Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215214.roa
File:                     AS215214.roa (raw, json)
Hash identifier:          X9qNy5up0Gf+92UEJChvUhDCKjqGhPwTswVBhz6l1WA=
Subject key identifier:   F1:7C:9D:7B:24:56:37:CC:B3:8A:08:BA:E2:C1:9B:58:B4:81:DA:20
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       789678E44C402A8A1E9DEDA71454AB9D0182767C
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215214.roa
Signing time:             Sat 30 Aug 2025 23:08:10 +0000
ROA not before:           Sat 30 Aug 2025 23:03:10 +0000
ROA not after:            Sat 29 Aug 2026 23:08:10 +0000
asID:                     215214
IP address blocks:        2a09:54c6:f000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 03:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:96:78:e4:4c:40:2a:8a:1e:9d:ed:a7:14:54:ab:9d:01:82:76:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Aug 30 23:03:10 2025 GMT
            Not After : Aug 29 23:08:10 2026 GMT
        Subject: CN=F17C9D7B245637CCB38A08BAE2C19B58B481DA20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c5:de:78:86:5d:d5:0f:4e:55:6e:93:d0:b4:
                    b7:3e:cd:01:b1:6d:25:c1:60:e9:cc:57:77:3b:af:
                    58:37:5c:23:ac:a0:c9:81:38:bc:ca:ad:23:66:cb:
                    a4:2f:fe:55:54:93:16:f8:a0:f7:ec:37:c2:1d:ed:
                    5d:56:32:4e:2c:d5:5a:9f:56:38:a5:f5:6b:31:b4:
                    72:91:89:85:83:72:19:1e:d5:53:78:92:5c:bc:b3:
                    e3:6c:fe:1a:c6:f8:bd:9f:7e:c6:ea:1e:b8:58:3b:
                    f8:63:af:36:bb:66:d4:77:cb:a6:9a:3f:ab:4e:91:
                    e5:bd:f1:31:48:f7:2e:36:93:bb:ee:b6:10:f3:44:
                    33:c2:a5:35:9f:b5:79:2e:0a:41:b6:f0:a6:52:8b:
                    81:1b:92:8e:cc:0f:0d:5f:c3:41:53:73:f2:6c:f6:
                    53:0d:d6:6f:bb:de:b0:e7:aa:da:84:86:ee:22:2b:
                    90:52:82:74:e0:d6:7c:3f:38:bb:85:28:6c:de:5b:
                    91:85:c0:71:27:85:29:39:30:5c:45:f2:b0:6f:2e:
                    a3:9b:d9:31:fb:25:28:bd:5e:3c:4b:e8:57:32:9e:
                    b7:d9:0f:44:ae:4a:89:f9:20:70:13:5c:ad:8b:11:
                    76:23:41:9b:33:a2:6f:2d:97:be:c6:d6:1f:7f:16:
                    4a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:7C:9D:7B:24:56:37:CC:B3:8A:08:BA:E2:C1:9B:58:B4:81:DA:20
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215214.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c6:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3d:10:17:b3:39:07:f8:a2:7d:c4:7c:d6:88:2c:4e:d0:4b:bc:
         81:78:eb:d6:47:db:4d:ec:4c:49:10:30:31:0b:a2:83:fa:67:
         a1:68:7c:76:a1:d3:7c:f2:fd:07:37:63:84:8d:ec:dd:a9:85:
         1f:31:82:df:17:e6:36:70:63:bd:3b:4c:c2:03:a9:5a:0d:4d:
         0d:cc:62:17:1d:0b:02:03:1b:fb:a0:48:fa:db:b7:b2:07:96:
         54:3e:f8:f1:57:15:00:8a:18:11:2b:b8:f7:29:77:8b:3a:48:
         44:12:77:33:8d:1e:ef:50:8d:a3:65:14:d6:ce:dd:43:6d:07:
         d9:5b:7d:c2:e3:e4:d0:81:84:97:79:ef:54:cc:0e:d7:d3:a3:
         a3:35:47:4e:5a:0b:b6:b3:24:74:2c:95:f8:3c:ab:bc:3d:66:
         31:d5:c5:27:cc:d1:6e:ff:b3:24:9d:e6:90:81:30:f6:1b:92:
         b6:ee:82:f5:52:65:67:f3:49:fc:62:65:8f:f3:a8:6b:a1:32:
         4b:07:9a:3c:82:e0:68:df:33:b7:72:0e:e1:60:0d:34:50:6c:
         b5:1c:3d:00:a6:d2:cd:4c:42:19:e0:2a:dd:00:cc:86:10:06:
         7b:aa:c4:0a:35:fc:67:58:e9:a3:1d:ac:1a:27:76:92:d8:70:
         84:b7:66:75
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUeJZ45ExAKooene2nFFSrnQGCdnwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA4MzAyMzAzMTBaFw0yNjA4MjkyMzA4MTBaMDMxMTAvBgNV
BAMTKEYxN0M5RDdCMjQ1NjM3Q0NCMzhBMDhCQUUyQzE5QjU4QjQ4MURBMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxd54hl3VD05VbpPQtLc+zQGx
bSXBYOnMV3c7r1g3XCOsoMmBOLzKrSNmy6Qv/lVUkxb4oPfsN8Id7V1WMk4s1Vqf
Vjil9WsxtHKRiYWDchke1VN4kly8s+Ns/hrG+L2ffsbqHrhYO/hjrza7ZtR3y6aa
P6tOkeW98TFI9y42k7vuthDzRDPCpTWftXkuCkG28KZSi4Ebko7MDw1fw0FTc/Js
9lMN1m+73rDnqtqEhu4iK5BSgnTg1nw/OLuFKGzeW5GFwHEnhSk5MFxF8rBvLqOb
2TH7JSi9XjxL6FcynrfZD0SuSon5IHATXK2LEXYjQZszom8tl77G1h9/FkpnAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQU8XydeyRWN8yzigi64sGbWLSB2iAwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTUyMTQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
CVTG8DANBgkqhkiG9w0BAQsFAAOCAQEAPRAXszkH+KJ9xHzWiCxO0Eu8gXjr1kfb
TexMSRAwMQuig/pnoWh8dqHTfPL9BzdjhI3s3amFHzGC3xfmNnBjvTtMwgOpWg1N
DcxiFx0LAgMb+6BI+tu3sgeWVD748VcVAIoYESu49yl3izpIRBJ3M40e71CNo2UU
1s7dQ20H2Vt9wuPk0IGEl3nvVMwO19OjozVHTloLtrMkdCyV+DyrvD1mMdXFJ8zR
bv+zJJ3mkIEw9huStu6C9VJlZ/NJ/GJlj/Ooa6EySweaPILgaN8zt3IO4WANNFBs
tRw9AKbSzUxCGeAq3QDMhhAGe6rECjX8Z1jpox2sGid2kthwhLdmdQ==
-----END CERTIFICATE-----