:69:8b:4d:15:
         a9:e7:a5:2e:de:7a:58:94:0a:09:de:ec:57:9c:43:32:6f:b9:
         1c:33:fa:45:ec:20:cd:6c:3e:8c:3f:0c:d4:ee:31:38:ac:1b:
         3b:9b:53:4c:3c:86:2b:41:60:b1:14:6e:bc:f4:02:a3:5c:ca:
         db:77:1f:ca:c4:8a:5b:a1:26:b7:36:5e:34:c8:e1:82:b2:4c:
         67:0a:08:fe:2a:87:bf:43:a5:de:3c:5b:47:ba:b8:c6:3f:1f:
         b3:a6:fb:4d:a9:1e:74:28:7d:f0:27:66:c0:50:ef:b1:07:91:
         43:26:57:db:bc:d0:94:17:3e:41:50:ba:87:ec:aa:76:93:5f:
         58:41:30:f8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUfToOhXDfMmLyvhD1+ELGfLJ+hK0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA4MzAyMzAzMTNaFw0yNjA4MjkyMzA4MTNaMDMxMTAvBgNV
BAMTKDA1QjJDMTI0QzJENUM5MEQ2QTdBQ0Y1NDNEMjExRTUwMTY3OTJGMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2acBgNjlCoH3XEBZFbXsh9RgJ
sNqnV0aS5ba/xCo29BjYQtvER1VmoBlN9AN2NRP1GENyCXNEsVMosz1F8M7z5rur
kHdLw0hN7G1o6JrZNkLjjqNgjxSw6CHeIDr5puP7RXKK2jsbliaPd9Y1FOfXc/VM
UJRvS9vzY4PVO6v+umvOEeayeCv6/uFVQu0ioa4p8AXH7l/+7Icv3OfM+BG2JhAc
h/zIQLclK9JVf9GcBUUG+Uw1Ho/lLt3UFN2+8gak2cpnxM56D3vKQgNsKtoPQLRn
EMxfQVkDj+cuI0PQ/A1GcrNKvQm+yNay8h0YK5FTvFJdyT1LYVXIbe7NVLTHAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUBbLBJMLVyQ1qes9UPSEeUBZ5LxMwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDQ2NzYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
CVTGgDANBgkqhkiG9w0BAQsFAAOCAQEAEsYPDeYpP+IB/2w84u9wYXvVKzA15Kec
I+C/NXgb02/fAO9UlK8BtnI0iW9yyqwYgjtqxWubqzyDlF0yiIZq4qZaXxMYWxIM
jhaBCWZ/7qlIdy6MMBtDgqScR+au9hUfwJUvgT2GFihmCkjqeFF16W6Bx/HS+1TV
5Ldpi00VqeelLt56WJQKCd7sV5xDMm+5HDP6RewgzWw+jD8M1O4xOKwbO5tTTDyG
K0FgsRRuvPQCo1zK23cfysSKW6EmtzZeNMjhgrJMZwoI/iqHv0Ol3jxbR7q4xj8f
s6b7TakedCh98CdmwFDvsQeRQyZX27zQlBc+QVC6h+yqdpNfWEEw+A==
-----END CERTIFICATE-----