Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS209693.roa
File:                     AS209693.roa (raw, json)
Hash identifier:          +DXx+wgzBkREWk1/V5mjVtBhi1cQC+inIQtwydAQR3A=
Subject key identifier:   38:8A:85:81:F6:4A:1C:A9:3C:A4:6A:01:CD:3E:E3:0A:F8:E1:8F:72
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       14DDCF3130CA9EA2E402C92671E6DC833B903708
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS209693.roa
Signing time:             Thu 03 Jul 2025 16:39:11 +0000
ROA not before:           Thu 03 Jul 2025 16:34:11 +0000
ROA not after:            Thu 02 Jul 2026 16:39:11 +0000
asID:                     209693
IP address blocks:        2a09:54c6:5000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:dd:cf:31:30:ca:9e:a2:e4:02:c9:26:71:e6:dc:83:3b:90:37:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 16:34:11 2025 GMT
            Not After : Jul  2 16:39:11 2026 GMT
        Subject: CN=388A8581F64A1CA93CA46A01CD3EE30AF8E18F72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9e:7d:82:85:e4:f6:0b:6e:54:36:26:a4:8e:
                    50:84:97:63:2b:eb:20:5e:1f:e7:b1:a1:ad:f1:47:
                    4f:74:4c:10:c2:78:02:6d:57:2d:3a:94:15:a5:e5:
                    07:fc:b0:6a:0d:8b:53:be:61:9d:62:14:c0:23:9b:
                    3e:1a:ee:44:19:2c:17:be:26:2a:8e:f6:ac:af:8b:
                    c0:0b:67:df:bc:de:9b:5e:15:4d:96:2e:d6:a3:42:
                    48:6f:53:8e:99:8a:17:1f:f3:b3:e5:e3:23:b5:fd:
                    7c:5c:ae:af:c5:e6:26:59:93:3e:ba:aa:d8:74:18:
                    9b:c4:96:45:f6:d2:33:76:fb:0f:ab:a3:ed:56:bc:
                    ff:14:dd:9a:4c:ab:66:5d:af:ce:4e:01:5e:6f:7a:
                    73:37:92:f4:f2:e3:79:00:dd:8c:bc:4d:2d:d2:98:
                    cf:f6:02:3b:37:10:c1:05:f0:b3:51:48:47:81:80:
                    64:d7:9e:aa:9e:a0:9f:d8:fa:5b:9e:6a:86:cc:6e:
                    16:60:b8:04:ee:da:a4:c2:a6:67:fa:a4:3c:5f:7b:
                    46:21:22:d9:ce:6a:48:c4:8f:ca:de:20:ec:ae:df:
                    e4:cd:10:69:b0:fc:b6:95:ed:e8:ab:de:1d:dc:b0:
                    5f:fd:64:cd:18:8c:0c:1d:25:b1:a2:49:91:1d:f0:
                    ad:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:8A:85:81:F6:4A:1C:A9:3C:A4:6A:01:CD:3E:E3:0A:F8:E1:8F:72
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS209693.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c6:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         39:dd:7c:44:7e:34:e4:a5:98:b8:2c:c4:2c:c8:d0:de:07:9d:
         37:72:d4:a3:5d:da:df:e7:e4:39:89:f9:d1:64:b3:bf:66:ba:
         c6:37:fd:43:c2:78:6e:f9:21:13:5f:10:ac:61:7d:c9:5b:97:
         4a:26:e8:1a:c0:70:f7:3c:5a:2d:8c:ec:f2:00:f3:b8:eb:b5:
         9c:6f:ff:de:1d:72:1a:7d:e9:69:04:50:75:5b:96:b9:74:7d:
         31:00:8c:a2:c9:7b:70:56:06:6f:84:a9:be:a5:37:ea:45:54:
         b6:d3:cf:db:4f:ad:70:24:a9:70:7d:8d:54:b6:e4:ec:d3:d6:
         90:8d:ce:03:20:ef:f0:6e:25:0e:19:f9:82:cf:b7:7d:43:1f:
         a5:a0:1f:47:b2:25:b6:03:8f:a6:dc:17:91:a2:bd:fd:7d:70:
         2f:1a:47:d8:a2:91:41:34:1f:1f:ac:81:89:98:7e:3b:95:ad:
         57:bf:61:de:75:32:3a:cb:f3:89:cb:e7:c4:20:cb:fe:d8:cf:
         5f:02:cd:1a:0a:2a:40:36:18:fc:6d:3d:70:f7:f6:1c:bb:14:
         b4:a4:1e:c7:0f:c6:69:95:c2:07:1f:23:04:4b:53:7f:98:aa:
         13:dd:7f:80:4c:b6:cb:05:ca:a8:1a:98:3b:ca:31:82:c8:de:
         48:dd:86:43
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUFN3PMTDKnqLkAskmcebcgzuQNwgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNjM0MTFaFw0yNjA3MDIxNjM5MTFaMDMxMTAvBgNV
BAMTKDM4OEE4NTgxRjY0QTFDQTkzQ0E0NkEwMUNEM0VFMzBBRjhFMThGNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMnn2CheT2C25UNiakjlCEl2Mr
6yBeH+exoa3xR090TBDCeAJtVy06lBWl5Qf8sGoNi1O+YZ1iFMAjmz4a7kQZLBe+
JiqO9qyvi8ALZ9+83pteFU2WLtajQkhvU46Zihcf87Pl4yO1/Xxcrq/F5iZZkz66
qth0GJvElkX20jN2+w+ro+1WvP8U3ZpMq2Zdr85OAV5venM3kvTy43kA3Yy8TS3S
mM/2Ajs3EMEF8LNRSEeBgGTXnqqeoJ/Y+lueaobMbhZguATu2qTCpmf6pDxfe0Yh
ItnOakjEj8reIOyu3+TNEGmw/LaV7eir3h3csF/9ZM0YjAwdJbGiSZEd8K1FAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUOIqFgfZKHKk8pGoBzT7jCvjhj3IwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDk2OTMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
CVTGUDANBgkqhkiG9w0BAQsFAAOCAQEAOd18RH405KWYuCzELMjQ3gedN3LUo13a
3+fkOYn50WSzv2a6xjf9Q8J4bvkhE18QrGF9yVuXSiboGsBw9zxaLYzs8gDzuOu1
nG//3h1yGn3paQRQdVuWuXR9MQCMosl7cFYGb4SpvqU36kVUttPP20+tcCSpcH2N
VLbk7NPWkI3OAyDv8G4lDhn5gs+3fUMfpaAfR7IltgOPptwXkaK9/X1wLxpH2KKR
QTQfH6yBiZh+O5WtV79h3nUyOsvzicvnxCDL/tjPXwLNGgoqQDYY/G09cPf2HLsU
tKQexw/GaZXCBx8jBEtTf5iqE91/gEy2ywXKqBqYO8oxgsjeSN2GQw==
-----END CERTIFICATE-----