Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS401903.roa
File:                     AS401903.roa (raw, json)
Hash identifier:          L3xkd3Ps4DrlUsRMCaOQMxMk9EkoPbdl+/3/UeVzX5A=
Subject key identifier:   7C:BC:C0:E4:EF:BE:11:5E:2F:71:6D:E2:EB:D7:F5:4C:68:35:C3:CB
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       3AFA3B0E529343C4363C7AA80BA167AE89FE8C61
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS401903.roa
Signing time:             Tue 02 Sep 2025 19:31:34 +0000
ROA not before:           Tue 02 Sep 2025 19:26:34 +0000
ROA not after:            Tue 01 Sep 2026 19:31:34 +0000
asID:                     401903
IP address blocks:        2a0f:6283:1210::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:fa:3b:0e:52:93:43:c4:36:3c:7a:a8:0b:a1:67:ae:89:fe:8c:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Sep  2 19:26:34 2025 GMT
            Not After : Sep  1 19:31:34 2026 GMT
        Subject: CN=7CBCC0E4EFBE115E2F716DE2EBD7F54C6835C3CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:77:b9:08:1a:52:0a:a8:cb:9a:51:f0:64:5d:
                    8f:19:9e:58:be:da:e9:28:54:13:b6:aa:ec:1e:c6:
                    2b:9b:85:bd:f0:42:6d:5e:80:a4:39:c8:74:2b:0a:
                    5c:5c:e7:28:59:38:d6:87:f8:20:5f:6e:ec:2e:67:
                    a0:41:d3:34:7b:16:2d:bb:7e:94:d3:90:ce:12:0e:
                    64:dd:1a:2f:e5:91:84:7d:2d:71:d7:07:f4:a5:dd:
                    fd:06:0e:0f:15:a1:b0:e4:68:22:b9:d7:51:a8:29:
                    50:b5:6e:92:a0:4a:26:90:b8:11:d8:8c:17:3d:e1:
                    48:6e:d5:76:8f:7b:06:b1:30:d3:e2:e2:c1:46:16:
                    66:a6:af:4c:b2:a6:fa:a4:76:45:cb:c7:68:ec:cb:
                    00:5b:39:15:e6:63:ef:db:3b:7b:86:5c:62:a0:5b:
                    6b:03:30:33:9c:c6:dc:08:79:ea:40:a3:e9:b5:35:
                    64:37:3e:71:7f:1d:87:4d:88:2b:a2:a0:5c:d0:5d:
                    b2:b5:3b:e7:9f:aa:0e:f5:e4:ad:fb:e8:44:48:a2:
                    ca:94:77:80:89:2e:1e:46:0d:5e:91:a0:13:58:6a:
                    52:73:a8:c7:6b:1c:04:04:bd:b3:77:d0:72:f5:a2:
                    cf:f8:c6:d3:5c:0a:82:a0:4f:64:83:ea:22:e4:1c:
                    18:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:BC:C0:E4:EF:BE:11:5E:2F:71:6D:E2:EB:D7:F5:4C:68:35:C3:CB
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS401903.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6283:1210::/44

    Signature Algorithm: sha256WithRSAEncryption
         70:5e:42:7f:d5:74:5c:f0:ef:a3:c2:5c:26:47:70:11:3c:33:
         52:d4:c9:98:f6:d2:57:61:1f:fc:c4:87:d5:56:b3:ae:a3:30:
         a3:4b:c6:94:8b:8e:88:1b:a5:5f:b7:35:79:80:20:31:e5:ce:
         f6:88:e7:f5:d2:05:1c:46:ee:32:1b:71:37:80:2f:05:9f:ab:
         d0:cd:3c:dd:49:9b:c1:59:b2:38:1f:6b:e6:2b:da:dc:46:21:
         d4:1c:28:e7:72:ae:95:e8:85:ff:b4:24:6d:68:49:4b:ba:58:
         e4:88:af:1a:b2:da:e0:e4:ca:97:0a:77:c7:a9:78:75:49:0e:
         93:8b:26:a0:3f:c7:c5:d4:53:e1:a1:00:71:20:da:71:18:d8:
         f2:25:65:f7:2b:22:c0:a5:7f:e2:3d:cd:c9:09:a1:92:90:16:
         fa:04:d0:25:1e:9d:93:01:53:ab:29:46:34:4b:88:82:bb:0d:
         51:df:cd:07:25:43:7f:96:f6:84:2d:dc:2e:44:7e:5f:ba:84:
         1e:f6:7b:85:73:9c:31:5f:1b:09:2a:e4:15:d3:47:70:c9:36:
         b4:eb:1d:d6:6b:cd:db:c8:15:74:0a:24:33:96:77:5b:87:c3:
         56:f7:29:3a:3e:37:78:7e:dd:9c:a5:04:43:f1:af:8e:1c:22:
         03:01:5d:c1
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUOvo7DlKTQ8Q2PHqoC6Fnron+jGEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA5MDIxOTI2MzRaFw0yNjA5MDExOTMxMzRaMDMxMTAvBgNV
BAMTKDdDQkNDMEU0RUZCRTExNUUyRjcxNkRFMkVCRDdGNTRDNjgzNUMzQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXd7kIGlIKqMuaUfBkXY8Znli+
2ukoVBO2quwexiubhb3wQm1egKQ5yHQrClxc5yhZONaH+CBfbuwuZ6BB0zR7Fi27
fpTTkM4SDmTdGi/lkYR9LXHXB/Sl3f0GDg8VobDkaCK511GoKVC1bpKgSiaQuBHY
jBc94Uhu1XaPewaxMNPi4sFGFmamr0yypvqkdkXLx2jsywBbORXmY+/bO3uGXGKg
W2sDMDOcxtwIeepAo+m1NWQ3PnF/HYdNiCuioFzQXbK1O+efqg715K376ERIosqU
d4CJLh5GDV6RoBNYalJzqMdrHAQEvbN30HL1os/4xtNcCoKgT2SD6iLkHBijAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUfLzA5O++EV4vcW3i69f1TGg1w8swHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVM0MDE5MDMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQq
D2KDEhAwDQYJKoZIhvcNAQELBQADggEBAHBeQn/VdFzw76PCXCZHcBE8M1LUyZj2
0ldhH/zEh9VWs66jMKNLxpSLjogbpV+3NXmAIDHlzvaI5/XSBRxG7jIbcTeALwWf
q9DNPN1Jm8FZsjgfa+Yr2txGIdQcKOdyrpXohf+0JG1oSUu6WOSIrxqy2uDkypcK
d8epeHVJDpOLJqA/x8XUU+GhAHEg2nEY2PIlZfcrIsClf+I9zckJoZKQFvoE0CUe
nZMBU6spRjRLiIK7DVHfzQclQ3+W9oQt3C5Efl+6hB72e4VznDFfGwkq5BXTR3DJ
NrTrHdZrzdvIFXQKJDOWd1uHw1b3KTo+N3h+3ZylBEPxr44cIgMBXcE=
-----END CERTIFICATE-----