Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS213798.roa
File:                     AS213798.roa (raw, json)
Hash identifier:          5614RXMCfZAgL7SsnY/3uAcMd3krLHd6AuyBq6DO/s0=
Subject key identifier:   CC:87:B2:FE:C5:26:A9:D3:CA:F6:41:F7:1A:3A:F7:CA:47:98:21:3B
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       66A3E14D02A86CE84DBCCBC37158447EEEB7E74C
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS213798.roa
Signing time:             Mon 20 Apr 2026 11:42:34 +0000
ROA not before:           Mon 20 Apr 2026 11:37:34 +0000
ROA not after:            Mon 19 Apr 2027 11:42:34 +0000
asID:                     213798
IP address blocks:        2a0f:6286::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 03:51:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:a3:e1:4d:02:a8:6c:e8:4d:bc:cb:c3:71:58:44:7e:ee:b7:e7:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Apr 20 11:37:34 2026 GMT
            Not After : Apr 19 11:42:34 2027 GMT
        Subject: CN=CC87B2FEC526A9D3CAF641F71A3AF7CA4798213B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:ab:a8:d0:27:5f:bf:60:cf:7c:9a:71:41:c9:
                    ee:69:cd:25:b7:80:a2:5b:bb:e1:da:5a:a9:21:80:
                    d2:3c:43:fb:4b:70:82:3f:59:b5:4c:35:a1:5d:ff:
                    ae:a3:d5:e4:a1:4d:82:38:a2:b9:8e:9b:53:9b:42:
                    d3:55:9c:24:3b:06:89:78:df:be:e0:af:de:a8:76:
                    57:c3:76:97:1d:4a:e4:5b:53:6a:bc:04:9d:8d:30:
                    30:b2:1e:12:9d:19:98:11:b0:97:e6:37:d6:93:d8:
                    5f:b5:00:d1:70:3d:52:e6:84:f9:3b:95:6b:fa:58:
                    6c:a1:aa:d9:5f:34:e4:6a:e3:3c:05:6f:e2:aa:35:
                    a1:de:b4:7c:b5:66:0d:eb:a6:53:6e:e3:5d:65:d6:
                    4f:4e:cb:20:84:65:4c:84:b7:7e:da:c0:27:9e:1c:
                    a7:38:c0:ac:f2:80:bf:87:27:2b:28:8a:5c:d9:98:
                    71:c1:29:83:25:f0:89:96:4e:e6:ba:a8:b0:d3:69:
                    1d:d0:5e:90:60:b1:99:d5:7b:90:72:f2:91:09:27:
                    20:27:d7:5d:2b:92:f6:be:ca:45:07:a8:bb:e9:b6:
                    e7:2c:7d:af:40:58:60:58:c2:30:8f:54:16:d5:eb:
                    98:b9:4a:0f:4d:11:8a:77:08:9b:5d:5b:a4:c8:de:
                    dd:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:87:B2:FE:C5:26:A9:D3:CA:F6:41:F7:1A:3A:F7:CA:47:98:21:3B
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS213798.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6286::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:7f:9b:4a:16:22:a8:a0:e7:65:b4:ac:52:7d:41:09:83:27:
         40:76:01:e6:d4:7f:40:34:86:4c:69:da:88:64:1f:c8:66:d9:
         82:3f:e1:a0:2e:46:75:c2:aa:4b:4d:76:a6:c5:24:11:73:98:
         d9:41:dd:cb:46:02:b0:8c:a7:e6:2a:69:1a:d9:a3:b4:63:48:
         68:82:4f:91:f3:d0:7e:f0:f5:80:22:7a:87:a0:e4:35:40:d5:
         5e:11:42:c4:2a:c5:8a:c6:8a:ba:12:90:72:9c:d2:83:0e:76:
         93:22:14:86:8b:b2:13:d9:f7:90:2e:41:e9:9b:5b:65:c5:db:
         aa:ff:6e:77:b3:5c:38:69:9a:88:39:36:96:89:5d:86:93:14:
         31:39:ce:9c:f9:13:b1:9f:43:dc:ff:fe:9f:5e:b0:19:40:a9:
         20:1d:4e:4e:28:aa:e3:28:b5:fb:8d:ae:68:9e:64:50:63:f4:
         f1:00:e9:1b:60:90:2b:d7:94:f1:78:9f:56:13:cd:b8:fc:ad:
         5c:7e:24:1a:98:8c:ce:75:f2:d8:6e:05:c1:5b:3d:f7:74:de:
         8d:70:06:22:08:f3:8f:60:37:b4:41:76:ac:3d:5d:07:3a:7d:
         19:15:79:f3:51:34:31:53:07:34:a4:60:83:7a:f7:b4:74:94:
         27:c5:a0:a0
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIUZqPhTQKobOhNvMvDcVhEfu6350wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA0MjAxMTM3MzRaFw0yNzA0MTkxMTQyMzRaMDMxMTAvBgNV
BAMTKENDODdCMkZFQzUyNkE5RDNDQUY2NDFGNzFBM0FGN0NBNDc5ODIxM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtq6jQJ1+/YM98mnFBye5pzSW3
gKJbu+HaWqkhgNI8Q/tLcII/WbVMNaFd/66j1eShTYI4ormOm1ObQtNVnCQ7Bol4
377gr96odlfDdpcdSuRbU2q8BJ2NMDCyHhKdGZgRsJfmN9aT2F+1ANFwPVLmhPk7
lWv6WGyhqtlfNORq4zwFb+KqNaHetHy1Zg3rplNu411l1k9OyyCEZUyEt37awCee
HKc4wKzygL+HJysoilzZmHHBKYMl8ImWTua6qLDTaR3QXpBgsZnVe5By8pEJJyAn
110rkva+ykUHqLvptucsfa9AWGBYwjCPVBbV65i5Sg9NEYp3CJtdW6TI3t3TAgMB
AAGjggHdMIIB2TAdBgNVHQ4EFgQUzIey/sUmqdPK9kH3Gjr3ykeYITswHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTM3OTgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAq
D2KGMA0GCSqGSIb3DQEBCwUAA4IBAQA9f5tKFiKooOdltKxSfUEJgydAdgHm1H9A
NIZMadqIZB/IZtmCP+GgLkZ1wqpLTXamxSQRc5jZQd3LRgKwjKfmKmka2aO0Y0ho
gk+R89B+8PWAInqHoOQ1QNVeEULEKsWKxoq6EpBynNKDDnaTIhSGi7IT2feQLkHp
m1tlxduq/253s1w4aZqIOTaWiV2GkxQxOc6c+ROxn0Pc//6fXrAZQKkgHU5OKKrj
KLX7ja5onmRQY/TxAOkbYJAr15TxeJ9WE824/K1cfiQamIzOdfLYbgXBWz33dN6N
cAYiCPOPYDe0QXasPV0HOn0ZFXnzUTQxUwc0pGCDeve0dJQnxaCg
-----END CERTIFICATE-----