Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS208884.roa
File:                     AS208884.roa (raw, json)
Hash identifier:          llCXzsG+b5uBv+CUOEy7BdHDLJOSkvCbeGLBHLB0f50=
Subject key identifier:   7E:6E:68:03:41:F7:21:5F:8D:5F:7F:2F:D8:05:13:3C:68:B5:74:E4
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       0C2911717B025E36ED398E4CA144A516A4D580B9
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS208884.roa
Signing time:             Thu 03 Jul 2025 15:53:05 +0000
ROA not before:           Thu 03 Jul 2025 15:48:05 +0000
ROA not after:            Thu 02 Jul 2026 15:53:05 +0000
asID:                     208884
IP address blocks:        2a05:dfc3:f600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:29:11:71:7b:02:5e:36:ed:39:8e:4c:a1:44:a5:16:a4:d5:80:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:05 2025 GMT
            Not After : Jul  2 15:53:05 2026 GMT
        Subject: CN=7E6E680341F7215F8D5F7F2FD805133C68B574E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2d:f5:b3:f0:5a:b0:0b:f7:b2:f4:a7:18:0d:
                    f4:82:54:0e:47:8a:8e:21:c7:ec:b0:95:95:71:6a:
                    93:a0:b1:e6:ec:18:84:13:90:93:a1:d1:57:a4:4e:
                    a4:b8:62:da:d0:f7:35:50:b5:37:7b:13:0d:a4:a1:
                    ad:41:d6:32:8a:b9:0b:79:d8:c3:0d:bd:c9:34:7d:
                    7b:cd:dd:8a:68:46:8e:29:8a:b9:ae:85:d2:4e:b7:
                    63:6f:62:e9:a3:05:57:58:ab:df:89:48:6d:56:f9:
                    66:a2:d7:da:a5:bf:cc:8c:20:f3:a1:f4:5d:55:5c:
                    32:61:fb:f6:d9:36:e8:f9:b2:13:cd:c0:f1:e9:1d:
                    a6:23:2e:bb:40:39:5a:3f:57:87:9d:4d:ce:75:fb:
                    21:f3:4b:aa:49:d2:74:f9:e7:cf:75:f1:d5:e8:31:
                    2d:ef:5e:4f:60:7a:a3:19:03:eb:0c:cb:cd:50:58:
                    0f:77:9b:1a:b1:72:2d:18:30:ef:c1:98:22:eb:92:
                    45:60:9c:3b:b4:53:e3:cc:52:1f:02:32:7b:e9:7a:
                    45:c3:bf:5f:fd:33:51:a5:43:2d:cf:26:0c:65:c8:
                    ac:91:54:95:5b:d4:49:f2:11:f0:4a:eb:de:d5:ee:
                    c4:fd:5e:cc:9b:87:94:dc:f3:8c:ec:c8:e7:48:27:
                    12:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:6E:68:03:41:F7:21:5F:8D:5F:7F:2F:D8:05:13:3C:68:B5:74:E4
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS208884.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3:f600::/40

    Signature Algorithm: sha256WithRSAEncryption
         81:b6:0f:d8:71:4c:46:36:30:40:73:0f:22:84:5f:89:bc:29:
         f4:12:46:80:55:67:0f:94:8d:54:12:84:3d:16:30:47:9b:cb:
         e0:3c:c5:ab:db:9c:c6:2d:82:a9:8f:10:23:de:34:e4:64:6f:
         bf:d0:e1:4b:77:4d:23:b8:e9:d6:45:c9:07:54:69:26:db:86:
         1b:8c:10:9c:3c:0b:51:12:bb:50:cf:f7:93:70:c5:9c:15:1d:
         1e:de:7d:39:03:4f:e9:61:6f:91:ae:e6:15:83:fb:47:1d:63:
         9c:04:fa:50:25:91:44:41:31:c0:2f:a4:e5:87:94:27:91:37:
         1e:59:f3:bf:b2:1c:2b:dd:4f:ac:3b:a0:e1:78:8f:4d:0c:ca:
         14:1d:64:92:40:f6:18:d2:ba:f9:3f:50:c3:9d:dd:46:41:79:
         82:77:4b:ec:f9:43:e3:e7:2f:99:98:14:12:c0:36:6b:03:a1:
         af:b8:22:f9:f9:ca:13:55:b3:44:8f:1b:a4:0c:96:50:1b:2e:
         79:fa:9d:70:79:ca:4f:f7:4d:dd:85:1d:ee:ea:e0:f6:b5:d5:
         a8:a9:6b:9f:0c:66:6b:0a:f6:60:93:e4:cb:c0:98:54:4e:63:
         56:1f:0f:74:65:1b:dd:2e:04:0b:e6:63:1c:73:d3:09:2e:12:
         81:ac:01:bb
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUDCkRcXsCXjbtOY5MoUSlFqTVgLkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDVaFw0yNjA3MDIxNTUzMDVaMDMxMTAvBgNV
BAMTKDdFNkU2ODAzNDFGNzIxNUY4RDVGN0YyRkQ4MDUxMzNDNjhCNTc0RTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDALfWz8FqwC/ey9KcYDfSCVA5H
io4hx+ywlZVxapOgsebsGIQTkJOh0VekTqS4YtrQ9zVQtTd7Ew2koa1B1jKKuQt5
2MMNvck0fXvN3YpoRo4pirmuhdJOt2NvYumjBVdYq9+JSG1W+Wai19qlv8yMIPOh
9F1VXDJh+/bZNuj5shPNwPHpHaYjLrtAOVo/V4edTc51+yHzS6pJ0nT558918dXo
MS3vXk9geqMZA+sMy81QWA93mxqxci0YMO/BmCLrkkVgnDu0U+PMUh8CMnvpekXD
v1/9M1GlQy3PJgxlyKyRVJVb1EnyEfBK697V7sT9Xsybh5Tc84zsyOdIJxLTAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUfm5oA0H3IV+NX38v2AUTPGi1dOQwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDg4ODQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
Bd/D9jANBgkqhkiG9w0BAQsFAAOCAQEAgbYP2HFMRjYwQHMPIoRfibwp9BJGgFVn
D5SNVBKEPRYwR5vL4DzFq9ucxi2CqY8QI9405GRvv9DhS3dNI7jp1kXJB1RpJtuG
G4wQnDwLURK7UM/3k3DFnBUdHt59OQNP6WFvka7mFYP7Rx1jnAT6UCWRREExwC+k
5YeUJ5E3Hlnzv7IcK91PrDug4XiPTQzKFB1kkkD2GNK6+T9Qw53dRkF5gndL7PlD
4+cvmZgUEsA2awOhr7gi+fnKE1WzRI8bpAyWUBsuefqdcHnKT/dN3YUd7urg9rXV
qKlrnwxmawr2YJPky8CYVE5jVh8PdGUb3S4EC+ZjHHPTCS4SgawBuw==
-----END CERTIFICATE-----