Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS198624.roa
File:                     AS198624.roa (raw, json)
Hash identifier:          B7+K5uNoi8rSIOJWsyd+wAdy0CiyxQGSzaZ2wgMROn8=
Subject key identifier:   BC:32:3C:64:68:9D:9C:62:13:F1:CD:C4:E7:3B:69:C3:82:17:F3:37
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       5126D9B88FB26D3F34883BB3C02C0A9BBFC1A32E
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS198624.roa
Signing time:             Fri 01 May 2026 09:35:34 +0000
ROA not before:           Fri 01 May 2026 09:30:34 +0000
ROA not after:            Fri 30 Apr 2027 09:35:34 +0000
asID:                     198624
IP address blocks:        2a0f:6284::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:26:d9:b8:8f:b2:6d:3f:34:88:3b:b3:c0:2c:0a:9b:bf:c1:a3:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: May  1 09:30:34 2026 GMT
            Not After : Apr 30 09:35:34 2027 GMT
        Subject: CN=BC323C64689D9C6213F1CDC4E73B69C38217F337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:72:e6:02:4b:cd:22:14:7a:a6:ed:1b:8f:8e:
                    0d:6b:8a:96:1b:36:4a:10:ee:2d:20:bf:5c:3c:3d:
                    47:aa:e6:02:a2:33:2c:87:f8:a7:49:26:60:88:28:
                    1e:5c:b3:f7:92:f0:cf:15:c5:a2:56:8a:33:29:7f:
                    7d:60:56:64:7e:06:77:ed:f0:43:3b:19:a3:51:e6:
                    d1:49:9c:93:08:16:bc:72:b7:a6:81:d2:51:ed:4e:
                    e9:ea:48:e7:9c:47:25:1c:ee:ce:ca:9b:dc:8f:b1:
                    bd:1a:51:ca:35:b5:90:9a:8a:0f:24:0d:a9:5b:21:
                    16:a3:e6:96:73:74:4b:81:d8:9a:d4:86:a3:2d:df:
                    0e:c7:4b:00:c4:05:fe:3f:04:ae:9c:f3:c2:78:b6:
                    b8:93:da:ff:6d:f7:30:77:eb:bd:06:e1:3e:a0:2f:
                    c6:1d:07:d7:40:ad:b9:9d:53:59:6d:75:a8:2b:32:
                    f8:23:ac:ac:72:f3:85:b0:8c:95:a3:ed:a5:83:db:
                    c9:64:4e:d9:5b:cd:b2:e6:47:29:c9:59:1a:85:55:
                    b8:38:b3:bd:ad:78:84:60:36:1b:eb:b5:de:cf:40:
                    af:45:5d:48:a6:e2:56:db:b8:13:89:82:50:63:69:
                    26:95:65:6e:87:b4:f7:64:f8:78:64:d6:a3:51:0b:
                    2b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:32:3C:64:68:9D:9C:62:13:F1:CD:C4:E7:3B:69:C3:82:17:F3:37
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS198624.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:19:1e:98:5f:54:8c:86:ad:0f:06:d0:9d:a1:82:14:9d:91:
         2e:78:8f:29:ec:5e:be:3b:e8:a7:38:73:16:d9:6a:24:8f:0c:
         b4:1c:3e:da:b7:47:d3:49:78:42:47:db:5f:88:6f:32:c1:3d:
         c1:87:54:c1:8b:8e:10:e4:a0:d1:cf:a5:62:fa:22:67:45:6a:
         65:00:c8:53:a7:e9:58:f2:23:f8:c2:ea:3a:af:36:18:41:45:
         b0:79:c8:f9:f9:9c:06:23:d8:ef:e1:52:6d:33:2a:f8:1d:9b:
         29:93:af:e5:0f:4a:e3:7b:ba:e4:4a:2b:f4:4a:57:78:f0:c8:
         04:5d:82:0e:95:f0:f3:9c:65:1b:8d:c3:58:0c:f7:14:82:73:
         68:9b:0a:45:a1:4f:11:67:77:37:78:c2:73:9c:a4:18:9b:da:
         3f:e7:93:38:06:3a:ab:4a:e7:07:10:67:eb:76:0f:d8:cc:c0:
         5f:64:af:d3:7d:94:a8:8a:7d:1e:98:7d:96:7b:5f:a3:d0:4f:
         82:e7:57:7e:59:6d:c4:2a:03:74:a4:b5:70:89:d8:12:5b:84:
         97:08:e4:1a:9c:3c:6b:b5:1e:14:2c:36:20:2b:77:df:61:e5:
         5c:68:09:4b:90:b6:f0:45:57:f2:52:07:5f:41:26:00:4f:06:
         b3:d9:25:26
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUUSbZuI+ybT80iDuzwCwKm7/Boy4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA1MDEwOTMwMzRaFw0yNzA0MzAwOTM1MzRaMDMxMTAvBgNV
BAMTKEJDMzIzQzY0Njg5RDlDNjIxM0YxQ0RDNEU3M0I2OUMzODIxN0YzMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAcuYCS80iFHqm7RuPjg1ripYb
NkoQ7i0gv1w8PUeq5gKiMyyH+KdJJmCIKB5cs/eS8M8VxaJWijMpf31gVmR+Bnft
8EM7GaNR5tFJnJMIFrxyt6aB0lHtTunqSOecRyUc7s7Km9yPsb0aUco1tZCaig8k
DalbIRaj5pZzdEuB2JrUhqMt3w7HSwDEBf4/BK6c88J4triT2v9t9zB3670G4T6g
L8YdB9dArbmdU1ltdagrMvgjrKxy84WwjJWj7aWD28lkTtlbzbLmRynJWRqFVbg4
s72teIRgNhvrtd7PQK9FXUim4lbbuBOJglBjaSaVZW6HtPdk+Hhk1qNRCyu9AgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUvDI8ZGidnGIT8c3E5ztpw4IX8zcwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMxOTg2MjQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
D2KEAAAwDQYJKoZIhvcNAQELBQADggEBADIZHphfVIyGrQ8G0J2hghSdkS54jyns
Xr476Kc4cxbZaiSPDLQcPtq3R9NJeEJH21+IbzLBPcGHVMGLjhDkoNHPpWL6ImdF
amUAyFOn6VjyI/jC6jqvNhhBRbB5yPn5nAYj2O/hUm0zKvgdmymTr+UPSuN7uuRK
K/RKV3jwyARdgg6V8POcZRuNw1gM9xSCc2ibCkWhTxFndzd4wnOcpBib2j/nkzgG
OqtK5wcQZ+t2D9jMwF9kr9N9lKiKfR6YfZZ7X6PQT4LnV35ZbcQqA3SktXCJ2BJb
hJcI5BqcPGu1HhQsNiArd99h5VxoCUuQtvBFV/JSB19BJgBPBrPZJSY=
-----END CERTIFICATE-----