Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          oUd/9iriPJSv/hZILuemX6jXk8Ub/eEQVHP/WrUud9A=
Subject key identifier:   13:5F:3F:6C:07:E4:12:C8:27:BD:BE:F2:81:07:2F:78:8C:BB:5F:5E
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       6FEA2010617B08D6F080CD3D5CE6A76823248E06
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa
Signing time:             Tue 14 Oct 2025 15:56:36 +0000
ROA not before:           Tue 14 Oct 2025 15:51:36 +0000
ROA not after:            Tue 13 Oct 2026 15:56:36 +0000
asID:                     0
IP address blocks:        2a0f:6283:2000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 12:13:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:ea:20:10:61:7b:08:d6:f0:80:cd:3d:5c:e6:a7:68:23:24:8e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Oct 14 15:51:36 2025 GMT
            Not After : Oct 13 15:56:36 2026 GMT
        Subject: CN=135F3F6C07E412C827BDBEF281072F788CBB5F5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e1:fc:ac:be:88:23:e8:c3:bd:e4:1f:12:ed:
                    ac:a6:1e:d8:4a:6f:83:b5:4f:73:15:61:89:96:a0:
                    d9:71:61:c1:99:1f:d4:60:da:15:8d:4e:22:ec:50:
                    4f:d8:6b:72:64:88:7d:f5:cd:8c:c7:f4:68:8b:84:
                    9f:e9:08:2c:8d:0d:17:6d:e9:26:e9:2d:f9:e8:8b:
                    66:ef:c2:6c:08:be:f9:63:e5:a8:4a:79:f9:2e:a6:
                    fa:4b:0a:9b:c9:dd:7d:c0:51:16:ac:2b:3b:fe:bc:
                    fa:85:c0:de:fe:3e:c0:18:01:58:56:23:26:2d:28:
                    9c:dd:06:bb:86:9f:83:f7:eb:a3:c7:33:f2:58:ba:
                    80:6e:83:e3:fb:ab:27:89:99:38:29:de:c6:67:e4:
                    c2:58:c1:7d:65:9c:de:9d:45:92:44:c3:c3:fd:03:
                    0a:11:95:fc:82:2e:5f:ad:49:e1:0d:15:02:eb:60:
                    2c:bd:1e:56:71:b7:31:0a:4b:ed:db:29:9e:8c:90:
                    f8:ce:84:d3:fb:1f:cc:eb:f1:9e:db:8f:5b:b6:11:
                    28:c3:cf:18:a6:f6:b1:9a:27:44:06:67:5c:ec:f3:
                    0c:cd:54:7c:6b:a5:84:22:44:93:b8:f7:34:a4:ff:
                    c0:8c:5c:9a:3e:fc:10:3b:b7:ad:1f:27:1e:a3:57:
                    3b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:5F:3F:6C:07:E4:12:C8:27:BD:BE:F2:81:07:2F:78:8C:BB:5F:5E
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6283:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1b:38:20:87:a2:a7:90:59:93:f6:21:90:5a:b1:ae:62:c9:22:
         e4:40:5e:25:51:25:28:95:48:b4:b5:f2:8d:ab:b4:63:3f:0f:
         f8:78:64:d5:a2:ac:5a:cd:fc:c7:5c:5f:79:e5:29:fe:06:c1:
         4a:eb:8e:e6:58:ff:ca:2b:70:91:7f:f6:7a:5c:7f:b9:77:fe:
         95:f9:57:07:a0:66:a2:95:00:68:a5:a9:f2:8c:1c:76:2b:43:
         2a:61:66:f0:e2:47:d9:0d:51:16:e6:2b:15:46:7a:2d:45:79:
         72:9c:aa:36:43:39:04:e5:15:f7:fd:70:09:9b:f6:72:33:66:
         5e:1b:31:2f:64:f8:e0:56:92:88:54:82:99:8c:bb:b4:76:0f:
         92:b7:90:45:b9:74:45:74:13:c3:a1:17:8a:54:5c:08:af:82:
         01:c0:5b:a0:9b:a5:04:6f:7f:9a:b8:45:34:22:60:a0:ab:8c:
         e4:43:48:cf:b1:b2:d2:90:a7:62:cd:0b:c2:18:1a:b5:93:13:
         70:e5:cd:47:96:08:4a:04:49:4c:35:50:c3:28:03:36:2c:10:
         d0:7c:2e:cd:99:eb:88:1e:d9:d4:8c:8c:30:43:18:51:70:ea:
         5a:5a:9a:4f:7e:81:9e:6a:fe:91:f2:59:fa:dc:6c:f6:02:d7:
         c7:f8:60:00
-----BEGIN CERTIFICATE-----
MIIEzzCCA7egAwIBAgIUb+ogEGF7CNbwgM09XOanaCMkjgYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTEwMTQxNTUxMzZaFw0yNjEwMTMxNTU2MzZaMDMxMTAvBgNV
BAMTKDEzNUYzRjZDMDdFNDEyQzgyN0JEQkVGMjgxMDcyRjc4OENCQjVGNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW4fysvogj6MO95B8S7aymHthK
b4O1T3MVYYmWoNlxYcGZH9Rg2hWNTiLsUE/Ya3JkiH31zYzH9GiLhJ/pCCyNDRdt
6SbpLfnoi2bvwmwIvvlj5ahKefkupvpLCpvJ3X3AURasKzv+vPqFwN7+PsAYAVhW
IyYtKJzdBruGn4P366PHM/JYuoBug+P7qyeJmTgp3sZn5MJYwX1lnN6dRZJEw8P9
AwoRlfyCLl+tSeENFQLrYCy9HlZxtzEKS+3bKZ6MkPjOhNP7H8zr8Z7bj1u2ESjD
zxim9rGaJ0QGZ1zs8wzNVHxrpYQiRJO49zSk/8CMXJo+/BA7t60fJx6jVztPAgMB
AAGjggHZMIIB1TAdBgNVHQ4EFgQUE18/bAfkEsgnvb7ygQcveIy7X14wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyMEoGCCsGAQUFBwELBD4wPDA6BggrBgEFBQcwC4YucnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg9igyAw
DQYJKoZIhvcNAQELBQADggEBABs4IIeip5BZk/YhkFqxrmLJIuRAXiVRJSiVSLS1
8o2rtGM/D/h4ZNWirFrN/MdcX3nlKf4GwUrrjuZY/8orcJF/9npcf7l3/pX5Vweg
ZqKVAGilqfKMHHYrQyphZvDiR9kNURbmKxVGei1FeXKcqjZDOQTlFff9cAmb9nIz
Zl4bMS9k+OBWkohUgpmMu7R2D5K3kEW5dEV0E8OhF4pUXAivggHAW6CbpQRvf5q4
RTQiYKCrjORDSM+xstKQp2LNC8IYGrWTE3DlzUeWCEoESUw1UMMoAzYsENB8Ls2Z
64ge2dSMjDBDGFFw6lpamk9+gZ5q/pHyWfrcbPYC18f4YAA=
-----END CERTIFICATE-----