Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS209866.roa
File:                     AS209866.roa (raw, json)
Hash identifier:          b5w1m9DHRYz+HRB1E7bM5g25Q2A9DUbMMaSV4bC9jA0=
Subject key identifier:   D2:50:86:F1:07:D8:7F:64:66:12:9C:55:65:B9:4D:DD:6D:80:01:2F
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       694232FCDDB834E892B62ADCB4D03BA86706AFBB
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS209866.roa
Signing time:             Thu 28 May 2026 10:01:04 +0000
ROA not before:           Thu 28 May 2026 09:56:04 +0000
ROA not after:            Thu 27 May 2027 10:01:04 +0000
asID:                     209866
IP address blocks:        2a0f:6282:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 04:35:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:42:32:fc:dd:b8:34:e8:92:b6:2a:dc:b4:d0:3b:a8:67:06:af:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: May 28 09:56:04 2026 GMT
            Not After : May 27 10:01:04 2027 GMT
        Subject: CN=D25086F107D87F6466129C5565B94DDD6D80012F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e2:f7:5f:63:0b:ee:03:50:fb:ab:12:ce:12:
                    21:16:2b:0f:3f:7d:14:2e:23:69:b2:84:21:27:a3:
                    bc:71:c9:22:d8:1d:43:25:73:b6:08:de:01:7e:4e:
                    e5:52:ce:98:fd:11:19:1e:dd:24:71:cd:fb:a3:41:
                    99:9a:d3:11:22:36:9d:3b:a3:f8:59:53:e9:5f:fe:
                    e6:00:39:86:29:59:09:4e:c8:c2:46:6a:f8:ec:15:
                    1d:6d:f4:cc:db:22:a4:a2:d9:d9:2f:cf:5c:0c:22:
                    1d:4f:7a:cd:47:7d:4a:ed:65:cb:13:65:3d:a6:51:
                    f7:b2:61:40:8a:3e:3b:85:d8:37:5f:6e:52:f2:46:
                    e9:e8:ac:bd:7b:34:11:c6:56:c7:fc:94:e0:1e:28:
                    57:10:6f:5f:38:fd:64:f2:64:52:68:a1:0b:de:6b:
                    ad:9c:4d:fa:ad:c2:11:9b:6f:2c:87:a1:0d:ae:3e:
                    bc:c9:1a:d6:96:f8:34:f9:f2:b2:15:da:3f:9a:f3:
                    d3:c5:ef:de:b1:d1:b3:a8:49:46:61:b9:cc:77:fe:
                    a6:ba:d6:88:13:cd:8b:bc:33:53:81:bd:9f:42:d0:
                    fc:f2:b3:d3:7d:4c:62:84:6f:52:b5:b0:46:3b:50:
                    27:00:b5:81:0a:f4:12:8d:62:9a:03:9c:9e:67:ae:
                    2f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:50:86:F1:07:D8:7F:64:66:12:9C:55:65:B9:4D:DD:6D:80:01:2F
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS209866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6282:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         79:c0:31:da:ec:ff:5c:f6:bf:62:a6:7f:05:40:69:5e:b6:e8:
         f5:75:44:75:5e:d7:50:b7:9f:ec:6e:d0:95:05:81:40:ec:fc:
         c1:2c:6a:ff:59:aa:ef:fb:df:57:f3:9e:38:e5:5d:1a:24:68:
         97:f0:4b:bc:42:65:7a:17:f1:48:94:57:7c:5a:10:10:08:f2:
         d4:78:a7:00:02:53:84:f8:b7:ac:08:87:50:a9:2b:44:9d:6b:
         fe:a3:c4:5e:46:50:60:d2:34:43:b8:49:9b:a2:74:69:1d:c2:
         02:3c:fd:96:11:5f:0d:88:f0:c3:aa:b7:f1:07:af:c3:92:c4:
         af:36:0c:1f:46:a9:2c:52:75:15:d7:96:d1:6e:a7:47:b3:55:
         c1:11:f4:35:ce:3e:e5:5f:ea:85:d3:3b:34:8c:69:d9:50:5e:
         92:78:63:29:c3:7b:be:01:93:af:83:7d:9e:50:b4:15:b1:af:
         29:89:28:d8:47:aa:4d:5f:e7:97:8f:ec:32:f3:e4:66:0f:05:
         30:1a:d7:8d:e3:1b:3e:90:fd:33:5a:89:cf:c2:13:7f:f0:14:
         ab:72:2f:ef:f9:10:f8:c9:17:07:c8:ae:71:5f:b2:ff:52:79:
         cb:50:3e:be:8f:2d:08:d6:13:88:b8:5e:df:86:4f:eb:02:24:
         79:08:92:04
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUaUIy/N24NOiStirctNA7qGcGr7swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA1MjgwOTU2MDRaFw0yNzA1MjcxMDAxMDRaMDMxMTAvBgNV
BAMTKEQyNTA4NkYxMDdEODdGNjQ2NjEyOUM1NTY1Qjk0RERENkQ4MDAxMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR4vdfYwvuA1D7qxLOEiEWKw8/
fRQuI2myhCEno7xxySLYHUMlc7YI3gF+TuVSzpj9ERke3SRxzfujQZma0xEiNp07
o/hZU+lf/uYAOYYpWQlOyMJGavjsFR1t9MzbIqSi2dkvz1wMIh1Pes1HfUrtZcsT
ZT2mUfeyYUCKPjuF2DdfblLyRunorL17NBHGVsf8lOAeKFcQb184/WTyZFJooQve
a62cTfqtwhGbbyyHoQ2uPrzJGtaW+DT58rIV2j+a89PF796x0bOoSUZhucx3/qa6
1ogTzYu8M1OBvZ9C0Pzys9N9TGKEb1K1sEY7UCcAtYEK9BKNYpoDnJ5nri87AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQU0lCG8QfYf2RmEpxVZblN3W2AAS8wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDk4NjYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
D2KCIDANBgkqhkiG9w0BAQsFAAOCAQEAecAx2uz/XPa/YqZ/BUBpXrbo9XVEdV7X
ULef7G7QlQWBQOz8wSxq/1mq7/vfV/OeOOVdGiRol/BLvEJlehfxSJRXfFoQEAjy
1HinAAJThPi3rAiHUKkrRJ1r/qPEXkZQYNI0Q7hJm6J0aR3CAjz9lhFfDYjww6q3
8Qevw5LErzYMH0apLFJ1FdeW0W6nR7NVwRH0Nc4+5V/qhdM7NIxp2VBeknhjKcN7
vgGTr4N9nlC0FbGvKYko2EeqTV/nl4/sMvPkZg8FMBrXjeMbPpD9M1qJz8ITf/AU
q3Iv7/kQ+MkXB8iucV+y/1J5y1A+vo8tCNYTiLhe34ZP6wIkeQiSBA==
-----END CERTIFICATE-----