Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS63018.roa
File:                     AS63018.roa (raw, json)
Hash identifier:          0ezwziOnDaJ4alzHGLoIvYpQATenRRVEyMgYI0Q8l6s=
Subject key identifier:   76:E8:23:D0:53:8B:CB:43:98:90:84:9C:7F:8F:87:CD:DA:3F:B8:64
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       392BBAD5C027E257B7A104FCDBE47ABD6927D22E
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS63018.roa
Signing time:             Tue 10 Mar 2026 02:24:09 +0000
ROA not before:           Tue 10 Mar 2026 02:19:09 +0000
ROA not after:            Tue 09 Mar 2027 02:24:09 +0000
asID:                     63018
IP address blocks:        2a09:54c6:d005::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 06:19:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:2b:ba:d5:c0:27:e2:57:b7:a1:04:fc:db:e4:7a:bd:69:27:d2:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Mar 10 02:19:09 2026 GMT
            Not After : Mar  9 02:24:09 2027 GMT
        Subject: CN=76E823D0538BCB439890849C7F8F87CDDA3FB864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7b:bf:f5:52:24:5b:67:65:ee:3f:0a:e2:bf:
                    71:17:c2:b0:8e:9d:84:26:70:48:30:e6:70:10:e7:
                    1e:ad:91:dc:e8:04:e5:c9:97:36:c4:c4:49:3f:c4:
                    97:4b:32:d5:2e:ba:2c:bf:80:01:5a:4e:0d:35:d4:
                    18:21:3b:96:0a:5d:6e:77:e4:5b:8f:d3:69:3e:40:
                    95:b6:d6:40:87:59:c6:5b:e9:43:52:70:ff:16:bc:
                    42:51:34:94:93:98:89:0e:15:75:7c:4c:29:a1:da:
                    ab:df:87:65:48:f5:f0:66:4d:ff:b5:19:f0:99:e5:
                    58:80:80:2c:b3:86:5b:fd:ce:30:bb:d6:c7:32:27:
                    a0:54:58:92:cd:61:24:d9:32:59:12:4b:12:bf:c0:
                    70:30:8f:eb:1e:f2:ac:7c:d2:cc:93:ff:9f:f7:ce:
                    a2:30:f2:8a:9e:d6:d7:d0:16:f2:f4:51:04:f7:00:
                    39:5f:5b:7c:d9:eb:6e:f7:33:50:49:d4:81:af:67:
                    20:ed:a7:ea:a6:2d:a3:dd:88:ba:36:2e:4b:00:7d:
                    45:29:81:fd:b8:40:f6:22:41:91:5a:73:b8:c3:00:
                    bd:ea:92:3a:91:1a:f4:c9:96:47:13:ba:a2:7c:08:
                    b9:16:38:3d:a3:bc:0f:16:58:94:80:4f:a0:2e:cd:
                    b5:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E8:23:D0:53:8B:CB:43:98:90:84:9C:7F:8F:87:CD:DA:3F:B8:64
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS63018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c6:d005::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:19:8e:dd:29:04:2f:6f:d6:bf:2c:70:49:e2:90:dc:f9:1c:
         33:a0:10:b5:e3:4a:b0:39:32:f3:63:9e:37:e4:6a:7c:6e:e0:
         b5:45:7e:92:38:53:76:4e:15:95:79:85:99:f3:bc:72:21:47:
         9f:c3:1f:ec:27:90:0f:e7:65:6a:99:2d:5b:a8:29:df:5d:0c:
         ab:d5:d6:38:bf:ee:cd:f5:17:4f:ad:a4:de:0b:7b:ca:e1:46:
         f0:21:89:b2:13:55:fd:71:a0:a4:e9:38:f8:4f:dc:9c:67:38:
         b0:72:b9:7c:1f:9b:ee:1c:63:ca:14:c2:15:92:03:a4:8e:74:
         07:b3:77:1c:ab:c7:c1:58:4d:af:f4:71:bf:b2:90:fd:3e:39:
         15:16:f6:b9:d6:5b:b1:10:0b:bc:a6:b5:fe:d7:ba:2d:c9:bb:
         56:45:26:d4:93:2b:e5:4c:b8:43:60:a2:6e:6a:49:0d:6d:14:
         f4:6d:72:f2:d7:18:21:3a:a3:1e:8b:93:f9:09:14:1c:a9:24:
         44:cc:bb:9c:4c:7f:53:c6:b3:0f:62:24:2e:6b:0e:cf:dd:b7:
         54:8b:80:c1:eb:40:d3:c1:fa:f8:a7:cb:28:0e:2f:d3:91:87:
         bd:b3:af:7c:ca:ce:a5:f8:45:43:14:0a:6a:b4:5a:ef:38:9e:
         e7:91:8e:ab
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUOSu61cAn4le3oQT82+R6vWkn0i4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjAzMTAwMjE5MDlaFw0yNzAzMDkwMjI0MDlaMDMxMTAvBgNV
BAMTKDc2RTgyM0QwNTM4QkNCNDM5ODkwODQ5QzdGOEY4N0NEREEzRkI4NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIe7/1UiRbZ2XuPwriv3EXwrCO
nYQmcEgw5nAQ5x6tkdzoBOXJlzbExEk/xJdLMtUuuiy/gAFaTg011BghO5YKXW53
5FuP02k+QJW21kCHWcZb6UNScP8WvEJRNJSTmIkOFXV8TCmh2qvfh2VI9fBmTf+1
GfCZ5ViAgCyzhlv9zjC71scyJ6BUWJLNYSTZMlkSSxK/wHAwj+se8qx80syT/5/3
zqIw8oqe1tfQFvL0UQT3ADlfW3zZ6273M1BJ1IGvZyDtp+qmLaPdiLo2LksAfUUp
gf24QPYiQZFac7jDAL3qkjqRGvTJlkcTuqJ8CLkWOD2jvA8WWJSAT6AuzbW1AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUdugj0FOLy0OYkIScf4+Hzdo/uGQwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVM2MzAxOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoJ
VMbQBTANBgkqhkiG9w0BAQsFAAOCAQEAGxmO3SkEL2/WvyxwSeKQ3PkcM6AQteNK
sDky82OeN+RqfG7gtUV+kjhTdk4VlXmFmfO8ciFHn8Mf7CeQD+dlapktW6gp310M
q9XWOL/uzfUXT62k3gt7yuFG8CGJshNV/XGgpOk4+E/cnGc4sHK5fB+b7hxjyhTC
FZIDpI50B7N3HKvHwVhNr/Rxv7KQ/T45FRb2udZbsRALvKa1/te6Lcm7VkUm1JMr
5Uy4Q2CibmpJDW0U9G1y8tcYITqjHouT+QkUHKkkRMy7nEx/U8azD2IkLmsOz923
VIuAwetA08H6+KfLKA4v05GHvbOvfMrOpfhFQxQKarRa7zie55GOqw==
-----END CERTIFICATE-----