Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS199459.roa
File:                     AS199459.roa (raw, json)
Hash identifier:          HQIpybgZn35F56bWA4sXw0ZNP56I5A1CMVcwCf0eKbY=
Subject key identifier:   BC:7A:23:54:89:B4:0F:A6:9A:21:8A:48:03:86:19:B7:F3:99:5A:AD
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       18063FBAF45C83C535D4390AB8E1EA1DCBABBE37
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS199459.roa
Signing time:             Sat 11 Oct 2025 21:26:13 +0000
ROA not before:           Sat 11 Oct 2025 21:21:13 +0000
ROA not after:            Sat 10 Oct 2026 21:26:13 +0000
asID:                     199459
IP address blocks:        2a0f:6287:8000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:06:3f:ba:f4:5c:83:c5:35:d4:39:0a:b8:e1:ea:1d:cb:ab:be:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Oct 11 21:21:13 2025 GMT
            Not After : Oct 10 21:26:13 2026 GMT
        Subject: CN=BC7A235489B40FA69A218A48038619B7F3995AAD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:96:dc:8d:32:6e:df:e4:d1:2c:39:2f:f8:4f:
                    a2:6a:7f:15:bb:be:a9:8f:93:a2:04:fb:4a:45:24:
                    14:81:3a:bc:ee:47:e6:e1:15:a3:5d:44:6b:da:81:
                    54:e4:f0:7b:49:bc:11:6e:77:53:6f:12:9e:70:97:
                    30:f3:8d:4e:f7:59:e5:01:4b:0e:0e:9b:60:a3:bc:
                    78:07:4c:f3:c2:1d:85:28:e1:84:19:c2:39:39:73:
                    96:07:ae:b7:10:e0:9c:77:dc:a6:6d:ab:c5:33:60:
                    09:1c:0d:66:d7:f5:49:19:95:37:03:4f:47:b9:cc:
                    f8:a2:46:b2:4b:92:bd:cb:b2:92:2b:ab:9c:d5:d2:
                    e2:9d:7c:8f:83:c7:29:82:a2:06:36:73:de:e8:72:
                    4c:0b:dd:b7:66:a4:de:c0:6d:a5:db:6e:d8:ba:36:
                    fd:e4:e1:6e:5f:6b:bf:8d:6d:7b:ff:05:6c:08:4d:
                    af:97:3f:b9:61:8d:79:c5:29:f6:50:21:bc:ed:8a:
                    b5:6a:f0:99:10:fc:eb:41:bc:2e:39:a9:06:38:f7:
                    bd:7f:d3:99:68:9e:37:d4:ef:5b:dd:84:47:d7:0d:
                    c6:3f:9d:bf:56:d5:17:0e:08:fa:66:dc:e6:61:c4:
                    4e:9e:13:6e:40:ef:d1:b2:b6:0f:fd:a7:34:a7:f4:
                    08:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:7A:23:54:89:B4:0F:A6:9A:21:8A:48:03:86:19:B7:F3:99:5A:AD
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS199459.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6287:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         15:ff:66:d4:df:73:46:e4:29:c7:26:27:d8:ce:af:db:94:9d:
         5f:bd:3e:2b:d8:a6:e5:4f:7e:a8:4b:46:54:a9:3d:66:a0:be:
         ee:db:8e:3b:b6:34:bb:13:5b:19:53:c3:59:50:7b:fa:4d:4c:
         59:80:00:30:db:4e:f7:c7:a1:2b:1f:78:7e:16:27:00:e4:f6:
         b2:63:ab:c2:de:35:9c:49:b9:7b:25:bb:81:f8:f5:b2:a8:c0:
         3f:87:17:54:29:8a:39:00:fe:20:44:d7:f2:c7:df:01:ae:b3:
         d5:67:25:fe:a5:c3:23:74:8c:b1:53:cc:12:dc:a7:58:24:8a:
         e3:13:6a:29:84:b9:16:4b:58:26:66:6d:2f:49:c0:08:37:0d:
         10:5a:20:7c:34:8d:8b:24:fa:f9:7f:e2:a7:b8:55:3c:68:6b:
         af:42:0b:f3:de:bd:d4:60:c2:63:8f:48:db:5d:16:18:30:95:
         39:b6:ce:17:88:9e:b1:e0:84:c4:87:ea:3d:e8:34:2d:8b:5b:
         85:10:7b:8d:d9:d4:f4:c6:b0:cc:6e:6b:06:ef:83:ad:b0:81:
         2c:81:af:f3:73:01:9f:69:d7:7b:44:8c:22:c8:a2:cd:02:8d:
         71:6c:8e:08:fd:07:b8:a7:76:7a:6f:dd:97:e3:7e:58:06:47:
         86:17:be:ed
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUGAY/uvRcg8U11DkKuOHqHcurvjcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTEwMTEyMTIxMTNaFw0yNjEwMTAyMTI2MTNaMDMxMTAvBgNV
BAMTKEJDN0EyMzU0ODlCNDBGQTY5QTIxOEE0ODAzODYxOUI3RjM5OTVBQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7ltyNMm7f5NEsOS/4T6JqfxW7
vqmPk6IE+0pFJBSBOrzuR+bhFaNdRGvagVTk8HtJvBFud1NvEp5wlzDzjU73WeUB
Sw4Om2CjvHgHTPPCHYUo4YQZwjk5c5YHrrcQ4Jx33KZtq8UzYAkcDWbX9UkZlTcD
T0e5zPiiRrJLkr3LspIrq5zV0uKdfI+DxymCogY2c97ockwL3bdmpN7AbaXbbti6
Nv3k4W5fa7+NbXv/BWwITa+XP7lhjXnFKfZQIbztirVq8JkQ/OtBvC45qQY4971/
05lonjfU71vdhEfXDcY/nb9W1RcOCPpm3OZhxE6eE25A79Gytg/9pzSn9AjdAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUvHojVIm0D6aaIYpIA4YZt/OZWq0wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMxOTk0NTkucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
D2KHgDANBgkqhkiG9w0BAQsFAAOCAQEAFf9m1N9zRuQpxyYn2M6v25SdX70+K9im
5U9+qEtGVKk9ZqC+7tuOO7Y0uxNbGVPDWVB7+k1MWYAAMNtO98ehKx94fhYnAOT2
smOrwt41nEm5eyW7gfj1sqjAP4cXVCmKOQD+IETX8sffAa6z1Wcl/qXDI3SMsVPM
EtynWCSK4xNqKYS5FktYJmZtL0nACDcNEFogfDSNiyT6+X/ip7hVPGhrr0IL8969
1GDCY49I210WGDCVObbOF4ieseCExIfqPeg0LYtbhRB7jdnU9MawzG5rBu+DrbCB
LIGv83MBn2nXe0SMIsiizQKNcWyOCP0HuKd2em/dl+N+WAZHhhe+7Q==
-----END CERTIFICATE-----