Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS209737.roa
File:                     AS209737.roa (raw, json)
Hash identifier:          auk6lVoX52gZvM3gTogZLgAKER5u29+iS+sJgEwplHo=
Subject key identifier:   E6:DB:3C:D0:36:D7:80:37:5E:3C:AC:11:D9:6D:F7:C3:41:75:E4:C8
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       30174142CDDB9B284BADC51DC7A3F5156E7D8D56
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS209737.roa
Signing time:             Thu 03 Jul 2025 15:53:04 +0000
ROA not before:           Thu 03 Jul 2025 15:48:04 +0000
ROA not after:            Thu 02 Jul 2026 15:53:04 +0000
asID:                     209737
IP address blocks:        2a05:dfc3:fd23::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:17:41:42:cd:db:9b:28:4b:ad:c5:1d:c7:a3:f5:15:6e:7d:8d:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:04 2025 GMT
            Not After : Jul  2 15:53:04 2026 GMT
        Subject: CN=E6DB3CD036D780375E3CAC11D96DF7C34175E4C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:1a:60:96:a1:ed:cf:9f:56:72:2b:0a:f3:cd:
                    42:2f:10:6b:a9:61:8e:2c:84:8f:57:94:53:2e:ea:
                    de:fa:e1:68:a4:cd:97:7e:55:a1:42:5c:ae:39:ad:
                    0b:6b:70:b3:ae:0e:22:02:3d:0f:21:1e:0d:00:fc:
                    ec:fa:06:04:2d:98:88:7f:be:39:6c:04:6a:c2:1f:
                    d2:58:63:da:27:f1:fa:7f:db:57:07:5e:9d:f3:37:
                    e3:41:77:2f:70:0f:d0:11:23:c5:67:d0:a3:0e:0f:
                    4b:74:90:3a:36:d6:ac:9e:af:9d:97:76:d7:e6:17:
                    d1:2c:c1:0b:9a:fc:87:b1:7d:bd:ef:41:40:09:f8:
                    1c:23:d1:db:2a:73:a0:f1:84:90:6d:2a:29:e8:b7:
                    54:c1:be:d1:2b:09:43:4a:a3:09:52:ef:6e:1b:07:
                    83:ea:23:5d:f7:da:a2:0a:a4:b3:fc:be:87:cb:18:
                    79:5b:7c:d4:15:15:21:6d:12:76:71:39:91:10:bb:
                    3b:f9:af:ca:e8:31:b8:a3:95:5a:1e:17:29:ec:c6:
                    2d:ee:00:86:46:bd:1b:af:3c:f6:93:b1:d3:98:3c:
                    c5:f0:c7:53:cd:7a:84:51:29:03:4c:1c:6d:9b:25:
                    9a:a1:28:10:91:75:3f:c0:ee:00:dd:6a:d6:ef:f3:
                    b3:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:DB:3C:D0:36:D7:80:37:5E:3C:AC:11:D9:6D:F7:C3:41:75:E4:C8
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS209737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3:fd23::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:f2:77:91:cd:7e:ea:9c:30:1b:d6:44:68:c5:7f:0c:17:dd:
         72:89:c6:14:4f:04:05:37:4e:6f:e0:a4:10:16:c6:66:26:b2:
         30:86:8d:29:07:bc:68:8e:17:7d:de:67:7f:0b:1f:cd:64:9a:
         2e:bb:09:f7:d9:ac:a3:7c:77:fe:44:4b:c4:ab:30:3f:50:55:
         c4:d2:7f:58:b2:00:42:f3:b7:c5:82:42:14:fe:4f:d9:c9:eb:
         28:e2:a9:15:e9:ea:28:15:a7:bc:75:c8:ac:c8:1b:ef:54:c8:
         ff:58:60:64:12:2a:34:04:2d:90:7a:3c:92:fe:dc:10:49:a9:
         74:4c:9e:06:33:e0:7d:5a:d0:15:e8:48:be:0d:73:3a:26:00:
         91:76:cf:af:a7:bb:a8:e7:1c:b7:05:50:21:77:39:db:07:f3:
         cd:47:43:6d:5e:b0:8d:67:f9:fb:6d:dc:c3:d6:89:18:70:e3:
         a3:4e:39:78:62:b0:83:44:50:d2:cb:76:21:27:5a:2e:c4:95:
         a9:89:d7:b9:c5:79:d7:4b:85:91:6a:bd:ea:7d:2e:d1:3c:7d:
         7c:68:ee:f6:17:7c:c7:80:cb:cd:cd:db:5d:91:85:9e:fb:61:
         aa:ec:51:4a:61:72:8a:2a:23:ff:63:45:5d:0c:37:01:60:5f:
         82:37:a8:2a
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUMBdBQs3bmyhLrcUdx6P1FW59jVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDRaFw0yNjA3MDIxNTUzMDRaMDMxMTAvBgNV
BAMTKEU2REIzQ0QwMzZENzgwMzc1RTNDQUMxMUQ5NkRGN0MzNDE3NUU0QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkGmCWoe3Pn1ZyKwrzzUIvEGup
YY4shI9XlFMu6t764WikzZd+VaFCXK45rQtrcLOuDiICPQ8hHg0A/Oz6BgQtmIh/
vjlsBGrCH9JYY9on8fp/21cHXp3zN+NBdy9wD9ARI8Vn0KMOD0t0kDo21qyer52X
dtfmF9EswQua/Iexfb3vQUAJ+Bwj0dsqc6DxhJBtKinot1TBvtErCUNKowlS724b
B4PqI1332qIKpLP8vofLGHlbfNQVFSFtEnZxOZEQuzv5r8roMbijlVoeFynsxi3u
AIZGvRuvPPaTsdOYPMXwx1PNeoRRKQNMHG2bJZqhKBCRdT/A7gDdatbv87ODAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQU5ts80DbXgDdePKwR2W33w0F15MgwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDk3Mzcucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
Bd/D/SMwDQYJKoZIhvcNAQELBQADggEBAIbyd5HNfuqcMBvWRGjFfwwX3XKJxhRP
BAU3Tm/gpBAWxmYmsjCGjSkHvGiOF33eZ38LH81kmi67CffZrKN8d/5ES8SrMD9Q
VcTSf1iyAELzt8WCQhT+T9nJ6yjiqRXp6igVp7x1yKzIG+9UyP9YYGQSKjQELZB6
PJL+3BBJqXRMngYz4H1a0BXoSL4NczomAJF2z6+nu6jnHLcFUCF3OdsH881HQ21e
sI1n+ftt3MPWiRhw46NOOXhisINEUNLLdiEnWi7ElamJ17nFeddLhZFqvep9LtE8
fXxo7vYXfMeAy83N212RhZ77YarsUUphcooqI/9jRV0MNwFgX4I3qCo=
-----END CERTIFICATE-----