Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          Q62m1FhEbMVluOMiEwrnrOejnthuNicx3CgsH3UMZSM=
Subject key identifier:   ED:E4:36:46:6A:78:CC:2C:0D:25:54:B8:2F:74:BD:2C:20:F8:69:24
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       4B35508A9EF3A3AAB7821A9C2F15C7CFA10366DF
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa
Signing time:             Sat 28 Mar 2026 08:00:26 +0000
ROA not before:           Sat 28 Mar 2026 07:55:26 +0000
ROA not after:            Sat 27 Mar 2027 08:00:26 +0000
asID:                     0
IP address blocks:        2a0f:6287:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:35:50:8a:9e:f3:a3:aa:b7:82:1a:9c:2f:15:c7:cf:a1:03:66:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Mar 28 07:55:26 2026 GMT
            Not After : Mar 27 08:00:26 2027 GMT
        Subject: CN=EDE436466A78CC2C0D2554B82F74BD2C20F86924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e9:20:6b:3a:42:71:88:9b:b1:b7:ce:67:3c:
                    a6:d5:fc:3d:3f:f6:7e:61:43:9e:1b:66:35:3c:09:
                    e5:8c:51:e3:8f:67:78:97:87:a9:95:fe:30:ee:3a:
                    9b:3a:34:9b:8b:16:2f:7a:d1:4a:f3:c1:33:63:60:
                    9d:21:d2:1b:29:54:fd:1f:14:9f:ad:22:fb:ee:24:
                    50:a5:7e:91:9c:11:5c:64:0b:55:90:c7:f7:98:a5:
                    28:85:26:03:cd:f4:c8:41:5c:d2:56:b5:ca:66:00:
                    19:1b:42:40:50:d8:91:50:a4:75:fb:2e:f4:15:e1:
                    87:f9:28:1c:b5:e0:bb:74:76:20:7b:f4:9c:16:51:
                    fb:7b:5b:0c:84:7c:80:45:b0:37:ad:cb:32:3f:bd:
                    23:1d:c4:2a:60:1a:25:d8:76:56:5c:ff:df:7b:c0:
                    75:06:2b:e7:e0:81:74:24:ff:6c:93:4b:34:ee:49:
                    1d:5c:07:a2:9a:09:cb:cb:73:99:79:2a:e9:67:7e:
                    02:71:5e:2a:b0:60:98:04:8e:1b:90:75:0f:f7:ba:
                    bb:27:57:15:0b:e6:0c:8e:fb:bf:1d:52:64:3d:94:
                    84:95:e3:a7:36:0a:62:e9:e5:2d:88:af:62:97:fa:
                    9c:17:cb:85:0d:b0:84:28:91:35:2f:90:e6:71:f0:
                    e2:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:E4:36:46:6A:78:CC:2C:0D:25:54:B8:2F:74:BD:2C:20:F8:69:24
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6287:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         8b:97:a0:08:eb:cc:71:f0:6d:df:f5:7e:c6:4a:63:6c:f0:fc:
         94:d7:83:a7:73:99:72:93:f8:72:e9:e1:b4:7b:ad:ec:0e:21:
         c3:5f:b3:40:94:94:14:e6:9b:a8:27:f5:0c:8b:80:1e:2d:5d:
         d3:95:6e:b5:66:50:c5:bc:95:25:55:2b:55:41:8b:41:e1:fc:
         fc:a8:a3:27:6a:80:5c:04:51:a6:5f:f3:69:1e:65:cd:61:d3:
         5c:63:b7:8e:7f:0d:1f:ae:9a:8f:c8:ee:00:6a:34:21:e5:30:
         35:47:18:8e:a7:72:b9:e1:e6:f3:cd:cd:53:09:3d:a0:5a:4a:
         a1:e0:69:e6:dd:f7:d7:60:7a:89:04:62:57:27:71:05:e6:0a:
         47:5b:57:d1:35:93:19:56:14:20:ab:1d:ae:2e:e0:8d:f7:ef:
         58:82:31:bb:b0:05:d6:d6:db:f1:84:5b:23:dd:6c:75:ad:64:
         a3:c9:3d:0a:92:c7:e9:dd:b4:23:6e:40:98:ec:ec:da:04:04:
         d6:33:bb:d9:73:3e:76:65:37:33:1d:b9:4a:38:a7:19:c3:3e:
         c9:b4:02:99:f1:62:c7:c8:9c:c2:d4:74:e8:76:20:2a:ba:a8:
         27:40:05:7d:f9:a0:09:bf:b1:2d:d1:bf:34:b1:70:96:f2:5e:
         f7:ed:98:07
-----BEGIN CERTIFICATE-----
MIIEzzCCA7egAwIBAgIUSzVQip7zo6q3ghqcLxXHz6EDZt8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjAzMjgwNzU1MjZaFw0yNzAzMjcwODAwMjZaMDMxMTAvBgNV
BAMTKEVERTQzNjQ2NkE3OENDMkMwRDI1NTRCODJGNzRCRDJDMjBGODY5MjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD6SBrOkJxiJuxt85nPKbV/D0/
9n5hQ54bZjU8CeWMUeOPZ3iXh6mV/jDuOps6NJuLFi960UrzwTNjYJ0h0hspVP0f
FJ+tIvvuJFClfpGcEVxkC1WQx/eYpSiFJgPN9MhBXNJWtcpmABkbQkBQ2JFQpHX7
LvQV4Yf5KBy14Lt0diB79JwWUft7WwyEfIBFsDetyzI/vSMdxCpgGiXYdlZc/997
wHUGK+fggXQk/2yTSzTuSR1cB6KaCcvLc5l5KulnfgJxXiqwYJgEjhuQdQ/3ursn
VxUL5gyO+78dUmQ9lISV46c2CmLp5S2Ir2KX+pwXy4UNsIQokTUvkOZx8OJnAgMB
AAGjggHZMIIB1TAdBgNVHQ4EFgQU7eQ2Rmp4zCwNJVS4L3S9LCD4aSQwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyMEoGCCsGAQUFBwELBD4wPDA6BggrBgEFBQcwC4YucnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg9ihxAw
DQYJKoZIhvcNAQELBQADggEBAIuXoAjrzHHwbd/1fsZKY2zw/JTXg6dzmXKT+HLp
4bR7rewOIcNfs0CUlBTmm6gn9QyLgB4tXdOVbrVmUMW8lSVVK1VBi0Hh/Pyooydq
gFwEUaZf82keZc1h01xjt45/DR+umo/I7gBqNCHlMDVHGI6ncrnh5vPNzVMJPaBa
SqHgaebd99dgeokEYlcncQXmCkdbV9E1kxlWFCCrHa4u4I3371iCMbuwBdbW2/GE
WyPdbHWtZKPJPQqSx+ndtCNuQJjs7NoEBNYzu9lzPnZlNzMduUo4pxnDPsm0Apnx
YsfInMLUdOh2ICq6qCdABX35oAm/sS3RvzSxcJbyXvftmAc=
-----END CERTIFICATE-----