Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215263.roa
File:                     AS215263.roa (raw, json)
Hash identifier:          fe3KohkGtM3pTXtSJLkAT/fnvYaJerTv3BOJ+6JjJRE=
Subject key identifier:   C7:8D:FA:3D:31:C4:5A:CF:B7:01:38:8D:0C:EE:73:05:15:4B:69:6D
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       72F24383768F1A289C9B181561776A85315F66F0
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215263.roa
Signing time:             Fri 12 Sep 2025 12:19:30 +0000
ROA not before:           Fri 12 Sep 2025 12:14:30 +0000
ROA not after:            Fri 11 Sep 2026 12:19:30 +0000
asID:                     215263
IP address blocks:        2a0f:6284:4a00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 03:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:f2:43:83:76:8f:1a:28:9c:9b:18:15:61:77:6a:85:31:5f:66:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Sep 12 12:14:30 2025 GMT
            Not After : Sep 11 12:19:30 2026 GMT
        Subject: CN=C78DFA3D31C45ACFB701388D0CEE7305154B696D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9e:03:6d:ca:11:b4:02:6f:ee:76:b8:b4:d2:
                    4e:35:47:f4:d1:0d:79:b7:e6:b3:f4:72:a4:66:52:
                    91:dc:66:68:f5:18:7c:03:e7:69:58:9d:70:b5:0f:
                    43:ad:d0:be:e7:4d:c8:ec:f2:33:f4:b3:cd:0d:c5:
                    66:6e:15:49:a3:8d:1c:31:47:c0:37:31:fb:c3:9c:
                    89:37:9f:ad:c2:51:3c:ac:16:75:3e:b3:e6:8b:f4:
                    d4:d4:af:5f:01:d8:dd:4a:a5:16:f0:b8:91:12:10:
                    82:fc:68:83:9d:da:f0:38:f6:dd:12:62:11:33:50:
                    43:49:8f:7a:8a:0a:f8:1b:80:cd:e4:83:92:1d:79:
                    16:4e:34:42:9b:76:4b:b1:b8:d1:80:86:4d:bc:52:
                    cd:af:79:31:20:fc:c4:15:e1:8a:1e:04:b3:1f:1d:
                    86:62:c6:d6:31:98:4e:63:ed:40:bd:bf:33:60:0a:
                    f3:f6:9d:bb:fd:52:91:5c:72:90:e0:c2:bd:5a:81:
                    0a:a2:1b:48:ca:6e:27:0e:3c:f2:a5:ba:b0:e7:90:
                    b4:55:e3:cd:0a:0d:f6:3a:48:eb:0b:99:12:fe:61:
                    e2:58:22:0a:85:00:14:54:f7:5d:59:7e:6b:c7:48:
                    ea:3a:96:2d:12:56:4f:3d:c4:13:2d:09:28:c2:e7:
                    78:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:8D:FA:3D:31:C4:5A:CF:B7:01:38:8D:0C:EE:73:05:15:4B:69:6D
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215263.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:4a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         34:70:fe:65:f0:f2:f5:d7:b0:9e:a2:15:75:99:c8:bc:e7:f3:
         c8:6c:1b:28:42:d6:a6:15:05:ad:4b:26:7c:5f:5a:8c:ad:46:
         29:66:02:c8:77:47:78:56:6c:a5:d4:fd:95:4f:30:ac:45:65:
         74:b8:24:8b:0c:24:3f:87:a1:52:fe:6f:44:75:38:3a:7a:90:
         e9:0c:8f:dd:48:06:39:e2:2f:43:05:1a:50:f9:af:c5:d6:1b:
         86:2b:5c:c2:c9:83:86:e6:5a:98:e0:a8:b2:bb:24:60:3e:2b:
         16:1f:9f:b4:3a:49:68:12:02:3b:7e:f6:13:b1:ba:f1:32:e9:
         df:3b:cc:02:1b:78:8f:7b:7c:23:d9:94:4c:ba:43:6d:09:bb:
         80:8d:8c:82:53:dc:f2:9d:44:3a:19:57:d5:fe:96:3e:77:03:
         59:19:c5:9a:8f:d6:ff:20:b6:fe:96:85:8a:44:36:ca:06:dd:
         9b:7d:aa:b9:d5:ae:f6:2d:20:66:bf:fa:4c:d6:3e:b5:d8:81:
         a9:1b:d8:e4:a8:9c:f8:bb:82:72:fa:30:dc:eb:f2:58:a7:bb:
         23:6f:d1:5a:ab:c4:75:bf:dd:f6:01:fb:ff:a2:51:11:5d:8a:
         ac:97:1e:85:ff:de:27:8f:d8:f5:0e:09:fb:73:0e:8a:c6:60:
         41:13:c5:dc
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUcvJDg3aPGiicmxgVYXdqhTFfZvAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA5MTIxMjE0MzBaFw0yNjA5MTExMjE5MzBaMDMxMTAvBgNV
BAMTKEM3OERGQTNEMzFDNDVBQ0ZCNzAxMzg4RDBDRUU3MzA1MTU0QjY5NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMngNtyhG0Am/udri00k41R/TR
DXm35rP0cqRmUpHcZmj1GHwD52lYnXC1D0Ot0L7nTcjs8jP0s80NxWZuFUmjjRwx
R8A3MfvDnIk3n63CUTysFnU+s+aL9NTUr18B2N1KpRbwuJESEIL8aIOd2vA49t0S
YhEzUENJj3qKCvgbgM3kg5IdeRZONEKbdkuxuNGAhk28Us2veTEg/MQV4YoeBLMf
HYZixtYxmE5j7UC9vzNgCvP2nbv9UpFccpDgwr1agQqiG0jKbicOPPKlurDnkLRV
480KDfY6SOsLmRL+YeJYIgqFABRU911ZfmvHSOo6li0SVk89xBMtCSjC53inAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUx436PTHEWs+3ATiNDO5zBRVLaW0wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTUyNjMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
D2KESjANBgkqhkiG9w0BAQsFAAOCAQEANHD+ZfDy9dewnqIVdZnIvOfzyGwbKELW
phUFrUsmfF9ajK1GKWYCyHdHeFZspdT9lU8wrEVldLgkiwwkP4ehUv5vRHU4OnqQ
6QyP3UgGOeIvQwUaUPmvxdYbhitcwsmDhuZamOCosrskYD4rFh+ftDpJaBICO372
E7G68TLp3zvMAht4j3t8I9mUTLpDbQm7gI2MglPc8p1EOhlX1f6WPncDWRnFmo/W
/yC2/paFikQ2ygbdm32qudWu9i0gZr/6TNY+tdiBqRvY5Kic+LuCcvow3OvyWKe7
I2/RWqvEdb/d9gH7/6JREV2KrJcehf/eJ4/Y9Q4J+3MOisZgQRPF3A==
-----END CERTIFICATE-----