Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS210215.roa
File:                     AS210215.roa (raw, json)
Hash identifier:          1RiS1KoISKfRtTS9tlxTfnZSXnviQBeVIIwuQLDDl9Q=
Subject key identifier:   EF:65:6C:01:F4:87:AB:DD:D8:B0:B5:ED:B4:E0:BC:A6:B3:A4:19:FE
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       6E858A94324A3EE0443E517A909E5911AEB40900
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS210215.roa
Signing time:             Fri 25 Jul 2025 03:49:44 +0000
ROA not before:           Fri 25 Jul 2025 03:44:44 +0000
ROA not after:            Fri 24 Jul 2026 03:49:44 +0000
asID:                     210215
IP address blocks:        2a0f:6283:1200::/40 maxlen: 40
                          2a0f:6283:1200::/44 maxlen: 48
                          2a0f:6283:12ff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 20:50:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:85:8a:94:32:4a:3e:e0:44:3e:51:7a:90:9e:59:11:ae:b4:09:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul 25 03:44:44 2025 GMT
            Not After : Jul 24 03:49:44 2026 GMT
        Subject: CN=EF656C01F487ABDDD8B0B5EDB4E0BCA6B3A419FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b5:17:c3:a3:ba:e6:fd:66:3b:59:99:d5:6b:
                    a2:12:29:e8:64:46:b2:bc:a1:ea:63:dc:1e:09:e3:
                    b8:28:94:72:72:ae:29:34:eb:d8:a2:6e:71:0c:c2:
                    08:5f:00:5d:26:8e:52:98:57:3a:ce:9e:13:c8:48:
                    df:40:ba:2a:d6:f1:38:04:e6:37:df:33:45:d3:b6:
                    89:f7:a7:55:ad:58:2a:c1:a5:c9:66:c3:a9:d0:6b:
                    77:94:19:5b:42:7d:dc:c8:37:8e:c1:6b:c8:db:5a:
                    88:46:75:d3:f5:eb:9f:61:c4:5c:3b:d5:ab:af:d5:
                    e1:a8:26:e2:97:0b:0c:c7:b3:8c:ee:60:68:0a:80:
                    46:e0:5d:7f:88:df:22:79:6b:01:2c:71:c7:ec:9b:
                    7e:e4:45:c6:e4:8b:84:5a:82:b2:36:32:98:3a:ac:
                    fc:fc:22:ca:4d:9d:86:6d:52:4c:45:3f:26:33:3a:
                    7a:99:8f:22:e8:3b:71:2d:37:a3:6e:23:22:7a:63:
                    58:dc:b5:0f:b6:75:f3:69:db:a1:cf:65:cd:1c:ef:
                    da:d5:a9:d9:ae:2e:07:c7:3d:3f:b1:97:7a:54:af:
                    13:c6:67:eb:65:fa:05:be:77:30:01:54:b1:c6:f1:
                    b9:c2:75:3e:ff:6b:22:dd:5f:be:8d:88:db:f5:e5:
                    4b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:65:6C:01:F4:87:AB:DD:D8:B0:B5:ED:B4:E0:BC:A6:B3:A4:19:FE
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS210215.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6283:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         55:15:44:93:49:ca:63:d0:b4:fd:73:d4:10:f2:c1:d5:78:5e:
         68:9d:00:90:1f:68:b3:63:49:5d:60:2d:bd:62:7e:c4:ba:21:
         b3:9e:9b:8c:d2:4f:92:48:dd:00:32:93:ee:1e:76:50:22:89:
         1b:91:79:f6:16:83:ff:a6:46:a2:5f:c9:49:d0:28:ce:68:b3:
         16:1f:12:32:60:86:13:49:cc:b0:e7:66:0f:9e:ec:ce:b8:41:
         73:91:90:3f:22:86:4d:f5:a4:3b:29:5a:c2:5a:a8:33:74:90:
         7f:fb:6b:f7:bd:18:ba:4b:93:0a:3b:9e:0e:a0:3e:28:a1:a7:
         4e:89:58:a2:9d:2e:98:6f:69:dd:cb:93:31:18:33:03:13:4b:
         7e:a7:48:36:a7:a6:f6:b1:7d:15:18:a4:f5:4a:d3:96:a8:06:
         83:51:34:e9:0c:eb:bc:ff:a4:ab:fb:f8:1c:9d:14:86:9b:9b:
         0b:af:5c:94:d9:a9:9c:b0:0c:44:c0:f7:14:26:69:20:08:16:
         44:80:a2:d3:9e:73:89:51:84:2d:c5:b7:1d:a2:d4:62:a7:12:
         07:a2:a7:09:4f:c8:f4:17:93:97:58:3f:bf:bd:fa:e7:fe:1e:
         7f:62:66:7b:5e:a7:57:d9:e3:a2:7b:f8:a6:5d:5f:49:52:d2:
         70:62:b6:c1
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUboWKlDJKPuBEPlF6kJ5ZEa60CQAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MjUwMzQ0NDRaFw0yNjA3MjQwMzQ5NDRaMDMxMTAvBgNV
BAMTKEVGNjU2QzAxRjQ4N0FCREREOEIwQjVFREI0RTBCQ0E2QjNBNDE5RkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCstRfDo7rm/WY7WZnVa6ISKehk
RrK8oepj3B4J47golHJyrik069iibnEMwghfAF0mjlKYVzrOnhPISN9AuirW8TgE
5jffM0XTton3p1WtWCrBpclmw6nQa3eUGVtCfdzIN47Ba8jbWohGddP1659hxFw7
1auv1eGoJuKXCwzHs4zuYGgKgEbgXX+I3yJ5awEsccfsm37kRcbki4RagrI2Mpg6
rPz8IspNnYZtUkxFPyYzOnqZjyLoO3EtN6NuIyJ6Y1jctQ+2dfNp26HPZc0c79rV
qdmuLgfHPT+xl3pUrxPGZ+tl+gW+dzABVLHG8bnCdT7/ayLdX76NiNv15UtLAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQU72VsAfSHq93YsLXttOC8prOkGf4wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTAyMTUucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
D2KDEjANBgkqhkiG9w0BAQsFAAOCAQEAVRVEk0nKY9C0/XPUEPLB1XheaJ0AkB9o
s2NJXWAtvWJ+xLohs56bjNJPkkjdADKT7h52UCKJG5F59haD/6ZGol/JSdAozmiz
Fh8SMmCGE0nMsOdmD57szrhBc5GQPyKGTfWkOylawlqoM3SQf/tr970YukuTCjue
DqA+KKGnTolYop0umG9p3cuTMRgzAxNLfqdINqem9rF9FRik9UrTlqgGg1E06Qzr
vP+kq/v4HJ0UhpubC69clNmpnLAMRMD3FCZpIAgWRICi055ziVGELcW3HaLUYqcS
B6KnCU/I9BeTl1g/v7365/4ef2Jme16nV9njonv4pl1fSVLScGK2wQ==
-----END CERTIFICATE-----
Generated at Fri Jul 25 11:14:02 2025 by rpki-client