Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS214731.roa
File:                     AS214731.roa (raw, json)
Hash identifier:          D1iFUH529XghAm0EUl3HeR2ZGoy8MO2LHm2KsjzPb+8=
Subject key identifier:   2A:21:A5:BF:69:A6:30:E3:8A:0D:EB:D5:52:53:55:1F:E7:E3:71:5A
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       5FC89BC8FF7AD43AAD0A4A1FC59C071F1ED4C957
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS214731.roa
Signing time:             Thu 04 Jun 2026 16:51:48 +0000
ROA not before:           Thu 04 Jun 2026 16:46:48 +0000
ROA not after:            Thu 03 Jun 2027 16:51:48 +0000
asID:                     214731
IP address blocks:        2a06:1281:4000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:c8:9b:c8:ff:7a:d4:3a:ad:0a:4a:1f:c5:9c:07:1f:1e:d4:c9:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jun  4 16:46:48 2026 GMT
            Not After : Jun  3 16:51:48 2027 GMT
        Subject: CN=2A21A5BF69A630E38A0DEBD55253551FE7E3715A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:0a:ee:01:91:61:81:c5:89:c5:cb:b3:20:24:
                    14:68:04:48:e1:97:96:cb:72:b8:b6:2b:8a:e6:82:
                    0a:d3:db:d7:d7:1b:bd:22:60:96:7a:54:28:21:4d:
                    1c:40:5f:53:7e:6c:ce:bf:b4:f4:35:df:c4:50:20:
                    5d:bd:42:50:08:56:0b:5d:56:07:a0:eb:78:8e:10:
                    4c:12:7e:c8:48:ce:56:72:95:61:e2:d1:40:b3:4e:
                    a3:58:9d:24:03:52:b2:7a:83:0c:d8:39:09:f4:e7:
                    69:1a:68:b2:8a:2a:56:ac:85:e2:49:03:1e:a5:ee:
                    8a:c2:ad:37:24:7d:7f:6b:d2:47:c7:99:1b:42:9a:
                    0f:84:ec:f9:e0:f0:42:ce:d1:77:d3:0e:de:c0:96:
                    a6:68:29:e5:c4:8f:08:fc:13:61:51:8a:f9:08:69:
                    34:02:2e:8a:81:c9:e0:11:5b:3b:c3:a7:72:84:08:
                    99:ff:ee:01:14:ac:c0:22:ef:fd:aa:6b:2f:a9:7e:
                    58:87:a3:d1:e9:7a:a4:ab:3d:ce:39:1b:b5:9b:c6:
                    f7:c9:67:de:a2:2f:15:52:96:91:c7:79:36:ca:e9:
                    1a:b5:10:57:7d:46:92:68:45:70:19:e8:2e:37:5a:
                    79:bd:3f:9e:57:74:f0:07:a6:ef:da:d6:fc:64:ef:
                    28:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:21:A5:BF:69:A6:30:E3:8A:0D:EB:D5:52:53:55:1F:E7:E3:71:5A
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS214731.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1281:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         46:93:19:bc:a9:73:c8:b2:82:28:d4:ef:b0:4b:4b:79:a5:11:
         e6:79:dd:a0:20:12:73:9a:a1:0f:cd:b1:ec:e6:61:8b:a5:ea:
         cf:e8:c8:56:8d:32:e8:23:82:66:22:0d:df:4d:ec:f1:b3:7c:
         09:0d:0c:33:4a:61:67:20:80:33:a0:18:89:2f:49:0a:59:57:
         a1:26:c7:f9:87:28:e5:48:cf:16:f2:d0:c6:48:96:68:ad:20:
         df:39:d0:65:bf:c3:91:5f:be:c3:07:e0:92:eb:11:1a:a2:2e:
         d0:55:79:43:b0:66:49:16:5d:3e:fa:19:cd:6c:46:d6:54:21:
         4c:f4:35:7a:53:9a:4e:48:cd:53:d6:28:58:a9:a8:45:e8:3f:
         ef:fc:de:c9:b9:f4:3e:79:66:7b:54:14:80:5b:09:17:34:4c:
         d5:22:bc:24:85:76:34:6f:d4:9d:0d:e3:48:5b:a7:24:a1:85:
         36:4c:7b:ac:f6:17:03:cb:c9:9d:c1:fa:c9:69:85:ef:f3:99:
         7b:c4:a8:45:c4:c3:73:9b:cb:2f:86:32:bd:ce:8d:d1:c6:e0:
         5e:9a:ed:6f:40:0e:4b:9c:5b:e0:a6:ee:da:1e:87:33:ac:53:
         66:62:be:4c:47:5b:4f:ce:ba:9f:d9:02:77:e9:c2:c0:b9:93:
         62:e5:2e:88
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUX8ibyP961DqtCkofxZwHHx7UyVcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA2MDQxNjQ2NDhaFw0yNzA2MDMxNjUxNDhaMDMxMTAvBgNV
BAMTKDJBMjFBNUJGNjlBNjMwRTM4QTBERUJENTUyNTM1NTFGRTdFMzcxNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmCu4BkWGBxYnFy7MgJBRoBEjh
l5bLcri2K4rmggrT29fXG70iYJZ6VCghTRxAX1N+bM6/tPQ138RQIF29QlAIVgtd
Vgeg63iOEEwSfshIzlZylWHi0UCzTqNYnSQDUrJ6gwzYOQn052kaaLKKKlasheJJ
Ax6l7orCrTckfX9r0kfHmRtCmg+E7Png8ELO0XfTDt7AlqZoKeXEjwj8E2FRivkI
aTQCLoqByeARWzvDp3KECJn/7gEUrMAi7/2qay+pfliHo9HpeqSrPc45G7WbxvfJ
Z96iLxVSlpHHeTbK6Rq1EFd9RpJoRXAZ6C43Wnm9P55XdPAHpu/a1vxk7yjrAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUKiGlv2mmMOOKDevVUlNVH+fjcVowHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTQ3MzEucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
BhKBQDANBgkqhkiG9w0BAQsFAAOCAQEARpMZvKlzyLKCKNTvsEtLeaUR5nndoCAS
c5qhD82x7OZhi6Xqz+jIVo0y6COCZiIN303s8bN8CQ0MM0phZyCAM6AYiS9JCllX
oSbH+Yco5UjPFvLQxkiWaK0g3znQZb/DkV++wwfgkusRGqIu0FV5Q7BmSRZdPvoZ
zWxG1lQhTPQ1elOaTkjNU9YoWKmoReg/7/zeybn0Pnlme1QUgFsJFzRM1SK8JIV2
NG/UnQ3jSFunJKGFNkx7rPYXA8vJncH6yWmF7/OZe8SoRcTDc5vLL4Yyvc6N0cbg
Xprtb0AOS5xb4Kbu2h6HM6xTZmK+TEdbT866n9kCd+nCwLmTYuUuiA==
-----END CERTIFICATE-----