Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS213447.roa
File:                     AS213447.roa (raw, json)
Hash identifier:          lpWSyeM6hybo3oxImdBj9ee1C4KTr1aIzPV8D1a+2B0=
Subject key identifier:   A2:73:5B:FE:AD:06:C0:B7:56:8D:91:41:29:0D:2E:7A:24:B9:12:A8
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       57F7DE40B5851DCD2F699F991752B011CAE3F50C
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS213447.roa
Signing time:             Thu 04 Jun 2026 16:51:50 +0000
ROA not before:           Thu 04 Jun 2026 16:46:50 +0000
ROA not after:            Thu 03 Jun 2027 16:51:50 +0000
asID:                     213447
IP address blocks:        2a0a:6044:7300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:f7:de:40:b5:85:1d:cd:2f:69:9f:99:17:52:b0:11:ca:e3:f5:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jun  4 16:46:50 2026 GMT
            Not After : Jun  3 16:51:50 2027 GMT
        Subject: CN=A2735BFEAD06C0B7568D9141290D2E7A24B912A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:cd:7a:bc:c5:7a:ae:2e:6a:b4:e5:cc:98:79:
                    25:e7:91:77:a2:0a:ec:78:8d:15:69:6c:7d:35:a4:
                    14:3d:fc:f4:ab:63:a1:85:97:9f:06:6d:d7:7a:be:
                    11:71:82:fb:8b:d1:f6:1c:63:a6:10:17:22:30:28:
                    e0:37:bd:98:75:e9:46:ea:f7:0b:d6:6b:23:e7:22:
                    07:84:4d:db:3a:cb:d3:dd:29:0c:ad:d2:3b:c1:23:
                    01:b3:26:85:1a:54:35:e8:4e:21:a2:cc:e6:c4:74:
                    a7:34:24:71:5d:33:3b:b6:f2:dd:a7:21:c1:2e:19:
                    e3:cd:51:32:94:78:20:24:66:f1:26:50:1a:f4:c6:
                    23:d2:c4:47:71:68:c1:6a:7f:3f:88:af:1d:14:40:
                    ae:20:81:5e:cc:e0:c1:f8:d0:16:86:7a:ef:ab:76:
                    93:c6:a6:67:a5:47:bb:eb:39:8d:c8:8a:64:d1:00:
                    e5:0c:15:fb:a7:f5:78:75:c5:b4:2d:28:82:bd:ca:
                    b9:9a:9d:45:c6:c4:c3:26:52:fd:1c:1a:80:b5:05:
                    2a:fd:ae:bc:d8:2c:61:fa:dc:79:16:e0:41:46:13:
                    25:fb:21:25:f7:ec:a5:27:ec:e7:7b:95:e1:41:d7:
                    0e:ac:b7:66:50:c3:a0:74:bd:59:5f:72:c0:67:cf:
                    12:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:73:5B:FE:AD:06:C0:B7:56:8D:91:41:29:0D:2E:7A:24:B9:12:A8
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS213447.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:7300::/40

    Signature Algorithm: sha256WithRSAEncryption
         3c:e6:0e:3e:62:fd:76:8a:21:c7:fe:7d:11:47:2b:86:50:e3:
         46:3a:5b:d0:c3:b7:04:ef:a4:96:53:84:51:c0:28:96:9d:c1:
         de:81:bf:98:c2:f8:bc:7a:d9:c3:fe:21:53:e9:c6:d4:5a:e1:
         5d:03:a0:81:3c:de:6f:ef:2b:8d:4f:63:76:54:25:33:5f:d8:
         02:b9:76:d0:80:8c:e4:6d:45:df:9c:b4:d8:ae:9f:40:48:7a:
         47:ae:7f:7b:11:da:42:eb:e4:76:e8:8f:f3:5a:59:b0:9b:1b:
         40:ea:21:51:95:b1:f8:6c:48:37:86:f4:44:91:04:8c:f4:84:
         50:03:3c:61:35:8f:d4:90:ff:8d:05:49:f7:22:ea:fe:06:10:
         ba:06:0f:4a:8a:76:d7:9b:9e:77:3f:f6:3c:c9:92:3a:3f:e0:
         f5:4e:05:0a:45:0d:4d:d3:3c:77:c5:ec:e7:6d:65:f1:56:02:
         35:e1:7b:d0:e0:16:56:48:78:28:12:be:fe:48:fa:e1:4c:a1:
         d0:20:a2:14:4f:8e:76:94:8f:51:3d:d4:37:2d:d3:d6:dd:83:
         89:76:8f:8b:bd:30:a4:b5:03:a3:3c:88:56:2a:6c:34:cb:55:
         f2:7f:e1:9b:75:15:d9:62:6e:3c:34:32:fb:71:32:e3:11:2b:
         81:7e:21:4c
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUV/feQLWFHc0vaZ+ZF1KwEcrj9QwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA2MDQxNjQ2NTBaFw0yNzA2MDMxNjUxNTBaMDMxMTAvBgNV
BAMTKEEyNzM1QkZFQUQwNkMwQjc1NjhEOTE0MTI5MEQyRTdBMjRCOTEyQTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVzXq8xXquLmq05cyYeSXnkXei
Cux4jRVpbH01pBQ9/PSrY6GFl58Gbdd6vhFxgvuL0fYcY6YQFyIwKOA3vZh16Ubq
9wvWayPnIgeETds6y9PdKQyt0jvBIwGzJoUaVDXoTiGizObEdKc0JHFdMzu28t2n
IcEuGePNUTKUeCAkZvEmUBr0xiPSxEdxaMFqfz+Irx0UQK4ggV7M4MH40BaGeu+r
dpPGpmelR7vrOY3IimTRAOUMFfun9Xh1xbQtKIK9yrmanUXGxMMmUv0cGoC1BSr9
rrzYLGH63HkW4EFGEyX7ISX37KUn7Od7leFB1w6st2ZQw6B0vVlfcsBnzxIlAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUonNb/q0GwLdWjZFBKQ0ueiS5EqgwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTM0NDcucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
CmBEczANBgkqhkiG9w0BAQsFAAOCAQEAPOYOPmL9doohx/59EUcrhlDjRjpb0MO3
BO+kllOEUcAolp3B3oG/mML4vHrZw/4hU+nG1FrhXQOggTzeb+8rjU9jdlQlM1/Y
Arl20ICM5G1F35y02K6fQEh6R65/exHaQuvkduiP81pZsJsbQOohUZWx+GxIN4b0
RJEEjPSEUAM8YTWP1JD/jQVJ9yLq/gYQugYPSop215uedz/2PMmSOj/g9U4FCkUN
TdM8d8Xs521l8VYCNeF70OAWVkh4KBK+/kj64Uyh0CCiFE+OdpSPUT3UNy3T1t2D
iXaPi70wpLUDozyIVipsNMtV8n/hm3UV2WJuPDQy+3Ey4xErgX4hTA==
-----END CERTIFICATE-----