Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS213447.roa
File:                     AS213447.roa (raw, json)
Hash identifier:          j9tWmCkulsIztPEAFEw1TraN51lvfmV1EqioI3+zeTE=
Subject key identifier:   05:61:91:1B:76:E4:69:87:7D:57:84:46:26:8E:72:81:64:66:06:0D
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       34FDCF94A3B15659E5ADD1C7134726343B5F1182
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS213447.roa
Signing time:             Thu 03 Jul 2025 15:52:59 +0000
ROA not before:           Thu 03 Jul 2025 15:47:59 +0000
ROA not after:            Thu 02 Jul 2026 15:52:59 +0000
asID:                     213447
IP address blocks:        2a0a:6044:7300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:fd:cf:94:a3:b1:56:59:e5:ad:d1:c7:13:47:26:34:3b:5f:11:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:47:59 2025 GMT
            Not After : Jul  2 15:52:59 2026 GMT
        Subject: CN=0561911B76E469877D578446268E72816466060D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:80:d3:59:1a:de:92:ba:51:68:d7:01:04:e0:
                    7f:af:94:b3:26:f1:09:7b:a9:49:6f:0e:95:b4:66:
                    f3:8e:12:9c:df:22:97:09:2f:6a:17:09:41:ca:a2:
                    1f:fc:db:89:0f:a9:e5:37:24:ac:d3:56:18:d8:ac:
                    5c:d9:6c:a9:80:a9:c8:d5:14:86:8b:98:6a:e5:60:
                    e0:7a:ed:a0:fb:ca:4a:e2:9e:68:10:db:b3:1e:de:
                    16:70:c3:53:32:a0:8b:e0:c1:36:eb:2c:f7:24:3e:
                    75:71:7b:cd:70:54:82:f3:67:ed:fe:50:87:f7:81:
                    b7:9e:e7:76:e2:c9:9a:cc:3e:cb:8c:b4:72:af:7a:
                    1f:79:0b:29:36:b5:da:76:06:fe:21:49:d1:c2:c0:
                    32:b6:10:00:dd:c6:db:75:1c:d9:c4:9e:24:db:23:
                    02:f1:6a:4f:1d:7a:49:6f:c8:2a:1c:a5:7e:a7:98:
                    62:1b:b3:b3:97:53:89:0d:a3:62:fb:be:0e:bc:6c:
                    ba:87:4e:2b:80:88:1f:eb:60:a9:5d:84:ab:cd:18:
                    10:e9:6e:d6:e1:89:15:58:7a:f8:1e:13:47:2a:11:
                    84:45:a9:0a:29:25:1c:e3:86:df:2a:3a:5d:29:43:
                    4e:8d:14:30:68:fa:97:ca:49:f7:bf:5b:83:b6:49:
                    91:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:61:91:1B:76:E4:69:87:7D:57:84:46:26:8E:72:81:64:66:06:0D
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS213447.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:7300::/40

    Signature Algorithm: sha256WithRSAEncryption
         07:3e:c7:51:ff:77:80:46:ed:5d:0a:06:41:b2:c4:ee:70:7b:
         9f:09:55:9b:cf:73:53:05:d9:a7:81:fa:f2:88:5a:38:70:79:
         a5:37:30:cf:83:ad:e5:11:ce:b7:36:6a:fb:d2:a8:6e:13:4e:
         36:85:43:41:85:36:f8:8a:ad:9a:5c:5a:07:cd:86:b7:f0:e0:
         53:79:a7:50:76:28:fa:a7:7d:88:c6:26:ca:81:c5:6e:1d:bb:
         44:e3:1c:aa:8a:3d:52:4a:8b:76:88:b5:37:69:a9:11:ba:a1:
         90:ea:b6:88:40:52:a5:2a:1a:0e:cd:9e:d4:68:4c:24:a3:70:
         39:b4:64:28:ea:56:a1:58:ad:c3:ca:2a:48:33:dc:7d:09:01:
         ba:26:ed:bc:8d:60:c2:b6:04:17:15:a1:b3:dd:5a:a1:98:3c:
         cd:d9:56:b7:2d:5b:b2:4f:4d:8d:f6:11:9f:48:80:c0:b9:1e:
         d0:58:4a:85:50:f8:d4:72:a7:14:17:f5:ff:2a:41:c7:cb:01:
         46:2d:c1:5c:bf:00:05:ca:ef:86:69:56:ec:14:f5:96:0e:be:
         53:67:3c:36:78:34:66:e4:d9:f5:21:51:40:ee:d0:47:96:20:
         15:2e:99:43:fc:47:aa:bc:9b:51:fa:84:fc:9e:e4:fe:43:cb:
         3c:ee:76:4d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUNP3PlKOxVlnlrdHHE0cmNDtfEYIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ3NTlaFw0yNjA3MDIxNTUyNTlaMDMxMTAvBgNV
BAMTKDA1NjE5MTFCNzZFNDY5ODc3RDU3ODQ0NjI2OEU3MjgxNjQ2NjA2MEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdgNNZGt6SulFo1wEE4H+vlLMm
8Ql7qUlvDpW0ZvOOEpzfIpcJL2oXCUHKoh/824kPqeU3JKzTVhjYrFzZbKmAqcjV
FIaLmGrlYOB67aD7ykrinmgQ27Me3hZww1MyoIvgwTbrLPckPnVxe81wVILzZ+3+
UIf3gbee53biyZrMPsuMtHKveh95Cyk2tdp2Bv4hSdHCwDK2EADdxtt1HNnEniTb
IwLxak8deklvyCocpX6nmGIbs7OXU4kNo2L7vg68bLqHTiuAiB/rYKldhKvNGBDp
btbhiRVYevgeE0cqEYRFqQopJRzjht8qOl0pQ06NFDBo+pfKSfe/W4O2SZFdAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUBWGRG3bkaYd9V4RGJo5ygWRmBg0wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTM0NDcucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
CmBEczANBgkqhkiG9w0BAQsFAAOCAQEABz7HUf93gEbtXQoGQbLE7nB7nwlVm89z
UwXZp4H68ohaOHB5pTcwz4Ot5RHOtzZq+9KobhNONoVDQYU2+IqtmlxaB82Gt/Dg
U3mnUHYo+qd9iMYmyoHFbh27ROMcqoo9UkqLdoi1N2mpEbqhkOq2iEBSpSoaDs2e
1GhMJKNwObRkKOpWoVitw8oqSDPcfQkBuibtvI1gwrYEFxWhs91aoZg8zdlWty1b
sk9NjfYRn0iAwLke0FhKhVD41HKnFBf1/ypBx8sBRi3BXL8ABcrvhmlW7BT1lg6+
U2c8Nng0ZuTZ9SFRQO7QR5YgFS6ZQ/xHqrybUfqE/J7k/kPLPO52TQ==
-----END CERTIFICATE-----