Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS208913.roa
File:                     AS208913.roa (raw, json)
Hash identifier:          8WH6I5Q5AUghwrDqkwV4Cs2m/ktd8BKLQ+VsDRv+3Ac=
Subject key identifier:   FA:4A:3E:D5:5B:AD:51:70:3E:5D:52:A7:1D:63:22:85:F4:CF:22:FE
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       18C27493391E7A0E5550BA68F5BC872DBECC298C
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS208913.roa
Signing time:             Tue 12 May 2026 13:17:41 +0000
ROA not before:           Tue 12 May 2026 13:12:41 +0000
ROA not after:            Tue 11 May 2027 13:17:41 +0000
asID:                     208913
IP address blocks:        2a05:dfc3:fd30::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:c2:74:93:39:1e:7a:0e:55:50:ba:68:f5:bc:87:2d:be:cc:29:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: May 12 13:12:41 2026 GMT
            Not After : May 11 13:17:41 2027 GMT
        Subject: CN=FA4A3ED55BAD51703E5D52A71D632285F4CF22FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:26:ae:0c:5b:88:7e:8b:12:43:eb:c4:22:11:
                    06:f8:f2:9f:a8:64:26:ae:9d:42:ee:44:05:d0:3f:
                    3c:72:17:a8:5e:12:40:10:be:07:0b:86:51:62:62:
                    d8:e9:83:bb:9c:b8:1c:a5:de:6e:25:0e:76:b0:0d:
                    d4:d2:00:f1:b7:3b:98:bd:49:11:ee:c1:6d:a9:dd:
                    26:1c:d7:0e:44:cd:74:73:c3:b4:58:c4:08:54:76:
                    a4:b7:fe:2a:81:85:c6:65:23:5b:71:38:4b:66:d3:
                    c4:74:c8:69:8a:e6:48:8c:40:92:c8:21:87:31:21:
                    05:fe:82:3e:8a:94:5c:01:33:50:ee:74:b1:e0:43:
                    63:af:e9:4a:d9:c6:99:96:5d:41:63:bc:7c:32:9d:
                    c7:58:5c:89:6c:72:28:8f:5f:e8:df:2c:46:c4:ab:
                    9d:ea:40:31:db:a4:d1:15:a5:a4:e9:6c:73:92:13:
                    cb:34:c2:49:84:d3:84:b9:8c:ee:e0:f0:a8:31:5a:
                    e0:a0:2d:d2:28:e9:54:47:67:83:87:5b:a0:eb:94:
                    dd:6c:db:54:f4:b4:c9:cd:e4:f7:5b:8c:c1:4f:e6:
                    7c:30:cb:28:1f:ae:90:d5:ba:fe:cc:76:d3:83:d0:
                    d7:45:0d:55:fb:f6:a1:d2:2e:ea:32:cb:13:ac:78:
                    01:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:4A:3E:D5:5B:AD:51:70:3E:5D:52:A7:1D:63:22:85:F4:CF:22:FE
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS208913.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3:fd30::/44

    Signature Algorithm: sha256WithRSAEncryption
         13:e9:8d:43:a7:fb:c3:23:0d:f0:4e:49:6a:46:db:98:30:02:
         45:b3:97:a0:0f:0c:a7:4d:35:d8:bd:b7:37:26:e7:26:4e:95:
         f1:33:f3:ce:72:ad:cb:9f:de:b0:34:a3:72:34:06:0c:03:a8:
         2e:d4:0c:c8:19:33:54:f7:71:2b:8c:86:19:6e:5c:ae:25:d0:
         de:ac:a9:d1:d0:2d:e7:e6:36:28:24:d9:c7:71:89:50:01:50:
         44:7a:42:e0:d9:84:99:69:27:0f:8e:84:ed:c8:60:f9:67:70:
         9b:24:b3:ba:52:3c:5e:8b:63:1a:19:52:47:c0:be:81:d3:2b:
         09:bc:94:90:ff:25:23:1d:0d:59:4f:a5:0a:02:29:c8:18:aa:
         2d:0d:5b:e6:5c:32:36:48:08:b2:5a:5e:24:e7:02:50:61:22:
         b6:30:13:e4:bc:43:2d:32:3b:1c:d3:7f:0d:46:67:41:f9:49:
         b2:c5:1d:b3:e4:5b:a9:d5:5c:4c:28:3a:0b:67:8c:bb:04:c4:
         18:b8:9e:b4:df:f8:7e:74:e8:05:4d:1d:3f:41:26:87:66:04:
         d4:17:0b:4e:f3:3e:4f:cb:0f:47:6b:3d:2f:6c:b8:a5:80:dc:
         b6:e0:6a:d7:d9:0f:9c:b8:0f:78:38:07:86:d9:04:ca:ae:68:
         1a:e2:ad:4f
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUGMJ0kzkeeg5VULpo9byHLb7MKYwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA1MTIxMzEyNDFaFw0yNzA1MTExMzE3NDFaMDMxMTAvBgNV
BAMTKEZBNEEzRUQ1NUJBRDUxNzAzRTVENTJBNzFENjMyMjg1RjRDRjIyRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZJq4MW4h+ixJD68QiEQb48p+o
ZCaunULuRAXQPzxyF6heEkAQvgcLhlFiYtjpg7ucuByl3m4lDnawDdTSAPG3O5i9
SRHuwW2p3SYc1w5EzXRzw7RYxAhUdqS3/iqBhcZlI1txOEtm08R0yGmK5kiMQJLI
IYcxIQX+gj6KlFwBM1DudLHgQ2Ov6UrZxpmWXUFjvHwyncdYXIlsciiPX+jfLEbE
q53qQDHbpNEVpaTpbHOSE8s0wkmE04S5jO7g8KgxWuCgLdIo6VRHZ4OHW6DrlN1s
21T0tMnN5PdbjMFP5nwwyygfrpDVuv7MdtOD0NdFDVX79qHSLuoyyxOseAHzAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQU+ko+1VutUXA+XVKnHWMihfTPIv4wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDg5MTMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQq
Bd/D/TAwDQYJKoZIhvcNAQELBQADggEBABPpjUOn+8MjDfBOSWpG25gwAkWzl6AP
DKdNNdi9tzcm5yZOlfEz885yrcuf3rA0o3I0BgwDqC7UDMgZM1T3cSuMhhluXK4l
0N6sqdHQLefmNigk2cdxiVABUER6QuDZhJlpJw+OhO3IYPlncJsks7pSPF6LYxoZ
UkfAvoHTKwm8lJD/JSMdDVlPpQoCKcgYqi0NW+ZcMjZICLJaXiTnAlBhIrYwE+S8
Qy0yOxzTfw1GZ0H5SbLFHbPkW6nVXEwoOgtnjLsExBi4nrTf+H506AVNHT9BJodm
BNQXC07zPk/LD0drPS9suKWA3LbgatfZD5y4D3g4B4bZBMquaBrirU8=
-----END CERTIFICATE-----