Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS48678.roa
File:                     AS48678.roa (raw, json)
Hash identifier:          AJgmqRCuexqs1iScN3d3UdZ79pfhtvtdYfnOYv+s8Ec=
Subject key identifier:   61:C4:C7:9F:45:82:2C:0D:8D:5F:DD:63:99:32:55:93:AD:75:F3:00
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       0653AF4D51F62CAEB898782DD946C5581BAC0C8C
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS48678.roa
Signing time:             Thu 03 Jul 2025 15:53:06 +0000
ROA not before:           Thu 03 Jul 2025 15:48:06 +0000
ROA not after:            Thu 02 Jul 2026 15:53:06 +0000
asID:                     48678
IP address blocks:        2a05:dfc3:fd23::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:53:af:4d:51:f6:2c:ae:b8:98:78:2d:d9:46:c5:58:1b:ac:0c:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:06 2025 GMT
            Not After : Jul  2 15:53:06 2026 GMT
        Subject: CN=61C4C79F45822C0D8D5FDD6399325593AD75F300
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:98:75:e9:ed:af:39:f6:d4:7e:39:c1:ff:94:
                    bb:5f:1f:1d:ea:3d:7d:8c:0d:e9:12:8b:bb:71:27:
                    b2:4a:af:f5:dc:e5:9a:64:57:16:2e:54:33:cc:94:
                    e1:9b:38:a8:b7:eb:18:5b:89:48:b7:e9:6c:46:31:
                    73:f8:b5:60:13:5d:6c:4c:f8:2a:c0:22:eb:1d:a0:
                    71:8d:d2:cf:da:e2:e5:7f:49:27:90:c4:cf:7f:6d:
                    e1:30:10:bd:f7:12:5a:2b:60:94:34:4d:93:8a:01:
                    18:aa:2d:02:31:7f:64:4c:82:f0:ee:17:0d:16:44:
                    2b:c6:a1:76:d4:4c:7b:c1:fd:d9:38:f1:a2:c0:00:
                    ee:65:96:fe:8d:01:d6:13:c2:c8:e9:94:a6:50:3e:
                    88:99:b8:4f:e8:46:61:68:95:72:43:83:5b:11:5d:
                    16:4c:17:ed:cf:83:ea:2f:63:30:11:14:bb:61:0b:
                    a0:bc:0c:5b:6f:8b:fa:93:dc:b7:d8:61:d5:73:93:
                    7d:2d:06:73:41:6c:8b:e5:c6:e6:ff:d3:38:ff:60:
                    94:89:c5:47:0f:6e:f1:86:f5:80:03:4f:37:38:d4:
                    da:11:34:70:f5:04:31:1d:9c:05:1f:b2:a3:50:7c:
                    d5:56:a6:32:68:0d:4f:db:dc:a2:6e:3c:f1:77:9d:
                    7b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:C4:C7:9F:45:82:2C:0D:8D:5F:DD:63:99:32:55:93:AD:75:F3:00
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS48678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3:fd23::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:1f:07:1b:7e:81:91:a0:87:63:d3:8a:ac:ed:8b:50:7c:cd:
         57:96:88:db:2f:b7:26:b3:34:93:b1:8e:88:ec:1e:b1:91:ab:
         0a:23:3c:d5:a6:51:f9:5f:f2:f9:68:cb:12:85:e1:86:80:e0:
         f7:86:7a:13:84:a1:f2:ae:2e:f8:b9:53:14:7d:a2:34:98:07:
         a2:e3:ee:3c:ec:b0:69:31:1d:a6:ed:72:71:d6:52:98:8d:6c:
         e8:d5:db:c9:83:ef:d2:6f:ff:6c:53:e4:e1:6d:cd:5b:3f:ee:
         62:c8:93:95:ff:02:f3:65:27:79:07:73:1a:12:20:1a:bd:f6:
         14:a0:ab:68:fd:00:0a:bc:d9:21:04:98:bd:28:89:fe:52:c2:
         cb:c6:01:9a:00:fe:15:ad:9e:84:80:9c:7a:f2:71:65:ec:3b:
         4f:5f:82:be:a4:8d:23:c5:5c:ac:cf:90:30:9c:19:98:4a:65:
         bd:88:5c:92:f9:17:ca:54:e1:95:7f:8b:95:9d:23:29:3a:95:
         74:70:d3:b5:46:a3:77:7c:4a:6b:5c:2b:36:89:9a:17:41:c6:
         4b:a7:81:4c:dd:cf:f1:26:1d:50:d5:82:62:65:3f:6f:cb:04:
         41:5d:1c:9f:b9:b9:27:97:ca:00:83:17:ca:f8:03:5f:84:ad:
         67:4c:6f:f4
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUBlOvTVH2LK64mHgt2UbFWBusDIwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDZaFw0yNjA3MDIxNTUzMDZaMDMxMTAvBgNV
BAMTKDYxQzRDNzlGNDU4MjJDMEQ4RDVGREQ2Mzk5MzI1NTkzQUQ3NUYzMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCumHXp7a859tR+OcH/lLtfHx3q
PX2MDekSi7txJ7JKr/Xc5ZpkVxYuVDPMlOGbOKi36xhbiUi36WxGMXP4tWATXWxM
+CrAIusdoHGN0s/a4uV/SSeQxM9/beEwEL33ElorYJQ0TZOKARiqLQIxf2RMgvDu
Fw0WRCvGoXbUTHvB/dk48aLAAO5llv6NAdYTwsjplKZQPoiZuE/oRmFolXJDg1sR
XRZMF+3Pg+ovYzARFLthC6C8DFtvi/qT3LfYYdVzk30tBnNBbIvlxub/0zj/YJSJ
xUcPbvGG9YADTzc41NoRNHD1BDEdnAUfsqNQfNVWpjJoDU/b3KJuPPF3nXu1AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUYcTHn0WCLA2NX91jmTJVk6118wAwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVM0ODY3OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF
38P9IzANBgkqhkiG9w0BAQsFAAOCAQEAPB8HG36BkaCHY9OKrO2LUHzNV5aI2y+3
JrM0k7GOiOwesZGrCiM81aZR+V/y+WjLEoXhhoDg94Z6E4Sh8q4u+LlTFH2iNJgH
ouPuPOywaTEdpu1ycdZSmI1s6NXbyYPv0m//bFPk4W3NWz/uYsiTlf8C82UneQdz
GhIgGr32FKCraP0ACrzZIQSYvSiJ/lLCy8YBmgD+Fa2ehICcevJxZew7T1+CvqSN
I8VcrM+QMJwZmEplvYhckvkXylThlX+LlZ0jKTqVdHDTtUajd3xKa1wrNomaF0HG
S6eBTN3P8SYdUNWCYmU/b8sEQV0cn7m5J5fKAIMXyvgDX4StZ0xv9A==
-----END CERTIFICATE-----