Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS395878.roa
File:                     AS395878.roa (raw, json)
Hash identifier:          /unhF7qr5gWsmEt1bJuQyCz+ivK/39zRYl9xvvjlDgw=
Subject key identifier:   2D:B8:3B:2F:97:E2:3C:16:5A:0D:32:7F:37:DA:92:D0:A2:90:66:3A
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       167AE9933AF90091DBBE2356AD1755ED6ADE497C
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS395878.roa
Signing time:             Thu 02 Oct 2025 09:51:05 +0000
ROA not before:           Thu 02 Oct 2025 09:46:05 +0000
ROA not after:            Thu 01 Oct 2026 09:51:05 +0000
asID:                     395878
IP address blocks:        2a0f:6283:8000::/34 maxlen: 34
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 03:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:7a:e9:93:3a:f9:00:91:db:be:23:56:ad:17:55:ed:6a:de:49:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Oct  2 09:46:05 2025 GMT
            Not After : Oct  1 09:51:05 2026 GMT
        Subject: CN=2DB83B2F97E23C165A0D327F37DA92D0A290663A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:8f:be:f1:02:0b:8f:21:e9:43:23:0f:35:67:
                    7f:3e:4f:f1:0c:9d:80:1e:6c:38:50:b4:78:df:de:
                    69:1c:ba:21:0f:85:94:3c:0e:4d:5a:c2:6d:ba:a8:
                    b3:65:c2:ed:76:f5:04:1c:ea:01:4c:ec:b0:99:41:
                    73:d6:1b:7f:a8:f4:46:12:d0:ac:75:6a:49:f3:98:
                    72:62:53:80:09:04:dc:20:66:6b:ea:24:16:5c:66:
                    0e:36:66:1c:08:c4:92:43:56:84:d3:ed:62:54:6c:
                    d6:5c:f8:51:ed:98:0d:45:2e:e6:42:84:f7:d4:d4:
                    fe:cd:87:34:5e:fe:c3:0f:56:c6:0e:c7:8f:c0:97:
                    ce:60:07:be:18:d6:9a:14:5e:fa:fb:93:55:b4:03:
                    60:79:71:26:eb:39:03:86:b9:72:18:63:78:a0:f6:
                    c8:ad:26:40:14:84:65:78:41:89:fb:b9:2c:ac:ee:
                    8b:40:a4:a6:07:b9:e4:67:39:3d:bc:4a:58:64:f3:
                    da:38:0f:d6:cc:ec:bc:9d:73:08:58:f3:85:57:96:
                    bc:4c:e7:d1:4c:b5:af:88:12:44:9e:9c:2e:eb:84:
                    df:75:c2:80:83:2d:87:c7:ae:24:92:ac:9a:e0:c3:
                    bd:c4:19:66:15:32:72:06:fb:95:af:cd:ef:d7:11:
                    51:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B8:3B:2F:97:E2:3C:16:5A:0D:32:7F:37:DA:92:D0:A2:90:66:3A
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS395878.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6283:8000::/34

    Signature Algorithm: sha256WithRSAEncryption
         63:00:cc:77:86:94:83:83:26:93:3b:84:73:66:3e:a9:a7:c1:
         b1:09:3f:1e:8a:2f:ab:5d:16:e5:6d:88:cd:14:07:9a:bc:13:
         8f:70:ad:0c:ab:3e:a6:ec:4c:af:01:68:db:fb:a7:a2:a3:c5:
         37:fb:17:e9:cb:ce:99:91:40:2c:8f:f6:14:0e:3b:5e:03:67:
         47:cf:3c:d8:9e:1a:ef:65:0f:06:99:fa:31:30:18:ca:b3:ae:
         af:3e:2c:88:e2:f9:59:a1:c8:18:aa:0d:11:49:73:cc:74:3a:
         a2:4b:cf:ed:7c:8f:5e:87:86:a1:82:e7:84:9d:1b:3d:e3:91:
         84:ca:a5:32:1a:4a:6b:49:f0:9f:0d:fb:61:14:84:72:b4:8e:
         e7:54:16:e9:89:5c:8c:92:90:2a:27:9b:6f:98:3c:02:5c:39:
         0c:58:91:6b:89:09:ee:b5:fe:85:a3:52:13:1a:c3:12:d6:a2:
         6b:46:eb:c9:33:f4:5c:e0:44:17:9c:e6:29:5f:bc:0f:f6:b4:
         fa:58:12:5e:6f:7b:70:40:b6:02:1d:31:8b:1b:c7:87:7c:be:
         dc:de:2e:5f:4d:8e:e3:95:31:b9:7c:8e:5b:02:e0:ba:9c:a7:
         be:f8:d0:4a:f5:a7:21:6f:92:cd:ba:7f:a4:cd:70:b3:d3:6e:
         58:b1:21:b8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUFnrpkzr5AJHbviNWrRdV7WreSXwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTEwMDIwOTQ2MDVaFw0yNjEwMDEwOTUxMDVaMDMxMTAvBgNV
BAMTKDJEQjgzQjJGOTdFMjNDMTY1QTBEMzI3RjM3REE5MkQwQTI5MDY2M0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoj77xAguPIelDIw81Z38+T/EM
nYAebDhQtHjf3mkcuiEPhZQ8Dk1awm26qLNlwu129QQc6gFM7LCZQXPWG3+o9EYS
0Kx1aknzmHJiU4AJBNwgZmvqJBZcZg42ZhwIxJJDVoTT7WJUbNZc+FHtmA1FLuZC
hPfU1P7NhzRe/sMPVsYOx4/Al85gB74Y1poUXvr7k1W0A2B5cSbrOQOGuXIYY3ig
9sitJkAUhGV4QYn7uSys7otApKYHueRnOT28Slhk89o4D9bM7LydcwhY84VXlrxM
59FMta+IEkSenC7rhN91woCDLYfHriSSrJrgw73EGWYVMnIG+5Wvze/XEVG1AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQULbg7L5fiPBZaDTJ/N9qS0KKQZjowHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMzOTU4Nzgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgYq
D2KDgDANBgkqhkiG9w0BAQsFAAOCAQEAYwDMd4aUg4MmkzuEc2Y+qafBsQk/Hoov
q10W5W2IzRQHmrwTj3CtDKs+puxMrwFo2/unoqPFN/sX6cvOmZFALI/2FA47XgNn
R8882J4a72UPBpn6MTAYyrOurz4siOL5WaHIGKoNEUlzzHQ6okvP7XyPXoeGoYLn
hJ0bPeORhMqlMhpKa0nwnw37YRSEcrSO51QW6YlcjJKQKiebb5g8Alw5DFiRa4kJ
7rX+haNSExrDEtaia0bryTP0XOBEF5zmKV+8D/a0+lgSXm97cEC2Ah0xixvHh3y+
3N4uX02O45UxuXyOWwLgupynvvjQSvWnIW+Szbp/pM1ws9NuWLEhuA==
-----END CERTIFICATE-----