Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS210215.roa
File:                     AS210215.roa (raw, json)
Hash identifier:          HIgsMhV54h3unzCXYDpnfhMDE5NdHPTfu6ech+8tgDE=
Subject key identifier:   29:AE:51:00:D0:25:6C:64:16:FA:B1:25:B0:3B:9A:78:91:0F:AF:D4
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       4F3A1E55E5FAE0FA6D4A42DC7596579A79064681
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS210215.roa
Signing time:             Fri 11 Jul 2025 17:11:06 +0000
ROA not before:           Fri 11 Jul 2025 17:06:06 +0000
ROA not after:            Fri 10 Jul 2026 17:11:06 +0000
asID:                     210215
IP address blocks:        2a0f:6283:1200::/40 maxlen: 40
                          2a0f:6283:1200::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 09:24:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:3a:1e:55:e5:fa:e0:fa:6d:4a:42:dc:75:96:57:9a:79:06:46:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul 11 17:06:06 2025 GMT
            Not After : Jul 10 17:11:06 2026 GMT
        Subject: CN=29AE5100D0256C6416FAB125B03B9A78910FAFD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:df:68:04:56:f1:bb:20:0c:dd:f3:8d:de:cc:
                    df:dc:89:73:31:85:09:73:89:9e:9c:bc:fe:42:47:
                    d6:b4:15:f2:6c:a7:ce:3b:2a:4d:63:22:6c:0f:d5:
                    d1:95:56:1c:3a:ff:0d:61:dc:9c:32:f5:1c:e7:47:
                    e8:b9:1a:59:6d:1e:a6:6b:2b:c9:35:7b:64:ce:91:
                    97:2d:49:24:df:6a:15:99:65:10:6f:4f:db:45:cc:
                    a1:15:f5:7e:e6:2c:45:11:7e:70:74:6e:06:40:1f:
                    63:e3:95:5c:58:49:de:cf:69:cc:76:9a:35:48:24:
                    53:75:19:82:9f:45:5c:ee:67:73:61:05:32:ad:c7:
                    09:e0:58:bc:25:83:39:68:60:19:8f:01:59:5c:4b:
                    21:28:16:1b:ac:6b:91:fa:b2:ce:f2:09:11:04:96:
                    ad:6a:f7:85:c0:2d:60:00:02:c4:ff:7b:16:8f:cd:
                    23:14:33:3e:f3:71:02:4b:43:64:c2:3c:e9:e7:4e:
                    3e:54:90:f5:95:c4:3d:ef:4a:78:b1:95:e4:f1:bb:
                    ea:b5:1b:72:e0:23:64:a2:42:5f:bb:81:47:05:9c:
                    00:31:55:85:15:cd:a9:c9:d9:24:9e:35:da:5e:25:
                    5b:17:18:ec:83:9d:46:6c:ed:22:f4:d9:c6:81:f5:
                    67:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:AE:51:00:D0:25:6C:64:16:FA:B1:25:B0:3B:9A:78:91:0F:AF:D4
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS210215.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6283:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         23:16:49:27:aa:4f:cf:31:ea:45:1a:c8:61:cf:6a:48:53:fe:
         37:d6:4f:32:57:a9:8c:fc:c7:6b:ab:5e:c7:ae:ba:ee:b9:0e:
         81:bf:c4:91:51:54:3d:3f:27:0f:ed:de:bc:de:22:d8:a9:f1:
         21:66:2c:91:da:8b:91:e5:54:1a:a9:1d:37:26:cf:a2:e6:60:
         2e:b9:26:04:04:af:12:fb:f1:1b:0a:ae:db:ce:01:a8:0b:c1:
         50:2c:6a:18:de:0b:e0:88:fb:fa:c1:05:15:6c:e8:ff:54:21:
         1b:69:8d:fd:f5:fd:16:9e:4b:3c:75:91:d0:75:a8:51:0f:2b:
         01:68:8e:c3:22:0f:31:5d:4b:48:95:64:db:61:9b:77:5d:9e:
         bf:91:ce:c6:96:fb:ab:84:08:89:4a:78:f3:a1:b0:75:6a:55:
         2d:b5:b2:d0:8e:93:df:c3:51:40:38:33:5c:57:5d:0f:4c:47:
         7a:10:d2:4e:8f:1b:a6:97:b4:f9:a3:87:65:d1:fe:f0:5e:15:
         31:f5:75:e7:7b:31:88:44:18:7a:68:ac:e2:5b:29:12:dd:0a:
         09:c3:f2:b3:3b:c3:02:3f:4f:18:91:5f:f1:98:e6:97:01:05:
         9d:fe:44:ba:e0:8c:cc:df:70:47:5d:fb:ca:18:5d:29:9a:53:
         e1:7c:66:18
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUTzoeVeX64PptSkLcdZZXmnkGRoEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MTExNzA2MDZaFw0yNjA3MTAxNzExMDZaMDMxMTAvBgNV
BAMTKDI5QUU1MTAwRDAyNTZDNjQxNkZBQjEyNUIwM0I5QTc4OTEwRkFGRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDx32gEVvG7IAzd843ezN/ciXMx
hQlziZ6cvP5CR9a0FfJsp847Kk1jImwP1dGVVhw6/w1h3Jwy9RznR+i5GlltHqZr
K8k1e2TOkZctSSTfahWZZRBvT9tFzKEV9X7mLEURfnB0bgZAH2PjlVxYSd7Pacx2
mjVIJFN1GYKfRVzuZ3NhBTKtxwngWLwlgzloYBmPAVlcSyEoFhusa5H6ss7yCREE
lq1q94XALWAAAsT/exaPzSMUMz7zcQJLQ2TCPOnnTj5UkPWVxD3vSnixleTxu+q1
G3LgI2SiQl+7gUcFnAAxVYUVzanJ2SSeNdpeJVsXGOyDnUZs7SL02caB9Wf3AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUKa5RANAlbGQW+rElsDuaeJEPr9QwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTAyMTUucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
D2KDEjANBgkqhkiG9w0BAQsFAAOCAQEAIxZJJ6pPzzHqRRrIYc9qSFP+N9ZPMlep
jPzHa6tex6667rkOgb/EkVFUPT8nD+3evN4i2KnxIWYskdqLkeVUGqkdNybPouZg
LrkmBASvEvvxGwqu284BqAvBUCxqGN4L4Ij7+sEFFWzo/1QhG2mN/fX9Fp5LPHWR
0HWoUQ8rAWiOwyIPMV1LSJVk22Gbd12ev5HOxpb7q4QIiUp486GwdWpVLbWy0I6T
38NRQDgzXFddD0xHehDSTo8bppe0+aOHZdH+8F4VMfV153sxiEQYemis4lspEt0K
CcPyszvDAj9PGJFf8ZjmlwEFnf5EuuCMzN9wR137yhhdKZpT4XxmGA==
-----END CERTIFICATE-----
Generated at Wed Jul 23 23:28:18 2025 by rpki-client