Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          Qi4gSM5K1inMyX2quBx+eDybJDpBBZGXrFsAx1rUUvg=
Subject key identifier:   F6:67:24:CC:83:49:00:2B:F5:90:2B:D8:43:45:FD:36:46:76:71:E0
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       36C2A1798758CE178AF3F5FE461F044928D0699E
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa
Signing time:             Tue 12 May 2026 13:15:04 +0000
ROA not before:           Tue 12 May 2026 13:10:04 +0000
ROA not after:            Tue 11 May 2027 13:15:04 +0000
asID:                     0
IP address blocks:        2a0f:6284:7000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:c2:a1:79:87:58:ce:17:8a:f3:f5:fe:46:1f:04:49:28:d0:69:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: May 12 13:10:04 2026 GMT
            Not After : May 11 13:15:04 2027 GMT
        Subject: CN=F66724CC8349002BF5902BD84345FD36467671E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fb:07:c8:9a:76:f4:99:3b:3f:85:aa:3b:22:
                    04:47:44:9a:51:42:2d:dd:e7:f5:8b:13:59:c5:44:
                    54:41:21:3b:1b:bc:a6:a3:35:22:54:d7:19:eb:c9:
                    db:1a:18:28:58:08:d5:cc:74:f1:e8:3f:bb:06:6c:
                    9b:2e:16:07:44:1b:29:57:c3:77:b7:89:80:64:e9:
                    d9:b6:d7:ac:3e:f3:d7:7d:84:37:4d:b9:02:70:77:
                    b6:98:c1:f7:df:d5:70:e1:00:9c:73:b5:93:2c:86:
                    85:26:50:6b:67:7d:27:dc:ff:cf:f0:d6:80:f4:4e:
                    0c:fc:5f:6f:be:ac:9a:e6:d5:ed:d5:39:1c:a2:32:
                    65:87:dc:a6:81:d1:b8:59:4e:05:82:cd:d4:6e:14:
                    02:20:1f:58:4b:e0:e9:4c:f3:8d:64:42:17:99:dd:
                    c7:6d:e9:a7:df:c7:63:fa:de:01:0d:d0:7e:1a:cd:
                    ce:36:67:f4:31:18:ff:b4:e3:0b:cd:da:00:2f:0c:
                    2a:62:77:73:6c:3a:2b:68:d2:77:e1:c4:48:22:49:
                    cd:07:84:79:4a:8c:b8:b2:cc:1f:12:dc:c5:12:de:
                    24:02:af:bc:aa:c8:4b:af:a9:de:cb:8b:f8:62:c5:
                    fe:a3:97:bf:ec:95:64:15:73:70:80:dd:58:5d:21:
                    4e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:67:24:CC:83:49:00:2B:F5:90:2B:D8:43:45:FD:36:46:76:71:E0
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:7000::/36

    Signature Algorithm: sha256WithRSAEncryption
         89:14:5c:20:b4:65:47:d3:84:23:51:7d:a7:6d:9e:81:af:3b:
         3e:c7:9d:ef:e7:c6:28:c2:78:f1:11:dd:6b:71:36:22:d4:83:
         76:24:e1:2b:5e:a2:e8:60:26:97:94:95:7b:3d:e4:41:95:9a:
         5e:6b:0b:b4:a9:86:ab:83:27:8e:da:d6:5b:60:e8:82:c1:b0:
         08:44:5b:5b:d1:cc:84:b9:47:a2:67:f4:10:cc:f2:93:5a:2b:
         b4:3d:f5:1d:8b:d8:79:73:3d:ba:8c:a1:ee:02:62:2e:39:7c:
         44:77:84:d8:7c:68:21:97:2c:7a:1a:71:02:2e:e9:38:40:24:
         8d:52:a9:f6:db:ec:fc:06:30:8e:5b:b9:21:e3:ba:85:11:fe:
         83:7d:d7:ed:ba:37:36:13:0a:d9:82:83:29:ea:a0:a4:27:7a:
         17:f5:81:da:32:bf:a1:25:97:ce:57:a8:bd:85:a9:dc:9f:d4:
         f4:ca:16:63:68:26:aa:c2:66:14:7d:9c:80:54:01:94:dd:44:
         b7:70:19:c9:fa:94:47:1c:c4:a2:32:40:9d:21:19:c4:41:51:
         76:8f:ed:a4:85:c2:fa:4f:fd:6e:48:52:53:0d:5f:17:fd:84:
         a9:7b:ab:b7:34:cd:51:88:fe:90:9f:17:8c:64:db:33:ba:89:
         ea:83:1a:9b
-----BEGIN CERTIFICATE-----
MIIEzzCCA7egAwIBAgIUNsKheYdYzheK8/X+Rh8ESSjQaZ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA1MTIxMzEwMDRaFw0yNzA1MTExMzE1MDRaMDMxMTAvBgNV
BAMTKEY2NjcyNENDODM0OTAwMkJGNTkwMkJEODQzNDVGRDM2NDY3NjcxRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU+wfImnb0mTs/hao7IgRHRJpR
Qi3d5/WLE1nFRFRBITsbvKajNSJU1xnrydsaGChYCNXMdPHoP7sGbJsuFgdEGylX
w3e3iYBk6dm216w+89d9hDdNuQJwd7aYwfff1XDhAJxztZMshoUmUGtnfSfc/8/w
1oD0Tgz8X2++rJrm1e3VORyiMmWH3KaB0bhZTgWCzdRuFAIgH1hL4OlM841kQheZ
3cdt6affx2P63gEN0H4azc42Z/QxGP+04wvN2gAvDCpid3NsOito0nfhxEgiSc0H
hHlKjLiyzB8S3MUS3iQCr7yqyEuvqd7Li/hixf6jl7/slWQVc3CA3VhdIU7vAgMB
AAGjggHZMIIB1TAdBgNVHQ4EFgQU9mckzINJACv1kCvYQ0X9NkZ2ceAwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyMEoGCCsGAQUFBwELBD4wPDA6BggrBgEFBQcwC4YucnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg9ihHAw
DQYJKoZIhvcNAQELBQADggEBAIkUXCC0ZUfThCNRfadtnoGvOz7Hne/nxijCePER
3WtxNiLUg3Yk4SteouhgJpeUlXs95EGVml5rC7SphquDJ47a1ltg6ILBsAhEW1vR
zIS5R6Jn9BDM8pNaK7Q99R2L2HlzPbqMoe4CYi45fER3hNh8aCGXLHoacQIu6ThA
JI1Sqfbb7PwGMI5buSHjuoUR/oN91+26NzYTCtmCgynqoKQnehf1gdoyv6Ell85X
qL2Fqdyf1PTKFmNoJqrCZhR9nIBUAZTdRLdwGcn6lEccxKIyQJ0hGcRBUXaP7aSF
wvpP/W5IUlMNXxf9hKl7q7c0zVGI/pCfF4xk2zO6ieqDGps=
-----END CERTIFICATE-----