Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS212708.roa
File:                     AS212708.roa (raw, json)
Hash identifier:          9z9z9ZgR69/q3QuhuKfXFVKNolS+aUKnc7zKEHX/j/E=
Subject key identifier:   5B:C2:F4:40:91:11:1F:10:77:6F:49:1D:DD:EE:06:32:1A:57:41:CE
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       0E9582CEFB16657B082A93727F097A318E64B942
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS212708.roa
Signing time:             Mon 22 Jun 2026 09:49:11 +0000
ROA not before:           Mon 22 Jun 2026 09:44:11 +0000
ROA not after:            Mon 21 Jun 2027 09:49:11 +0000
asID:                     212708
IP address blocks:        2a0f:6280:1200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 23:27:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:95:82:ce:fb:16:65:7b:08:2a:93:72:7f:09:7a:31:8e:64:b9:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jun 22 09:44:11 2026 GMT
            Not After : Jun 21 09:49:11 2027 GMT
        Subject: CN=5BC2F44091111F10776F491DDDEE06321A5741CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:85:65:e8:bd:33:87:c0:08:4a:38:ee:77:7e:
                    2e:60:06:03:29:36:79:45:c2:a0:81:13:80:7e:35:
                    79:91:cc:7d:f8:4f:19:8e:ae:5a:8f:ea:11:1b:79:
                    ad:7c:96:d8:26:c0:91:eb:7a:00:de:ba:ab:52:34:
                    2e:78:dc:79:c1:bd:86:86:59:44:d8:c1:ff:a2:26:
                    0b:3b:66:c0:35:e9:55:50:ab:8f:5d:c9:59:f9:01:
                    cd:9c:6c:91:37:11:fa:34:63:22:44:28:3e:49:d0:
                    d3:1f:11:58:ad:ef:96:f7:69:d4:c8:7b:66:04:50:
                    7f:36:43:d5:75:c9:8b:50:bf:3b:5a:4e:b2:91:10:
                    5c:07:d6:18:be:22:28:12:e6:b3:d9:2a:6e:12:da:
                    0c:c6:b3:71:4f:2b:c7:50:be:1c:ce:04:94:61:1d:
                    38:54:36:73:0d:82:01:b8:83:df:94:80:51:a5:dc:
                    1e:cf:af:d0:55:35:2d:d0:e7:f0:ab:cb:35:11:ac:
                    d4:45:6c:19:e2:19:8c:aa:43:71:1f:3e:87:3c:b5:
                    a8:da:43:56:5f:6a:31:22:8d:c8:ba:04:20:67:3c:
                    c3:8a:1d:83:44:41:46:c8:0b:ab:14:4c:fe:f6:57:
                    68:03:64:a3:e6:7a:73:47:be:5c:22:f0:c9:81:72:
                    34:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:C2:F4:40:91:11:1F:10:77:6F:49:1D:DD:EE:06:32:1A:57:41:CE
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS212708.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6280:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         1b:4b:dd:cb:ad:7a:92:fc:7e:ae:f1:d9:3a:ec:d9:4e:62:80:
         56:0b:29:44:71:e7:b5:3e:9c:23:27:8a:7a:ba:b9:ac:32:80:
         d1:24:a3:eb:2a:ec:f8:96:77:41:c0:d7:ff:cb:85:c6:ca:1a:
         ac:55:89:37:5c:c3:ff:75:ba:a5:22:b1:1c:b4:c9:14:82:fb:
         9a:14:86:04:a9:b2:5c:ba:af:1f:42:d9:59:43:36:5f:46:db:
         50:66:aa:0c:30:48:3b:56:c1:60:d2:ca:19:a2:18:4b:86:59:
         6b:b3:a1:6b:aa:9c:16:37:6c:08:04:ea:c6:f7:9b:e4:5b:2d:
         3b:18:4d:44:a8:fd:06:7c:d5:0c:83:6b:b8:2d:1f:ae:96:6b:
         b6:02:4d:a6:1c:d5:40:33:6c:14:ed:d9:a1:d6:6d:a6:e2:07:
         4a:cd:36:ec:47:64:ad:ec:31:56:7f:40:68:d2:f5:d6:21:8f:
         8a:07:9a:31:64:58:49:1f:7f:61:e4:b7:4b:b5:19:81:3c:d5:
         c5:e5:31:58:8d:3d:88:7d:ed:5e:e8:c8:37:c6:32:95:9b:67:
         59:7e:7d:d8:4b:9f:f9:d2:86:29:ae:13:86:7a:f6:ff:55:19:
         57:20:62:a9:c2:57:bb:c8:6d:d4:6a:1d:b3:92:6a:95:95:8e:
         a7:48:bc:35
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUDpWCzvsWZXsIKpNyfwl6MY5kuUIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA2MjIwOTQ0MTFaFw0yNzA2MjEwOTQ5MTFaMDMxMTAvBgNV
BAMTKDVCQzJGNDQwOTExMTFGMTA3NzZGNDkxRERERUUwNjMyMUE1NzQxQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFhWXovTOHwAhKOO53fi5gBgMp
NnlFwqCBE4B+NXmRzH34TxmOrlqP6hEbea18ltgmwJHregDeuqtSNC543HnBvYaG
WUTYwf+iJgs7ZsA16VVQq49dyVn5Ac2cbJE3Efo0YyJEKD5J0NMfEVit75b3adTI
e2YEUH82Q9V1yYtQvztaTrKREFwH1hi+IigS5rPZKm4S2gzGs3FPK8dQvhzOBJRh
HThUNnMNggG4g9+UgFGl3B7Pr9BVNS3Q5/CryzURrNRFbBniGYyqQ3EfPoc8taja
Q1ZfajEijci6BCBnPMOKHYNEQUbIC6sUTP72V2gDZKPmenNHvlwi8MmBcjRlAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUW8L0QJERHxB3b0kd3e4GMhpXQc4wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTI3MDgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
D2KAEjANBgkqhkiG9w0BAQsFAAOCAQEAG0vdy616kvx+rvHZOuzZTmKAVgspRHHn
tT6cIyeKerq5rDKA0SSj6yrs+JZ3QcDX/8uFxsoarFWJN1zD/3W6pSKxHLTJFIL7
mhSGBKmyXLqvH0LZWUM2X0bbUGaqDDBIO1bBYNLKGaIYS4ZZa7Oha6qcFjdsCATq
xveb5FstOxhNRKj9BnzVDINruC0frpZrtgJNphzVQDNsFO3ZodZtpuIHSs027Edk
rewxVn9AaNL11iGPigeaMWRYSR9/YeS3S7UZgTzVxeUxWI09iH3tXujIN8YylZtn
WX592Euf+dKGKa4Thnr2/1UZVyBiqcJXu8ht1Gods5JqlZWOp0i8NQ==
-----END CERTIFICATE-----