Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215216.roa
File:                     AS215216.roa (raw, json)
Hash identifier:          Db6Qg05WJwgP2f3B4PTwi/nniJ6LLjEJeksp7pAJi1A=
Subject key identifier:   9C:F5:73:85:88:1F:98:F9:03:95:D7:70:18:2D:15:81:7E:71:E1:3C
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       7A5B08408C42121E4245FE006A09DE4A4DB02B1A
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215216.roa
Signing time:             Thu 03 Jul 2025 15:53:09 +0000
ROA not before:           Thu 03 Jul 2025 15:48:09 +0000
ROA not after:            Thu 02 Jul 2026 15:53:09 +0000
asID:                     215216
IP address blocks:        2a0a:6044:b000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:5b:08:40:8c:42:12:1e:42:45:fe:00:6a:09:de:4a:4d:b0:2b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:09 2025 GMT
            Not After : Jul  2 15:53:09 2026 GMT
        Subject: CN=9CF57385881F98F90395D770182D15817E71E13C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:be:1c:59:21:ca:bc:56:30:91:da:c5:63:c5:
                    8a:f2:0a:1a:03:e9:a7:fb:3b:16:ce:ed:c2:d1:90:
                    48:52:2d:ac:f1:52:e3:74:29:45:b8:95:6a:e2:3c:
                    fc:4c:7a:a0:90:68:e6:91:ec:05:94:e7:ac:8c:f2:
                    44:5d:0c:ad:d6:bd:ef:7e:92:e7:38:b7:30:81:be:
                    96:97:e1:82:f6:50:0a:a3:50:00:22:14:59:2d:21:
                    60:1a:0f:c9:d9:ad:5d:76:3b:42:d5:04:1a:ce:24:
                    37:1f:ef:2a:d7:cb:c7:d6:5c:53:3a:95:52:a9:8c:
                    65:aa:8d:09:e8:54:e1:c7:34:06:59:79:91:94:f5:
                    0a:9a:2b:fc:a3:0f:0f:61:1e:ee:b6:b9:14:d1:8a:
                    48:11:c5:de:01:78:9a:8e:90:80:54:87:7a:19:7b:
                    68:f2:73:31:9a:e9:f1:8d:1e:b7:76:f9:03:c4:bb:
                    b3:65:b7:5e:7f:0a:f2:1e:fa:f7:7e:f2:5a:2f:f5:
                    3b:5e:fb:b2:ad:79:bd:bc:f5:aa:8a:7e:83:33:5c:
                    2d:e1:52:c5:0c:5d:b4:3c:e0:40:cf:19:44:e5:b7:
                    d6:19:89:98:b2:d7:7a:2f:ce:08:37:b7:5a:e5:17:
                    53:73:36:91:ce:e3:b4:ab:f3:d2:aa:51:18:c2:4a:
                    29:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:F5:73:85:88:1F:98:F9:03:95:D7:70:18:2D:15:81:7E:71:E1:3C
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215216.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         66:6a:37:09:b5:73:f8:04:e2:33:28:f4:0b:18:19:0c:58:d0:
         d7:49:7a:d7:ce:8d:42:0e:b4:7c:08:36:90:e8:a8:94:70:a4:
         36:ac:0b:f4:a2:08:57:a9:2f:2c:ac:dc:41:45:8b:38:46:f5:
         12:9e:c4:47:c5:84:c5:cd:f3:f0:1d:2e:40:38:b4:ac:16:55:
         83:e1:e0:42:e6:45:06:44:c8:0c:62:49:b2:d6:2f:31:b7:3c:
         75:8d:d1:cf:bf:ee:f0:ad:20:4b:23:37:ad:db:61:e2:19:ae:
         2c:aa:18:04:68:66:89:32:12:c4:f2:8c:15:31:4b:98:9b:41:
         95:3b:2e:fc:06:9a:d6:2e:af:11:25:bb:c7:9e:eb:9f:dc:09:
         54:93:6f:17:d5:fb:02:d1:69:c0:fa:b8:67:f4:54:25:3f:4b:
         6f:61:27:46:31:8f:22:b4:c7:b3:94:7e:ec:43:15:0e:31:76:
         3b:15:c0:90:ce:67:c1:6f:2f:ff:fb:3d:78:ca:a5:d8:44:1c:
         9e:3d:7d:04:87:35:39:f4:ea:b0:4a:8e:2c:9f:54:87:41:47:
         36:33:6a:d3:13:39:72:19:b1:da:26:98:bb:53:da:d7:62:a6:
         31:b8:a1:08:43:b6:7b:ba:4d:14:be:14:91:3b:68:b0:a9:73:
         8f:dd:58:1f
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUelsIQIxCEh5CRf4AagneSk2wKxowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDlaFw0yNjA3MDIxNTUzMDlaMDMxMTAvBgNV
BAMTKDlDRjU3Mzg1ODgxRjk4RjkwMzk1RDc3MDE4MkQxNTgxN0U3MUUxM0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQvhxZIcq8VjCR2sVjxYryChoD
6af7OxbO7cLRkEhSLazxUuN0KUW4lWriPPxMeqCQaOaR7AWU56yM8kRdDK3Wve9+
kuc4tzCBvpaX4YL2UAqjUAAiFFktIWAaD8nZrV12O0LVBBrOJDcf7yrXy8fWXFM6
lVKpjGWqjQnoVOHHNAZZeZGU9QqaK/yjDw9hHu62uRTRikgRxd4BeJqOkIBUh3oZ
e2jyczGa6fGNHrd2+QPEu7Nlt15/CvIe+vd+8lov9Tte+7Kteb289aqKfoMzXC3h
UsUMXbQ84EDPGUTlt9YZiZiy13ovzgg3t1rlF1NzNpHO47Sr89KqURjCSinPAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUnPVzhYgfmPkDlddwGC0VgX5x4TwwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTUyMTYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
CmBEsDANBgkqhkiG9w0BAQsFAAOCAQEAZmo3CbVz+ATiMyj0CxgZDFjQ10l6186N
Qg60fAg2kOiolHCkNqwL9KIIV6kvLKzcQUWLOEb1Ep7ER8WExc3z8B0uQDi0rBZV
g+HgQuZFBkTIDGJJstYvMbc8dY3Rz7/u8K0gSyM3rdth4hmuLKoYBGhmiTISxPKM
FTFLmJtBlTsu/Aaa1i6vESW7x57rn9wJVJNvF9X7AtFpwPq4Z/RUJT9Lb2EnRjGP
IrTHs5R+7EMVDjF2OxXAkM5nwW8v//s9eMql2EQcnj19BIc1OfTqsEqOLJ9Uh0FH
NjNq0xM5chmx2iaYu1Pa12KmMbihCEO2e7pNFL4UkTtosKlzj91YHw==
-----END CERTIFICATE-----