Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS214675.roa
File:                     AS214675.roa (raw, json)
Hash identifier:          FHd+v+KuEwaL9iiwsmxX2cIihIpDbQITItt9FNfKeAc=
Subject key identifier:   39:68:24:9B:72:46:54:34:68:CF:6B:BB:C1:29:DE:C7:07:BF:B4:E6
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       61EA7AA36DD4E48B386451B04FAAC4552B87FAA7
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS214675.roa
Signing time:             Thu 03 Jul 2025 15:53:00 +0000
ROA not before:           Thu 03 Jul 2025 15:48:00 +0000
ROA not after:            Thu 02 Jul 2026 15:53:00 +0000
asID:                     214675
IP address blocks:        2a0a:6044:aca0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 21:20:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:ea:7a:a3:6d:d4:e4:8b:38:64:51:b0:4f:aa:c4:55:2b:87:fa:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:00 2025 GMT
            Not After : Jul  2 15:53:00 2026 GMT
        Subject: CN=3968249B7246543468CF6BBBC129DEC707BFB4E6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:57:2f:db:81:2f:f7:30:a7:d8:9e:fa:32:ba:
                    27:ea:81:d6:33:da:e9:e0:c2:ef:90:c2:3f:3a:b8:
                    e3:c4:9a:2d:c5:50:de:c2:fe:a3:77:93:51:56:6d:
                    e7:f7:cb:3a:65:b0:79:5b:eb:d1:03:7f:f9:b5:09:
                    c3:07:a3:d2:7c:9e:73:c9:23:36:b1:a6:18:99:7f:
                    26:18:79:57:8a:14:3a:d2:99:3b:42:70:d3:40:16:
                    a2:23:a2:c4:38:8e:17:c1:73:13:41:02:84:2a:8f:
                    96:1e:8f:98:00:be:17:8a:c0:c1:ad:62:9b:14:e9:
                    58:04:e1:4f:ba:b1:6f:3a:74:2a:6e:85:cc:ec:2f:
                    a1:1d:c0:75:90:d5:d7:d4:d6:3e:84:c4:8b:4e:32:
                    e3:d5:67:96:6c:84:46:82:57:07:c1:a4:bc:ca:94:
                    96:89:7c:51:2b:1b:73:dd:0c:91:18:8c:e5:e4:01:
                    f0:a0:91:da:0b:27:2d:ae:f0:94:d9:d1:d4:a8:fc:
                    e1:19:1d:ca:3b:b1:ad:f1:6f:f9:8b:0b:04:f0:50:
                    11:10:1e:dd:66:99:f7:e5:10:c1:b1:c5:83:4a:96:
                    0c:07:b2:78:0f:ce:c1:09:7c:38:cf:b5:97:c5:24:
                    58:8e:54:83:c5:2e:fb:ee:7c:e9:32:5d:19:42:56:
                    3e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:68:24:9B:72:46:54:34:68:CF:6B:BB:C1:29:DE:C7:07:BF:B4:E6
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS214675.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:aca0::/44

    Signature Algorithm: sha256WithRSAEncryption
         36:b5:57:71:2b:5d:f3:cb:22:41:7c:be:c0:96:38:98:3e:33:
         61:b3:f1:c9:cf:4b:c8:d0:f0:35:20:7f:cf:1b:58:c9:c4:c5:
         7f:05:cf:1f:95:af:ca:2f:85:4f:2f:2c:5f:fe:ff:21:ed:84:
         ae:7c:89:ea:5d:3f:21:bd:86:28:b4:0e:5b:ad:2d:f8:c2:41:
         97:56:72:83:b7:6e:48:a1:fc:d5:22:29:97:33:78:ed:04:0f:
         9d:02:1c:70:b8:61:c9:73:9a:82:4e:e1:0f:cf:44:0b:48:ff:
         5e:8d:54:9f:75:4e:7d:bf:c2:48:1c:2d:fb:9e:ed:38:75:d4:
         8c:69:0c:c7:78:d6:c8:21:fc:88:cb:ea:e1:ad:bf:c4:ce:ba:
         6a:a2:0e:04:b5:41:a5:be:58:e1:4b:80:83:29:03:09:02:68:
         8f:9c:d4:85:c0:7c:f2:07:5d:3c:c6:16:13:4f:ae:e6:14:6b:
         22:91:8f:4d:25:a0:7e:5b:bc:fb:13:25:ef:bf:a9:5b:73:5e:
         b9:82:00:4c:96:15:03:c0:94:27:28:83:33:66:1d:92:7e:d8:
         86:76:ad:31:3f:2f:84:3d:f2:74:ac:8c:87:21:35:8a:59:20:
         18:7d:c9:83:03:ea:93:45:db:08:3f:83:dc:0d:09:58:cd:48:
         17:55:43:4b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUYep6o23U5Is4ZFGwT6rEVSuH+qcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDBaFw0yNjA3MDIxNTUzMDBaMDMxMTAvBgNV
BAMTKDM5NjgyNDlCNzI0NjU0MzQ2OENGNkJCQkMxMjlERUM3MDdCRkI0RTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIVy/bgS/3MKfYnvoyuifqgdYz
2ungwu+Qwj86uOPEmi3FUN7C/qN3k1FWbef3yzplsHlb69EDf/m1CcMHo9J8nnPJ
IzaxphiZfyYYeVeKFDrSmTtCcNNAFqIjosQ4jhfBcxNBAoQqj5Yej5gAvheKwMGt
YpsU6VgE4U+6sW86dCpuhczsL6EdwHWQ1dfU1j6ExItOMuPVZ5ZshEaCVwfBpLzK
lJaJfFErG3PdDJEYjOXkAfCgkdoLJy2u8JTZ0dSo/OEZHco7sa3xb/mLCwTwUBEQ
Ht1mmfflEMGxxYNKlgwHsngPzsEJfDjPtZfFJFiOVIPFLvvufOkyXRlCVj6JAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUOWgkm3JGVDRoz2u7wSnexwe/tOYwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTQ2NzUucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQq
CmBErKAwDQYJKoZIhvcNAQELBQADggEBADa1V3ErXfPLIkF8vsCWOJg+M2Gz8cnP
S8jQ8DUgf88bWMnExX8Fzx+Vr8ovhU8vLF/+/yHthK58iepdPyG9hii0DlutLfjC
QZdWcoO3bkih/NUiKZczeO0ED50CHHC4YclzmoJO4Q/PRAtI/16NVJ91Tn2/wkgc
Lfue7Th11IxpDMd41sgh/IjL6uGtv8TOumqiDgS1QaW+WOFLgIMpAwkCaI+c1IXA
fPIHXTzGFhNPruYUayKRj00loH5bvPsTJe+/qVtzXrmCAEyWFQPAlCcogzNmHZJ+
2IZ2rTE/L4Q98nSsjIchNYpZIBh9yYMD6pNF2wg/g9wNCVjNSBdVQ0s=
-----END CERTIFICATE-----