Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS213576.roa
File:                     AS213576.roa (raw, json)
Hash identifier:          R17a8pF72MapV3buQ6tyEhTjjop81P/f9wSF0MgaXPw=
Subject key identifier:   8F:8D:56:C9:0A:41:C9:52:F3:7C:B2:F9:27:9D:B8:84:44:1C:38:F6
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       629E4C4E8C511B991E26408221DB33010F64AEDD
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS213576.roa
Signing time:             Thu 03 Jul 2025 15:53:01 +0000
ROA not before:           Thu 03 Jul 2025 15:48:01 +0000
ROA not after:            Thu 02 Jul 2026 15:53:01 +0000
asID:                     213576
IP address blocks:        2a05:dfc3:fe00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:9e:4c:4e:8c:51:1b:99:1e:26:40:82:21:db:33:01:0f:64:ae:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:01 2025 GMT
            Not After : Jul  2 15:53:01 2026 GMT
        Subject: CN=8F8D56C90A41C952F37CB2F9279DB884441C38F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d1:1d:26:63:0a:7b:4c:f6:e2:66:3e:14:7c:
                    bd:c5:99:bd:4e:1c:74:13:5a:12:9a:37:0f:a4:06:
                    0e:f1:27:9c:f2:69:6d:28:9d:81:31:c9:dd:fa:0c:
                    73:07:c8:de:4b:51:df:be:31:bb:d2:f5:b1:4a:67:
                    73:8f:f1:75:a6:2a:b6:2c:de:92:b7:aa:fc:49:6b:
                    35:eb:4f:64:55:0b:4b:6a:b0:88:87:41:d2:90:2b:
                    9c:20:53:1f:3d:6e:76:e7:2a:4c:bd:16:3e:df:6e:
                    d5:26:9c:eb:f1:c6:1d:00:90:e3:9f:53:38:66:c1:
                    91:e7:ef:16:ae:c6:68:e7:a2:19:68:38:5a:c4:50:
                    52:98:50:16:14:9d:38:fa:1f:80:4e:5b:33:0f:24:
                    6d:5a:e6:af:c0:cc:cb:58:09:f8:b5:d2:1b:00:a4:
                    66:d1:e3:8c:d5:f6:b1:2d:80:97:5a:aa:2c:9e:c5:
                    3c:51:b6:ab:b8:7e:fc:79:f5:f1:52:66:56:76:62:
                    e2:3e:ac:f0:c1:f7:60:7e:ca:c9:72:98:75:c2:03:
                    7f:20:42:31:02:1a:4f:ea:d7:d1:62:2e:b9:98:b1:
                    66:4d:3b:5b:4d:57:b0:ca:3d:b3:97:05:9b:bc:ad:
                    7e:38:09:16:0e:07:8c:1e:36:5d:80:8d:48:f3:00:
                    0b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:8D:56:C9:0A:41:C9:52:F3:7C:B2:F9:27:9D:B8:84:44:1C:38:F6
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS213576.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3:fe00::/40

    Signature Algorithm: sha256WithRSAEncryption
         89:e1:56:cc:99:26:15:9c:58:6f:ee:40:38:7a:4b:b4:e1:4e:
         31:ce:9c:b4:9b:14:08:41:b9:62:f3:76:22:65:29:a6:8f:12:
         7f:ca:49:80:eb:e8:15:a0:3b:5b:59:84:43:88:f9:9b:a6:2a:
         1c:d0:57:96:c9:93:d4:4c:ae:52:6a:ba:81:67:dd:e4:a5:b4:
         33:dc:0a:93:71:0c:dc:2d:95:6e:7a:9f:89:77:a8:86:b9:0a:
         c1:21:0a:c1:04:12:48:c2:73:86:ec:94:8c:f1:e6:33:36:c0:
         29:e5:06:f8:dd:0e:de:5c:90:38:26:c7:21:bb:c4:f1:2c:59:
         83:32:36:62:33:32:cb:24:af:f9:3b:ec:9f:7f:71:00:e1:ee:
         d7:11:1e:3f:43:6b:1a:ba:40:a5:1e:4e:e2:77:40:70:c4:6f:
         91:68:a2:5d:a8:e7:45:d6:9c:43:d6:fa:80:89:56:69:4a:b1:
         ae:28:4b:8c:f5:53:b2:30:88:8a:20:7f:6d:30:31:4b:87:cc:
         96:47:9e:28:3e:75:7b:e1:a6:90:bf:8b:a3:a6:01:3d:a4:e4:
         ef:24:4a:3a:d3:bb:d2:33:c1:7f:a8:f7:ab:73:ce:ce:11:75:
         78:b6:bd:04:42:35:bd:75:a4:98:2c:f0:8d:0e:88:69:82:1b:
         d7:51:45:c9
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUYp5MToxRG5keJkCCIdszAQ9krt0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDFaFw0yNjA3MDIxNTUzMDFaMDMxMTAvBgNV
BAMTKDhGOEQ1NkM5MEE0MUM5NTJGMzdDQjJGOTI3OURCODg0NDQxQzM4RjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV0R0mYwp7TPbiZj4UfL3Fmb1O
HHQTWhKaNw+kBg7xJ5zyaW0onYExyd36DHMHyN5LUd++MbvS9bFKZ3OP8XWmKrYs
3pK3qvxJazXrT2RVC0tqsIiHQdKQK5wgUx89bnbnKky9Fj7fbtUmnOvxxh0AkOOf
UzhmwZHn7xauxmjnohloOFrEUFKYUBYUnTj6H4BOWzMPJG1a5q/AzMtYCfi10hsA
pGbR44zV9rEtgJdaqiyexTxRtqu4fvx59fFSZlZ2YuI+rPDB92B+yslymHXCA38g
QjECGk/q19FiLrmYsWZNO1tNV7DKPbOXBZu8rX44CRYOB4weNl2AjUjzAAsDAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUj41WyQpByVLzfLL5J524hEQcOPYwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTM1NzYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
Bd/D/jANBgkqhkiG9w0BAQsFAAOCAQEAieFWzJkmFZxYb+5AOHpLtOFOMc6ctJsU
CEG5YvN2ImUppo8Sf8pJgOvoFaA7W1mEQ4j5m6YqHNBXlsmT1EyuUmq6gWfd5KW0
M9wKk3EM3C2VbnqfiXeohrkKwSEKwQQSSMJzhuyUjPHmMzbAKeUG+N0O3lyQOCbH
IbvE8SxZgzI2YjMyyySv+Tvsn39xAOHu1xEeP0NrGrpApR5O4ndAcMRvkWiiXajn
RdacQ9b6gIlWaUqxrihLjPVTsjCIiiB/bTAxS4fMlkeeKD51e+GmkL+Lo6YBPaTk
7yRKOtO70jPBf6j3q3POzhF1eLa9BEI1vXWkmCzwjQ6IaYIb11FFyQ==
-----END CERTIFICATE-----