Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS396968.roa
File:                     AS396968.roa (raw, json)
Hash identifier:          XfQNwPHBT2xt4gxV5ye7XHDilEQqbv1dFwC0UteBF7I=
Subject key identifier:   0D:20:EF:42:0B:68:39:2F:39:29:DC:25:F3:40:AE:3A:54:35:76:04
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       5027B59F7EB6F83CFC58765EAC3642C2010972AC
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS396968.roa
Signing time:             Sun 28 Jun 2026 18:55:50 +0000
ROA not before:           Sun 28 Jun 2026 18:50:50 +0000
ROA not after:            Sun 27 Jun 2027 18:55:50 +0000
asID:                     396968
IP address blocks:        2a0f:6287:e000::/36 maxlen: 36
                          2a0f:6287:f000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Jul 2026 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:27:b5:9f:7e:b6:f8:3c:fc:58:76:5e:ac:36:42:c2:01:09:72:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jun 28 18:50:50 2026 GMT
            Not After : Jun 27 18:55:50 2027 GMT
        Subject: CN=0D20EF420B68392F3929DC25F340AE3A54357604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:03:82:32:ac:e3:c7:06:28:1f:3d:d1:3e:e3:
                    0c:a3:e6:a3:56:b6:49:9b:46:8f:8b:71:02:f2:f9:
                    30:93:57:77:2b:a5:e2:40:53:06:2f:35:3b:2d:4b:
                    31:28:22:7a:32:8f:5f:8f:82:2a:d6:30:30:c2:9a:
                    09:83:c1:be:a9:3e:bf:75:11:15:bf:56:bb:62:21:
                    22:53:36:14:9c:82:05:0c:13:d8:58:3a:f9:23:52:
                    ff:76:6f:99:ad:50:c6:f0:71:be:62:5d:3d:1a:e0:
                    ea:d7:1a:d4:7e:94:fe:28:f7:da:8f:95:71:02:3c:
                    58:d8:3b:f3:21:90:91:b8:08:f5:aa:91:a9:c6:7c:
                    1e:c7:4f:0e:b5:41:3f:cc:24:e4:de:f8:06:64:4b:
                    b0:bd:e8:70:86:54:d5:d8:d7:55:53:4c:28:14:2d:
                    e3:2b:88:94:7e:96:2a:93:0c:ec:26:52:7d:54:b9:
                    7b:72:22:e5:f6:1f:e6:b0:41:44:45:5a:62:4e:1f:
                    29:f1:76:f2:b4:27:cf:95:da:10:75:af:2d:9d:b4:
                    4b:f1:1e:ee:97:7c:d1:29:fb:50:d4:e5:a2:af:93:
                    2a:02:fb:fb:77:d9:d3:d5:65:04:92:49:3c:27:6d:
                    17:ec:d6:f8:2a:82:53:a5:f9:d0:cd:a9:e6:b2:07:
                    e6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:20:EF:42:0B:68:39:2F:39:29:DC:25:F3:40:AE:3A:54:35:76:04
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS396968.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6287:e000::/35

    Signature Algorithm: sha256WithRSAEncryption
         3e:fd:9f:0e:09:53:dc:54:14:36:27:f5:8e:56:e9:a3:17:97:
         06:62:64:50:74:67:7e:4b:82:65:48:28:47:4c:b8:d1:fa:f0:
         20:96:00:b6:30:7d:00:2a:0e:ef:37:22:c0:ab:ae:e9:66:9e:
         2c:fc:02:8c:e3:bd:55:ba:8e:29:7f:86:2e:e3:12:5c:d4:5d:
         60:38:b0:c7:02:5c:d6:96:1b:37:33:88:64:68:11:e1:6f:3c:
         4c:98:46:a6:e9:7c:41:71:af:2e:9b:4b:37:42:8e:51:54:4a:
         6c:4c:cf:9f:5f:37:9b:f5:01:fe:59:13:2e:ee:97:ac:58:ca:
         f8:57:32:d1:bf:ac:d0:c0:1d:29:8f:a2:5e:f9:4e:ac:9e:4f:
         2a:17:a2:39:c9:04:27:28:4c:4f:ff:2e:e0:5f:73:78:43:be:
         36:50:5b:f9:61:e6:bc:ef:d4:32:c9:db:f6:3b:5e:71:e2:4f:
         c1:a2:9f:a5:a0:03:0f:a6:08:10:ba:ba:47:85:17:a5:1f:a9:
         e0:3b:0e:67:09:57:bd:3f:f8:5b:5f:25:4a:8d:6a:96:c8:82:
         75:98:de:9b:66:1f:70:7d:b2:e6:e2:97:da:b7:06:34:88:db:
         55:f1:bc:6c:e9:7a:d9:98:db:d3:6f:4e:8b:aa:4d:3a:5e:6f:
         10:4a:1c:e1
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUUCe1n362+Dz8WHZerDZCwgEJcqwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA2MjgxODUwNTBaFw0yNzA2MjcxODU1NTBaMDMxMTAvBgNV
BAMTKDBEMjBFRjQyMEI2ODM5MkYzOTI5REMyNUYzNDBBRTNBNTQzNTc2MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMA4IyrOPHBigfPdE+4wyj5qNW
tkmbRo+LcQLy+TCTV3crpeJAUwYvNTstSzEoInoyj1+PgirWMDDCmgmDwb6pPr91
ERW/VrtiISJTNhScggUME9hYOvkjUv92b5mtUMbwcb5iXT0a4OrXGtR+lP4o99qP
lXECPFjYO/MhkJG4CPWqkanGfB7HTw61QT/MJOTe+AZkS7C96HCGVNXY11VTTCgU
LeMriJR+liqTDOwmUn1UuXtyIuX2H+awQURFWmJOHynxdvK0J8+V2hB1ry2dtEvx
Hu6XfNEp+1DU5aKvkyoC+/t32dPVZQSSSTwnbRfs1vgqglOl+dDNqeayB+Z/AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUDSDvQgtoOS85Kdwl80CuOlQ1dgQwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMzOTY5Njgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgUq
D2KH4DANBgkqhkiG9w0BAQsFAAOCAQEAPv2fDglT3FQUNif1jlbpoxeXBmJkUHRn
fkuCZUgoR0y40frwIJYAtjB9ACoO7zciwKuu6WaeLPwCjOO9VbqOKX+GLuMSXNRd
YDiwxwJc1pYbNzOIZGgR4W88TJhGpul8QXGvLptLN0KOUVRKbEzPn183m/UB/lkT
Lu6XrFjK+Fcy0b+s0MAdKY+iXvlOrJ5PKheiOckEJyhMT/8u4F9zeEO+NlBb+WHm
vO/UMsnb9jteceJPwaKfpaADD6YIELq6R4UXpR+p4DsOZwlXvT/4W18lSo1qlsiC
dZjem2YfcH2y5uKX2rcGNIjbVfG8bOl62Zjb029Oi6pNOl5vEEoc4Q==
-----END CERTIFICATE-----
Generated at Fri Jul 10 16:14:55 2026 by rpki-client