Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS214172.roa
File:                     AS214172.roa (raw, json)
Hash identifier:          s3EPe9so9kXesvF7ZVhQGbkjvhDMQamOwc4XQpr9PxA=
Subject key identifier:   77:1B:EA:EE:1E:07:42:61:FA:2C:41:A6:75:45:14:69:D5:02:ED:15
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       10DEB60506F3D5137AE63363E0FEA1B8AC7141AA
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS214172.roa
Signing time:             Thu 03 Jul 2025 15:53:01 +0000
ROA not before:           Thu 03 Jul 2025 15:48:01 +0000
ROA not after:            Thu 02 Jul 2026 15:53:01 +0000
asID:                     214172
IP address blocks:        2a0a:6044:6200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:de:b6:05:06:f3:d5:13:7a:e6:33:63:e0:fe:a1:b8:ac:71:41:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:01 2025 GMT
            Not After : Jul  2 15:53:01 2026 GMT
        Subject: CN=771BEAEE1E074261FA2C41A675451469D502ED15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fb:8c:1f:43:d0:46:cc:bf:60:9c:11:50:13:
                    5a:91:64:b6:91:cc:68:5b:11:f7:d7:23:41:20:97:
                    7d:75:c5:d0:43:1f:f6:a2:bb:1b:b2:79:7c:ae:5c:
                    e3:f4:9f:54:af:6f:0d:99:c0:d9:32:3e:5b:b4:34:
                    97:8f:59:66:f5:2e:10:b2:0e:08:51:e7:fb:48:b5:
                    79:27:ea:69:82:87:cc:ab:fd:b1:a6:34:a8:2b:20:
                    48:9e:19:6d:6e:c6:7b:bf:76:52:9e:73:9e:73:32:
                    d9:3d:10:ca:78:1c:5a:04:0c:20:31:2e:70:e1:91:
                    c7:4c:1a:24:29:6a:f1:0b:0a:e8:00:e8:76:9a:f0:
                    82:17:fa:c1:97:cc:a6:df:54:a6:67:9b:7c:7a:db:
                    3e:d6:17:93:d0:b5:74:f4:81:29:ea:b0:99:aa:b3:
                    8a:7d:1e:37:d1:31:d6:10:b4:65:81:a9:79:2e:38:
                    18:34:ba:ec:89:0f:53:77:f0:66:d9:0c:2a:71:07:
                    ec:0d:1e:9e:2e:00:7e:70:9a:d2:e6:9f:03:26:b5:
                    2f:2d:2e:30:4e:a8:36:f6:38:e4:fc:98:c5:e9:4c:
                    51:91:27:be:d6:36:c1:c5:8a:8a:a1:e0:66:9e:d2:
                    af:c7:2c:f2:2e:21:5d:1e:7c:36:05:35:ae:0d:b4:
                    82:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:1B:EA:EE:1E:07:42:61:FA:2C:41:A6:75:45:14:69:D5:02:ED:15
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS214172.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:6200::/40

    Signature Algorithm: sha256WithRSAEncryption
         0b:b0:d1:2b:4f:6e:c0:fb:bf:ce:11:aa:f9:84:da:20:80:16:
         b5:67:1a:97:f2:2f:31:bc:15:a5:43:4c:01:07:d6:0d:82:0d:
         76:49:30:80:ae:89:cb:93:5f:c4:4b:54:65:8b:2a:93:b5:7e:
         1c:9f:7d:ea:e8:53:a3:99:7f:f9:b6:db:0e:df:0a:2f:7a:07:
         7b:59:89:30:70:40:cc:eb:b7:65:0b:1f:93:16:a8:2f:8b:c9:
         fb:78:b6:a9:7f:e9:86:b5:93:9d:95:08:d9:11:34:db:72:71:
         30:bf:6b:c8:fd:ff:2f:e1:f2:99:33:21:28:26:54:77:0d:23:
         17:bc:e9:77:b9:b0:b9:f4:46:81:9d:4c:dc:0c:24:28:cd:b3:
         49:41:16:57:5c:df:d3:f4:36:84:41:a4:e6:45:02:ed:be:cf:
         90:b2:dd:f3:a7:23:62:e6:b9:9a:6d:74:c2:03:50:a1:f0:fb:
         ee:42:f5:f1:14:02:bb:c7:a1:89:95:8d:2f:95:81:8c:38:8f:
         d6:53:a6:cd:f2:3e:b0:3c:19:08:06:5c:c0:e1:71:a6:8f:0c:
         e7:ce:86:d5:12:ac:73:0d:a7:3a:c1:52:b4:25:d2:29:08:5a:
         b7:27:c1:ca:2b:05:4b:51:bc:f4:ee:82:06:08:a3:da:03:23:
         fb:4e:cd:3a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUEN62BQbz1RN65jNj4P6huKxxQaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDFaFw0yNjA3MDIxNTUzMDFaMDMxMTAvBgNV
BAMTKDc3MUJFQUVFMUUwNzQyNjFGQTJDNDFBNjc1NDUxNDY5RDUwMkVEMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd+4wfQ9BGzL9gnBFQE1qRZLaR
zGhbEffXI0Egl311xdBDH/aiuxuyeXyuXOP0n1Svbw2ZwNkyPlu0NJePWWb1LhCy
DghR5/tItXkn6mmCh8yr/bGmNKgrIEieGW1uxnu/dlKec55zMtk9EMp4HFoEDCAx
LnDhkcdMGiQpavELCugA6Haa8IIX+sGXzKbfVKZnm3x62z7WF5PQtXT0gSnqsJmq
s4p9HjfRMdYQtGWBqXkuOBg0uuyJD1N38GbZDCpxB+wNHp4uAH5wmtLmnwMmtS8t
LjBOqDb2OOT8mMXpTFGRJ77WNsHFioqh4Gae0q/HLPIuIV0efDYFNa4NtIJzAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUdxvq7h4HQmH6LEGmdUUUadUC7RUwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTQxNzIucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
CmBEYjANBgkqhkiG9w0BAQsFAAOCAQEAC7DRK09uwPu/zhGq+YTaIIAWtWcal/Iv
MbwVpUNMAQfWDYINdkkwgK6Jy5NfxEtUZYsqk7V+HJ996uhTo5l/+bbbDt8KL3oH
e1mJMHBAzOu3ZQsfkxaoL4vJ+3i2qX/phrWTnZUI2RE023JxML9ryP3/L+HymTMh
KCZUdw0jF7zpd7mwufRGgZ1M3AwkKM2zSUEWV1zf0/Q2hEGk5kUC7b7PkLLd86cj
Yua5mm10wgNQofD77kL18RQCu8ehiZWNL5WBjDiP1lOmzfI+sDwZCAZcwOFxpo8M
586G1RKscw2nOsFStCXSKQhatyfByisFS1G89O6CBgij2gMj+07NOg==
-----END CERTIFICATE-----