Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215196.roa
File:                     AS215196.roa (raw, json)
Hash identifier:          qhOr0KRQ+rWjFe+ZeJpK5PaHtLdl9X3zqeJs61fwVWs=
Subject key identifier:   73:E0:90:0E:FD:F5:9E:14:F3:D8:AD:85:72:46:02:34:1D:A6:21:CD
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       328F765229B8652376CBB92A515D78C9749DB296
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215196.roa
Signing time:             Mon 08 Sep 2025 06:19:16 +0000
ROA not before:           Mon 08 Sep 2025 06:14:16 +0000
ROA not after:            Mon 07 Sep 2026 06:19:16 +0000
asID:                     215196
IP address blocks:        2a0f:6284:4214::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:8f:76:52:29:b8:65:23:76:cb:b9:2a:51:5d:78:c9:74:9d:b2:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Sep  8 06:14:16 2025 GMT
            Not After : Sep  7 06:19:16 2026 GMT
        Subject: CN=73E0900EFDF59E14F3D8AD85724602341DA621CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:78:67:0d:51:aa:cf:df:c6:73:c3:39:44:28:
                    f5:12:b8:95:a8:67:e2:7f:b9:bd:94:ff:08:47:aa:
                    8a:74:71:63:2a:b7:14:19:b3:3c:14:8b:92:e3:46:
                    5b:f6:85:33:ae:d5:dd:14:c3:9f:39:f7:f8:7b:a0:
                    0e:7c:eb:8f:5c:a7:25:71:86:87:13:91:6f:a5:16:
                    e4:60:ac:e3:48:63:1e:49:21:d4:8d:a2:96:e6:ce:
                    6e:56:e0:64:e8:51:8e:09:18:39:a2:61:e9:c8:ab:
                    31:67:81:ee:a1:94:f4:b0:72:24:31:12:e1:a5:d9:
                    bd:f3:ad:a3:6c:8d:18:98:04:28:59:50:f5:44:d7:
                    8d:7c:05:58:45:80:7c:6a:6d:53:e5:de:05:64:64:
                    c1:48:5c:bc:11:9b:cb:47:04:77:87:68:74:86:b5:
                    70:d3:d7:38:46:78:26:e7:f6:20:60:00:c3:04:09:
                    5c:b0:de:ea:a9:30:c6:db:48:d0:c4:7c:f8:ec:a2:
                    d8:85:5b:0b:1a:a2:f0:9e:1b:26:3e:13:3b:14:8b:
                    19:a2:bb:f8:dc:9b:aa:d5:a9:01:18:b8:3b:c3:67:
                    9b:cd:e0:69:d5:8c:a9:d6:95:12:ea:d8:2b:a5:7c:
                    af:24:11:b3:57:4b:5e:4d:1b:e0:f8:c8:30:b0:a2:
                    4e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:E0:90:0E:FD:F5:9E:14:F3:D8:AD:85:72:46:02:34:1D:A6:21:CD
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215196.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:4214::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:0b:b5:fd:a2:21:a9:9d:fd:ff:ce:17:e7:13:4c:b1:fa:e7:
         1e:d0:6f:8f:bd:bf:4a:83:89:38:78:9e:82:a4:2a:4d:e4:81:
         25:12:a2:0a:15:92:4f:6c:23:ab:10:f4:d4:c0:2f:69:18:5d:
         8d:aa:09:9d:67:15:e7:35:01:ef:85:6b:71:fe:a7:fb:67:2d:
         60:3e:e0:53:49:2b:40:53:a7:b8:45:d6:a9:b7:e1:45:33:9d:
         2b:8d:e2:0a:ad:77:ed:bb:1f:0c:4e:70:df:da:8a:bf:c9:dc:
         7b:3b:e3:9e:24:9d:66:be:6c:aa:90:04:30:95:e0:a3:70:92:
         8a:42:3f:fc:c7:f9:2f:14:67:58:b6:24:fa:d3:bb:fc:60:cc:
         ff:ff:33:d6:13:24:b4:fc:57:ba:91:c6:88:e4:d0:b0:75:09:
         1d:72:0d:7a:df:30:5c:02:ea:a6:22:c1:5f:e6:7f:83:43:41:
         f3:e9:48:e8:01:04:b0:99:87:68:c3:7a:af:b3:21:c1:b7:9c:
         e5:74:a6:e2:44:23:1d:a6:42:e4:71:db:71:e1:15:b1:7f:c9:
         07:c6:dd:7a:70:ef:b9:ff:df:2c:54:69:61:ea:76:6c:ca:b9:
         d5:76:3b:9e:14:61:74:c2:0e:f9:5a:67:af:63:7a:eb:b7:77:
         a4:5d:89:0f
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUMo92Uim4ZSN2y7kqUV14yXSdspYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA5MDgwNjE0MTZaFw0yNjA5MDcwNjE5MTZaMDMxMTAvBgNV
BAMTKDczRTA5MDBFRkRGNTlFMTRGM0Q4QUQ4NTcyNDYwMjM0MURBNjIxQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkeGcNUarP38ZzwzlEKPUSuJWo
Z+J/ub2U/whHqop0cWMqtxQZszwUi5LjRlv2hTOu1d0Uw5859/h7oA58649cpyVx
hocTkW+lFuRgrONIYx5JIdSNopbmzm5W4GToUY4JGDmiYenIqzFnge6hlPSwciQx
EuGl2b3zraNsjRiYBChZUPVE1418BVhFgHxqbVPl3gVkZMFIXLwRm8tHBHeHaHSG
tXDT1zhGeCbn9iBgAMMECVyw3uqpMMbbSNDEfPjsotiFWwsaovCeGyY+EzsUixmi
u/jcm6rVqQEYuDvDZ5vN4GnVjKnWlRLq2CulfK8kEbNXS15NG+D4yDCwok6dAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUc+CQDv31nhTz2K2FckYCNB2mIc0wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTUxOTYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
D2KEQhQwDQYJKoZIhvcNAQELBQADggEBAJALtf2iIamd/f/OF+cTTLH65x7Qb4+9
v0qDiTh4noKkKk3kgSUSogoVkk9sI6sQ9NTAL2kYXY2qCZ1nFec1Ae+Fa3H+p/tn
LWA+4FNJK0BTp7hF1qm34UUznSuN4gqtd+27HwxOcN/air/J3Hs7454knWa+bKqQ
BDCV4KNwkopCP/zH+S8UZ1i2JPrTu/xgzP//M9YTJLT8V7qRxojk0LB1CR1yDXrf
MFwC6qYiwV/mf4NDQfPpSOgBBLCZh2jDeq+zIcG3nOV0puJEIx2mQuRx23HhFbF/
yQfG3Xpw77n/3yxUaWHqdmzKudV2O54UYXTCDvlaZ69jeuu3d6RdiQ8=
-----END CERTIFICATE-----