Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS214135.roa
File:                     AS214135.roa (raw, json)
Hash identifier:          ygKFuuYSXKMMjoBwi/xjMQB27eA7V/MrszlIexpC9e8=
Subject key identifier:   A2:B1:C3:08:30:EC:0E:C1:6D:D0:D3:2B:D8:9C:5A:DF:F2:7A:01:26
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       71561DD7351797B9F0C2BD81D81CD73B6D009242
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS214135.roa
Signing time:             Thu 02 Oct 2025 20:55:11 +0000
ROA not before:           Thu 02 Oct 2025 20:50:11 +0000
ROA not after:            Thu 01 Oct 2026 20:55:11 +0000
asID:                     214135
IP address blocks:        2a0f:6283:8000::/34 maxlen: 34
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:56:1d:d7:35:17:97:b9:f0:c2:bd:81:d8:1c:d7:3b:6d:00:92:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Oct  2 20:50:11 2025 GMT
            Not After : Oct  1 20:55:11 2026 GMT
        Subject: CN=A2B1C30830EC0EC16DD0D32BD89C5ADFF27A0126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2f:93:ed:73:ee:6f:f8:a8:6a:6a:e0:6d:bf:
                    e5:f8:6e:cd:f5:18:ed:26:04:5d:a7:71:45:ba:20:
                    97:6d:c3:f9:01:6f:0e:bc:5c:60:c9:9c:67:1f:64:
                    80:11:5a:09:e4:b8:64:4f:ca:84:bf:96:e3:34:23:
                    2a:1a:51:4e:64:b4:be:f1:83:e4:8c:e3:88:fb:7f:
                    1d:fe:4c:e6:e1:b7:93:31:f4:87:0c:36:cc:44:b1:
                    a6:32:d7:cc:9c:58:55:40:0c:63:81:aa:25:ef:65:
                    b0:14:00:4b:12:0a:68:55:9a:6a:97:65:44:3b:71:
                    1c:7a:ce:e3:d4:9a:ce:53:25:3d:c8:a9:3a:03:f0:
                    4b:80:b3:78:02:54:f8:74:1a:5f:79:ce:c1:4c:e5:
                    1f:a4:0a:0e:e7:e9:3b:27:7e:e9:bb:9c:a5:41:fa:
                    01:17:38:03:40:ac:bf:34:94:aa:95:dd:86:c4:7a:
                    5f:c4:15:c3:ca:fd:77:26:42:a2:04:97:ac:6e:a0:
                    39:9e:3e:4d:62:48:57:48:6e:17:de:34:aa:61:50:
                    b9:f4:f2:a0:da:46:cf:8c:7e:6d:ee:07:bd:f0:66:
                    35:41:86:ce:95:fd:37:b4:e9:c7:67:dd:6d:e5:9f:
                    66:ea:db:fe:46:39:24:f5:2a:28:d9:d1:af:e7:d3:
                    26:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:B1:C3:08:30:EC:0E:C1:6D:D0:D3:2B:D8:9C:5A:DF:F2:7A:01:26
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS214135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6283:8000::/34

    Signature Algorithm: sha256WithRSAEncryption
         4f:37:04:ab:3f:45:7d:03:f7:a1:0b:03:81:57:70:1b:ce:ba:
         90:5c:13:ee:dc:e6:e9:5e:01:7c:77:63:3d:32:ba:99:0d:73:
         62:7a:03:be:be:63:8e:ba:86:76:c4:be:60:ab:1a:fc:c2:fc:
         e6:81:ed:53:47:3d:e2:7d:32:0e:70:75:4d:4a:3c:6b:68:c7:
         3b:20:c7:21:f7:c9:a7:12:c4:2d:0b:93:dd:e1:4c:98:d9:54:
         82:5e:f5:04:59:66:2f:83:a2:89:b4:21:f2:12:94:98:b3:88:
         a0:c8:25:68:91:9e:d3:8d:87:17:5f:cc:e3:78:7b:41:a2:47:
         9a:5c:72:4b:f0:e5:dd:84:fa:6b:61:2d:3c:80:33:4d:e3:08:
         a1:5c:4f:a3:34:7e:d0:80:4a:ae:e7:ed:1f:16:1e:ab:3f:c4:
         65:79:a3:67:6c:eb:6d:48:c8:95:10:11:98:cc:43:5d:0e:f1:
         e5:94:80:b0:50:42:73:f6:77:eb:4a:f6:73:1c:fb:82:7f:0e:
         20:eb:5c:05:34:8a:18:7a:fd:56:ea:98:77:1f:ee:08:53:51:
         27:31:df:b9:33:c1:24:6d:ed:9c:89:af:fb:46:4a:5f:81:a9:
         f0:a9:45:94:35:c6:ad:8a:95:8d:73:83:c0:6f:8a:9a:1d:e1:
         0c:af:7b:a3
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUcVYd1zUXl7nwwr2B2BzXO20AkkIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTEwMDIyMDUwMTFaFw0yNjEwMDEyMDU1MTFaMDMxMTAvBgNV
BAMTKEEyQjFDMzA4MzBFQzBFQzE2REQwRDMyQkQ4OUM1QURGRjI3QTAxMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdL5Ptc+5v+KhqauBtv+X4bs31
GO0mBF2ncUW6IJdtw/kBbw68XGDJnGcfZIARWgnkuGRPyoS/luM0IyoaUU5ktL7x
g+SM44j7fx3+TObht5Mx9IcMNsxEsaYy18ycWFVADGOBqiXvZbAUAEsSCmhVmmqX
ZUQ7cRx6zuPUms5TJT3IqToD8EuAs3gCVPh0Gl95zsFM5R+kCg7n6Tsnfum7nKVB
+gEXOANArL80lKqV3YbEel/EFcPK/XcmQqIEl6xuoDmePk1iSFdIbhfeNKphULn0
8qDaRs+Mfm3uB73wZjVBhs6V/Te06cdn3W3ln2bq2/5GOST1KijZ0a/n0ya1AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUorHDCDDsDsFt0NMr2Jxa3/J6ASYwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTQxMzUucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgYq
D2KDgDANBgkqhkiG9w0BAQsFAAOCAQEATzcEqz9FfQP3oQsDgVdwG866kFwT7tzm
6V4BfHdjPTK6mQ1zYnoDvr5jjrqGdsS+YKsa/ML85oHtU0c94n0yDnB1TUo8a2jH
OyDHIffJpxLELQuT3eFMmNlUgl71BFlmL4OiibQh8hKUmLOIoMglaJGe042HF1/M
43h7QaJHmlxyS/Dl3YT6a2EtPIAzTeMIoVxPozR+0IBKruftHxYeqz/EZXmjZ2zr
bUjIlRARmMxDXQ7x5ZSAsFBCc/Z360r2cxz7gn8OIOtcBTSKGHr9VuqYdx/uCFNR
JzHfuTPBJG3tnImv+0ZKX4Gp8KlFlDXGrYqVjXODwG+Kmh3hDK97ow==
-----END CERTIFICATE-----