Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS205591.roa
File:                     AS205591.roa (raw, json)
Hash identifier:          SrlFHICYsl3PKhz7Y9l/qH5agHbxEXG5CeFMXdlsAWQ=
Subject key identifier:   B2:09:83:A7:9B:E2:7C:1A:DD:9B:79:0F:33:AD:FF:A9:1A:DF:B4:48
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       0D9AC83AE7A4C8435A632ECED72E1F2A28B899D7
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS205591.roa
Signing time:             Tue 21 Oct 2025 10:16:34 +0000
ROA not before:           Tue 21 Oct 2025 10:11:34 +0000
ROA not after:            Tue 20 Oct 2026 10:16:34 +0000
asID:                     205591
IP address blocks:        2a0f:6287:c000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 12:24:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:9a:c8:3a:e7:a4:c8:43:5a:63:2e:ce:d7:2e:1f:2a:28:b8:99:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Oct 21 10:11:34 2025 GMT
            Not After : Oct 20 10:16:34 2026 GMT
        Subject: CN=B20983A79BE27C1ADD9B790F33ADFFA91ADFB448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8b:9e:2a:dc:63:fb:cd:3f:44:dd:9b:43:ce:
                    e2:0a:43:b0:fa:7d:9f:0c:2f:7d:60:62:e4:ed:a7:
                    e6:d0:37:e0:e6:4f:b3:8c:0a:3c:0e:48:6e:ab:eb:
                    3e:06:17:71:d2:5f:c3:b5:9f:b4:bc:e9:76:4f:16:
                    de:a0:47:dc:0a:27:96:20:5e:ed:2a:69:30:57:f5:
                    da:57:33:54:a0:63:24:11:93:e2:b0:46:1f:cd:c6:
                    70:ec:d8:73:7f:c9:79:30:bb:8b:41:34:d4:82:6a:
                    24:a2:bc:af:66:f2:8d:9f:1c:18:20:a1:e0:e3:23:
                    11:fa:d5:51:4d:9b:e7:ba:df:7a:9f:68:cd:32:30:
                    e8:bb:ad:59:23:42:d3:bb:60:11:9c:11:c3:43:ae:
                    d7:a5:4f:bf:86:40:18:16:a4:c5:f1:36:06:d5:89:
                    88:24:53:81:9a:95:ef:39:e5:95:a3:b2:40:cc:7f:
                    05:10:a7:04:7b:55:aa:75:b9:91:30:ea:b6:68:43:
                    1b:68:68:25:ba:ac:db:91:af:b3:dd:39:8b:d1:e8:
                    36:62:d6:37:da:33:38:fb:55:7f:a4:5a:7a:14:40:
                    7c:1b:07:c1:00:cf:2f:32:df:7b:d6:5a:54:7f:4e:
                    f4:7a:4c:df:c5:85:45:d6:02:77:94:ad:c5:72:fe:
                    b6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:09:83:A7:9B:E2:7C:1A:DD:9B:79:0F:33:AD:FF:A9:1A:DF:B4:48
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS205591.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6287:c000::/36

    Signature Algorithm: sha256WithRSAEncryption
         0b:84:70:70:2e:b4:a4:95:43:1e:20:c4:45:53:5b:4d:6e:30:
         f1:81:98:19:19:60:bf:ee:a0:12:55:18:06:ca:90:45:f0:4e:
         ce:4a:b2:e8:cf:d5:26:d3:4c:7d:0a:3c:74:13:0d:e6:53:51:
         a5:c2:2d:27:7d:08:c5:e2:df:f8:b0:93:2b:e1:59:c4:19:62:
         c7:bd:a7:c1:71:a2:83:08:da:36:00:1c:b8:2b:2a:2c:98:4f:
         0a:12:6f:67:22:59:e4:ef:79:7c:e8:29:27:21:b4:d6:3b:de:
         5c:69:c8:d5:a5:1b:95:51:68:20:b7:37:94:43:a4:e9:ec:a2:
         55:93:15:f3:26:a6:b5:fd:96:a4:4c:91:e8:f9:74:39:19:30:
         b5:1f:88:bf:92:e6:26:ee:b6:57:30:cc:33:ec:5e:33:35:fe:
         8c:4b:34:d8:b3:f5:eb:72:66:70:1e:a6:aa:79:6c:e4:2d:ac:
         a5:77:0e:05:23:ea:d2:92:b5:38:14:ca:aa:92:68:5d:4a:83:
         f6:4e:f4:09:f1:7c:0f:92:29:63:b0:53:b1:04:4f:60:d1:50:
         b4:d0:ae:be:2b:a0:24:4f:96:31:80:3d:4d:0a:93:5d:45:0f:
         2b:ec:8f:1b:fd:98:60:2c:44:81:d0:09:2e:4f:28:06:d9:8d:
         c1:a7:a2:66
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUDZrIOuekyENaYy7O1y4fKii4mdcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTEwMjExMDExMzRaFw0yNjEwMjAxMDE2MzRaMDMxMTAvBgNV
BAMTKEIyMDk4M0E3OUJFMjdDMUFERDlCNzkwRjMzQURGRkE5MUFERkI0NDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCii54q3GP7zT9E3ZtDzuIKQ7D6
fZ8ML31gYuTtp+bQN+DmT7OMCjwOSG6r6z4GF3HSX8O1n7S86XZPFt6gR9wKJ5Yg
Xu0qaTBX9dpXM1SgYyQRk+KwRh/NxnDs2HN/yXkwu4tBNNSCaiSivK9m8o2fHBgg
oeDjIxH61VFNm+e633qfaM0yMOi7rVkjQtO7YBGcEcNDrtelT7+GQBgWpMXxNgbV
iYgkU4Gale855ZWjskDMfwUQpwR7Vap1uZEw6rZoQxtoaCW6rNuRr7PdOYvR6DZi
1jfaMzj7VX+kWnoUQHwbB8EAzy8y33vWWlR/TvR6TN/FhUXWAneUrcVy/rY7AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUsgmDp5vifBrdm3kPM63/qRrftEgwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDU1OTEucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
D2KHwDANBgkqhkiG9w0BAQsFAAOCAQEAC4RwcC60pJVDHiDERVNbTW4w8YGYGRlg
v+6gElUYBsqQRfBOzkqy6M/VJtNMfQo8dBMN5lNRpcItJ30IxeLf+LCTK+FZxBli
x72nwXGigwjaNgAcuCsqLJhPChJvZyJZ5O95fOgpJyG01jveXGnI1aUblVFoILc3
lEOk6eyiVZMV8yamtf2WpEyR6Pl0ORkwtR+Iv5LmJu62VzDMM+xeMzX+jEs02LP1
63JmcB6mqnls5C2spXcOBSPq0pK1OBTKqpJoXUqD9k70CfF8D5IpY7BTsQRPYNFQ
tNCuviugJE+WMYA9TQqTXUUPK+yPG/2YYCxEgdAJLk8oBtmNwaeiZg==
-----END CERTIFICATE-----