Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS209866.roa
File:                     AS209866.roa (raw, json)
Hash identifier:          2ry6UzKFe/YU5SLqM314VIxOCyJrd1N4hrkxeXYqr4Y=
Subject key identifier:   52:8C:0C:A3:3D:8C:DA:76:E2:E4:78:95:C9:0E:24:47:25:5F:43:69
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       5C483BD54E46947973E5D5E4796850F0BBEA4432
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS209866.roa
Signing time:             Tue 04 Nov 2025 16:14:49 +0000
ROA not before:           Tue 04 Nov 2025 16:09:49 +0000
ROA not after:            Tue 03 Nov 2026 16:14:49 +0000
asID:                     209866
IP address blocks:        2a0f:6284:1eee::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Nov 2025 03:05:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:48:3b:d5:4e:46:94:79:73:e5:d5:e4:79:68:50:f0:bb:ea:44:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Nov  4 16:09:49 2025 GMT
            Not After : Nov  3 16:14:49 2026 GMT
        Subject: CN=528C0CA33D8CDA76E2E47895C90E2447255F4369
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f3:f0:ee:63:8d:7f:33:37:04:fd:54:ed:eb:
                    7a:d0:62:7f:f7:d4:25:0f:9b:af:5f:9c:f3:12:03:
                    c2:0d:1e:84:16:dd:96:95:03:e4:7e:53:ce:2c:cd:
                    cb:71:82:8f:11:8d:da:17:36:b2:c2:43:23:e9:36:
                    3c:cd:72:f0:d5:5c:a2:04:4e:7c:29:53:80:f4:32:
                    b6:c2:f1:ed:e1:9c:2a:fb:67:4d:58:1b:b6:40:db:
                    93:fc:b7:47:ca:ec:b5:2f:09:ae:73:29:a7:aa:9f:
                    d6:01:d8:08:e9:96:8a:87:4b:e1:ab:55:cc:9a:8e:
                    8d:f0:3b:75:36:05:18:cc:6d:d0:01:6c:e4:91:7b:
                    15:e4:6c:63:f6:8e:7d:64:fd:c3:c8:b3:fc:13:d9:
                    d4:a2:72:ef:a1:2e:31:39:48:7a:57:e1:03:44:b5:
                    2f:a1:b1:e6:37:9f:15:b4:2d:64:a7:2a:53:85:45:
                    16:63:ac:6a:d2:c9:03:24:0e:e6:e3:e9:bf:82:ac:
                    af:85:d6:fd:f6:98:cc:df:1c:96:cf:95:1c:20:74:
                    5c:93:63:0d:ff:14:d5:8f:3e:53:7b:80:95:ae:09:
                    36:4f:31:67:c1:e6:29:93:a7:7c:fc:6d:86:70:c4:
                    3e:29:c3:c5:26:f0:16:93:d7:b3:63:bd:e0:35:36:
                    a4:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:8C:0C:A3:3D:8C:DA:76:E2:E4:78:95:C9:0E:24:47:25:5F:43:69
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS209866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:1eee::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:44:2f:fb:a0:bb:49:7e:b5:b4:e3:44:7c:0a:1d:d9:a6:50:
         c7:eb:d0:12:36:3e:b9:85:8f:38:28:71:20:dd:d1:4a:7a:29:
         88:90:f5:9e:df:fd:8d:0f:1a:41:52:5b:e6:82:18:67:23:1f:
         1c:93:03:b2:63:da:14:0b:b2:78:04:7d:31:a8:c3:9b:c6:13:
         d1:fd:9b:a3:0a:32:b5:58:23:b1:62:c7:06:71:91:86:62:4a:
         dc:84:0f:52:32:d8:71:14:dc:b5:25:93:f8:7a:ca:9b:e7:76:
         dc:23:07:95:15:f7:f8:53:bb:db:fd:fe:ce:ee:be:50:8c:db:
         97:09:2f:70:6e:34:6c:24:d5:2c:f1:dd:d8:e3:fb:63:d0:b4:
         da:68:d2:10:96:65:62:be:37:1d:63:09:42:13:5b:fd:86:c0:
         69:1d:26:b5:4c:b3:d6:3a:a2:ec:a4:39:4f:5b:c2:42:d8:84:
         02:5b:37:ea:ea:01:fb:c3:4c:2b:92:3c:b5:67:c3:1f:ad:75:
         09:e7:48:4b:f7:92:b4:fd:27:ad:a7:2e:3c:19:7f:3b:2c:91:
         e1:6f:d4:fd:89:e5:8d:2c:20:08:36:76:aa:bb:d5:2d:de:78:
         1c:ec:e4:ed:a2:dd:35:09:81:11:10:f8:7c:b3:ee:cb:3b:49:
         b5:fe:4f:39
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUXEg71U5GlHlz5dXkeWhQ8LvqRDIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTExMDQxNjA5NDlaFw0yNjExMDMxNjE0NDlaMDMxMTAvBgNV
BAMTKDUyOEMwQ0EzM0Q4Q0RBNzZFMkU0Nzg5NUM5MEUyNDQ3MjU1RjQzNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu8/DuY41/MzcE/VTt63rQYn/3
1CUPm69fnPMSA8INHoQW3ZaVA+R+U84szctxgo8RjdoXNrLCQyPpNjzNcvDVXKIE
TnwpU4D0MrbC8e3hnCr7Z01YG7ZA25P8t0fK7LUvCa5zKaeqn9YB2AjploqHS+Gr
Vcyajo3wO3U2BRjMbdABbOSRexXkbGP2jn1k/cPIs/wT2dSicu+hLjE5SHpX4QNE
tS+hseY3nxW0LWSnKlOFRRZjrGrSyQMkDubj6b+CrK+F1v32mMzfHJbPlRwgdFyT
Yw3/FNWPPlN7gJWuCTZPMWfB5imTp3z8bYZwxD4pw8Um8BaT17NjveA1NqRrAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUUowMoz2M2nbi5HiVyQ4kRyVfQ2kwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDk4NjYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
D2KEHu4wDQYJKoZIhvcNAQELBQADggEBAGVEL/ugu0l+tbTjRHwKHdmmUMfr0BI2
PrmFjzgocSDd0Up6KYiQ9Z7f/Y0PGkFSW+aCGGcjHxyTA7Jj2hQLsngEfTGow5vG
E9H9m6MKMrVYI7FixwZxkYZiStyED1Iy2HEU3LUlk/h6ypvndtwjB5UV9/hTu9v9
/s7uvlCM25cJL3BuNGwk1Szx3djj+2PQtNpo0hCWZWK+Nx1jCUITW/2GwGkdJrVM
s9Y6ouykOU9bwkLYhAJbN+rqAfvDTCuSPLVnwx+tdQnnSEv3krT9J62nLjwZfzss
keFv1P2J5Y0sIAg2dqq71S3eeBzs5O2i3TUJgREQ+Hyz7ss7SbX+Tzk=
-----END CERTIFICATE-----