Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS396968.roa
File:                     AS396968.roa (raw, json)
Hash identifier:          YF3Y6c+h/BH7YOdBa+3Ax8n59ytXrS/pb4YWH8LLtRo=
Subject key identifier:   1F:63:1F:F2:DA:F8:3D:FB:73:60:78:38:3A:EF:98:E6:89:8C:C5:88
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       3A5E458916C8B7C2209FABEE1B04E8BBBA980D9D
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS396968.roa
Signing time:             Tue 02 Sep 2025 09:29:42 +0000
ROA not before:           Tue 02 Sep 2025 09:24:42 +0000
ROA not after:            Tue 01 Sep 2026 09:29:42 +0000
asID:                     396968
IP address blocks:        2a0f:6287:e000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:5e:45:89:16:c8:b7:c2:20:9f:ab:ee:1b:04:e8:bb:ba:98:0d:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Sep  2 09:24:42 2025 GMT
            Not After : Sep  1 09:29:42 2026 GMT
        Subject: CN=1F631FF2DAF83DFB736078383AEF98E6898CC588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5c:97:ac:0a:4c:4a:0d:f2:d3:ca:00:97:04:
                    6d:15:4a:c7:49:e6:9c:f8:6b:e1:b8:ed:c2:28:a1:
                    66:ec:17:d5:6c:af:83:7e:d1:0c:74:2b:c3:2f:f6:
                    2a:85:b9:18:bd:df:4a:00:3b:f6:ef:45:8c:0e:74:
                    43:4d:11:a3:d2:92:03:a2:1a:80:09:1a:b7:58:8c:
                    c8:63:8d:8e:05:a2:98:9b:72:b9:c0:9b:95:19:c7:
                    78:1a:cb:42:09:80:c4:e7:49:e0:0f:64:71:ae:5c:
                    42:72:36:38:91:94:dd:c0:19:b5:b2:82:d8:bb:30:
                    34:e6:57:81:91:93:95:f4:a6:20:0d:55:3f:5e:4c:
                    09:31:9e:3f:6c:29:77:ea:b4:3c:c5:27:71:fd:68:
                    39:93:c4:a1:f7:e9:a0:a3:ca:e0:55:3b:1e:58:3b:
                    d7:42:c3:1e:58:10:66:e3:02:81:0d:f5:0c:54:f0:
                    60:9e:4b:b8:f8:66:ae:d6:df:68:b8:e9:e9:28:26:
                    f6:f0:e9:e1:bc:ef:36:e2:64:23:16:a0:7a:b4:b5:
                    21:43:9f:b2:39:ea:4e:94:e2:29:a4:ba:4e:38:50:
                    6d:81:9f:82:35:fe:c2:10:2c:d2:a8:f9:98:63:13:
                    49:d5:c7:6b:db:0a:ae:6f:e7:84:08:bb:1f:15:ca:
                    80:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:63:1F:F2:DA:F8:3D:FB:73:60:78:38:3A:EF:98:E6:89:8C:C5:88
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS396968.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6287:e000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7c:9d:cf:1d:86:e0:77:b2:a7:17:a5:cd:ed:d3:6f:cb:80:ed:
         88:38:30:13:48:5e:3a:b0:15:54:e4:e1:dd:6d:2d:4e:1c:2f:
         c6:d2:12:a9:c8:cb:54:ce:b7:84:3e:96:64:86:bd:96:8d:74:
         78:94:22:07:e1:41:c2:c6:3d:d2:6d:ea:0e:e9:13:13:55:0c:
         73:4e:77:5c:57:71:66:dc:35:30:0f:27:76:9d:4f:5d:ad:98:
         96:c4:62:fb:35:1e:59:b8:bd:cf:cb:2e:40:9f:01:71:9f:d0:
         2f:be:a2:d9:1a:e4:ce:7d:2d:49:b7:3b:b4:84:88:a4:ce:cc:
         9b:64:99:29:a3:64:90:2b:47:7c:c1:b8:31:79:25:ca:43:1c:
         33:b2:20:1e:4b:6b:d6:1b:a6:48:49:d7:34:9b:c4:9c:b6:38:
         a2:33:4f:a8:97:a2:fc:09:6a:5c:1c:a6:c0:f9:d3:71:43:1f:
         a1:29:8e:b8:93:a3:e8:42:bc:06:3b:42:68:fc:28:44:8b:fa:
         0b:68:a4:6f:83:36:08:19:18:09:ad:92:f7:20:2b:6a:bf:c7:
         84:85:d1:29:60:82:d7:00:46:dc:bd:d1:47:e9:de:97:02:ec:
         cc:da:39:87:49:53:9f:5c:fa:c4:cb:f0:da:ab:fb:31:89:96:
         95:91:33:cf
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUOl5FiRbIt8Ign6vuGwTou7qYDZ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA5MDIwOTI0NDJaFw0yNjA5MDEwOTI5NDJaMDMxMTAvBgNV
BAMTKDFGNjMxRkYyREFGODNERkI3MzYwNzgzODNBRUY5OEU2ODk4Q0M1ODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgXJesCkxKDfLTygCXBG0VSsdJ
5pz4a+G47cIooWbsF9Vsr4N+0Qx0K8Mv9iqFuRi930oAO/bvRYwOdENNEaPSkgOi
GoAJGrdYjMhjjY4FopibcrnAm5UZx3gay0IJgMTnSeAPZHGuXEJyNjiRlN3AGbWy
gti7MDTmV4GRk5X0piANVT9eTAkxnj9sKXfqtDzFJ3H9aDmTxKH36aCjyuBVOx5Y
O9dCwx5YEGbjAoEN9QxU8GCeS7j4Zq7W32i46ekoJvbw6eG87zbiZCMWoHq0tSFD
n7I56k6U4imkuk44UG2Bn4I1/sIQLNKo+ZhjE0nVx2vbCq5v54QIux8VyoD3AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUH2Mf8tr4PftzYHg4Ou+Y5omMxYgwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMzOTY5Njgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
D2KH4DANBgkqhkiG9w0BAQsFAAOCAQEAfJ3PHYbgd7KnF6XN7dNvy4DtiDgwE0he
OrAVVOTh3W0tThwvxtISqcjLVM63hD6WZIa9lo10eJQiB+FBwsY90m3qDukTE1UM
c053XFdxZtw1MA8ndp1PXa2YlsRi+zUeWbi9z8suQJ8BcZ/QL76i2Rrkzn0tSbc7
tISIpM7Mm2SZKaNkkCtHfMG4MXklykMcM7IgHktr1humSEnXNJvEnLY4ojNPqJei
/AlqXBymwPnTcUMfoSmOuJOj6EK8BjtCaPwoRIv6C2ikb4M2CBkYCa2S9yArar/H
hIXRKWCC1wBG3L3RR+nelwLszNo5h0lTn1z6xMvw2qv7MYmWlZEzzw==
-----END CERTIFICATE-----