Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS53667.roa
File:                     AS53667.roa (raw, json)
Hash identifier:          z98Cxzjd5fuO++VQiaqi39gSX7BPjV8t0Ir05qC8xOI=
Subject key identifier:   98:57:8D:20:7F:08:89:E1:5D:53:5A:0E:0D:B6:87:58:BB:40:09:34
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       4D5ACEAD8144BA1C7E0767E4530BE0D92921FA45
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS53667.roa
Signing time:             Thu 18 Sep 2025 07:24:01 +0000
ROA not before:           Thu 18 Sep 2025 07:19:01 +0000
ROA not after:            Thu 17 Sep 2026 07:24:01 +0000
asID:                     53667
IP address blocks:        2a09:54c6:9000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 03:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:5a:ce:ad:81:44:ba:1c:7e:07:67:e4:53:0b:e0:d9:29:21:fa:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Sep 18 07:19:01 2025 GMT
            Not After : Sep 17 07:24:01 2026 GMT
        Subject: CN=98578D207F0889E15D535A0E0DB68758BB400934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ad:3d:d2:62:21:73:4c:99:60:6f:af:46:b0:
                    b0:ef:cc:71:cb:7f:f8:22:d2:1d:a8:8d:13:2c:ad:
                    ad:e5:8c:c3:04:ca:c2:09:d2:16:cb:7e:8c:63:60:
                    f9:c2:0f:7c:bd:52:72:15:73:e0:f5:79:30:3a:11:
                    44:ea:8d:b9:bb:ea:db:20:85:bb:01:6f:23:66:31:
                    fa:97:4f:60:08:13:90:d5:5c:8c:d5:14:72:b4:6a:
                    7a:19:ae:7b:50:ea:2a:50:55:72:fe:e0:74:70:fb:
                    e6:1f:76:22:fe:c7:ca:5a:38:1f:f3:82:f8:50:84:
                    61:33:08:65:a7:1e:90:f1:cf:a2:5c:cc:46:a3:92:
                    77:72:1d:f4:94:f5:d8:4a:48:3d:ba:23:df:93:24:
                    e2:65:8f:30:d5:72:6a:3b:55:37:4c:81:d9:6b:82:
                    be:26:89:30:85:1d:0c:1c:dc:95:ec:88:f9:4e:88:
                    b1:bb:89:f7:bb:32:2c:d1:84:a6:89:c8:ae:d2:7c:
                    e2:ed:71:65:67:e0:1e:27:7e:c6:e0:5a:31:44:4c:
                    6d:02:61:06:8c:d9:1f:f7:24:d2:bd:59:b4:e2:e2:
                    cd:f1:86:49:b8:6a:7b:a0:26:0a:25:fe:27:d3:76:
                    98:c8:52:81:b1:70:38:c1:79:ed:5c:0c:83:68:b9:
                    27:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:57:8D:20:7F:08:89:E1:5D:53:5A:0E:0D:B6:87:58:BB:40:09:34
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS53667.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c6:9000::/36

    Signature Algorithm: sha256WithRSAEncryption
         13:c5:6a:68:3f:72:95:95:33:a8:7e:8a:b5:22:c6:97:4e:9a:
         39:20:6d:47:ed:d9:f0:d4:76:87:37:fe:15:d1:27:34:25:98:
         18:67:af:5c:68:e5:5a:b7:ca:b5:26:3a:8f:2b:96:40:b4:6f:
         6e:39:f6:fd:7a:59:e2:73:42:f4:54:ac:dc:6f:62:c6:1c:96:
         3c:de:90:00:bb:8c:78:7d:08:29:1f:57:d7:52:18:b8:8e:0a:
         61:b0:1f:6c:a2:68:b5:d1:95:a1:62:90:3f:d7:45:73:dd:e4:
         58:78:d8:4d:ff:f4:5a:e0:64:58:d6:ca:21:0d:7e:42:b3:40:
         aa:dc:fa:e3:14:46:a0:5e:58:e4:e9:93:16:98:f5:92:d2:79:
         60:ba:32:3c:51:b3:9d:5c:b9:2e:4f:6d:73:b8:7f:35:40:28:
         92:0f:2f:02:ff:f0:76:76:4c:8a:7e:6a:88:bf:2d:92:e4:a0:
         c8:47:ca:4e:40:ba:91:dc:df:d9:e0:67:05:7d:44:f0:d9:c9:
         c6:4d:d3:71:e8:b7:63:df:c1:52:3f:db:50:b9:34:fc:a7:33:
         c7:e0:27:91:7a:be:6a:ef:27:de:07:cf:e5:aa:04:a0:78:fb:
         d0:65:b5:d1:20:40:a9:f3:08:7c:18:65:d2:3c:59:08:77:a0:
         66:0a:3e:52
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIUTVrOrYFEuhx+B2fkUwvg2Skh+kUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA5MTgwNzE5MDFaFw0yNjA5MTcwNzI0MDFaMDMxMTAvBgNV
BAMTKDk4NTc4RDIwN0YwODg5RTE1RDUzNUEwRTBEQjY4NzU4QkI0MDA5MzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZrT3SYiFzTJlgb69GsLDvzHHL
f/gi0h2ojRMsra3ljMMEysIJ0hbLfoxjYPnCD3y9UnIVc+D1eTA6EUTqjbm76tsg
hbsBbyNmMfqXT2AIE5DVXIzVFHK0anoZrntQ6ipQVXL+4HRw++YfdiL+x8paOB/z
gvhQhGEzCGWnHpDxz6JczEajkndyHfSU9dhKSD26I9+TJOJljzDVcmo7VTdMgdlr
gr4miTCFHQwc3JXsiPlOiLG7ife7MizRhKaJyK7SfOLtcWVn4B4nfsbgWjFETG0C
YQaM2R/3JNK9WbTi4s3xhkm4anugJgol/ifTdpjIUoGxcDjBee1cDINouSdbAgMB
AAGjggHdMIIB2TAdBgNVHQ4EFgQUmFeNIH8IieFdU1oODbaHWLtACTQwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVM1MzY2Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoJ
VMaQMA0GCSqGSIb3DQEBCwUAA4IBAQATxWpoP3KVlTOofoq1IsaXTpo5IG1H7dnw
1HaHN/4V0Sc0JZgYZ69caOVat8q1JjqPK5ZAtG9uOfb9elnic0L0VKzcb2LGHJY8
3pAAu4x4fQgpH1fXUhi4jgphsB9somi10ZWhYpA/10Vz3eRYeNhN//Ra4GRY1soh
DX5Cs0Cq3PrjFEagXljk6ZMWmPWS0nlgujI8UbOdXLkuT21zuH81QCiSDy8C//B2
dkyKfmqIvy2S5KDIR8pOQLqR3N/Z4GcFfUTw2cnGTdNx6Ldj38FSP9tQuTT8pzPH
4CeRer5q7yfeB8/lqgSgePvQZbXRIECp8wh8GGXSPFkId6BmCj5S
-----END CERTIFICATE-----