Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215820.roa
File:                     AS215820.roa (raw, json)
Hash identifier:          5kwfJ1ztb0eS5gQGGVKT2TVSoW/m6i3HYiz7Er/Ma18=
Subject key identifier:   45:17:59:26:09:B1:40:EF:66:D3:47:C1:C0:5A:0D:6F:71:CB:5C:F7
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       173F0B54AA32590E4202238D34B7273B1D8BD7F6
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215820.roa
Signing time:             Thu 03 Jul 2025 15:53:03 +0000
ROA not before:           Thu 03 Jul 2025 15:48:03 +0000
ROA not after:            Thu 02 Jul 2026 15:53:03 +0000
asID:                     215820
IP address blocks:        2a06:1281:6000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 21:20:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:3f:0b:54:aa:32:59:0e:42:02:23:8d:34:b7:27:3b:1d:8b:d7:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:03 2025 GMT
            Not After : Jul  2 15:53:03 2026 GMT
        Subject: CN=4517592609B140EF66D347C1C05A0D6F71CB5CF7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:34:5f:f8:a6:6d:c5:ca:dd:53:a8:09:62:84:
                    d1:fe:4b:72:bb:4a:84:67:87:77:5c:ab:a0:46:0c:
                    69:9f:d4:ac:d0:00:9f:7c:63:84:ab:4c:5b:e9:82:
                    48:55:66:0e:00:da:f8:0c:88:2d:06:09:17:ca:b8:
                    47:91:22:c2:aa:80:6e:67:d6:21:9f:60:0c:94:20:
                    94:cf:76:5e:2f:e8:04:b0:8b:c0:26:4b:31:e9:6f:
                    76:3c:f8:d0:cb:da:73:77:e5:c3:8d:32:50:c0:51:
                    94:96:62:81:98:e1:c2:1e:4f:4b:7a:1d:01:8a:39:
                    fe:77:4e:75:38:b2:b3:28:6d:83:4a:f3:78:39:8c:
                    15:71:d1:45:2d:56:c4:4c:20:72:6e:11:a1:bc:95:
                    ea:93:e6:a3:f8:25:51:08:28:9f:58:2f:28:82:92:
                    9d:6e:9c:2e:dc:aa:b7:6e:be:0f:36:54:88:f7:fd:
                    a2:0a:19:1d:c5:9d:46:8a:c0:be:9b:85:ca:3b:0b:
                    d2:4b:bc:1a:e8:8f:c5:24:4d:64:f0:15:2e:10:0e:
                    36:7f:1c:2f:70:c5:37:74:c1:f6:e7:47:75:aa:d7:
                    86:ed:43:bf:9c:07:a1:52:2b:43:1b:f2:57:4b:c4:
                    5b:16:17:cf:93:99:34:77:25:14:f9:3d:d0:ee:83:
                    34:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:17:59:26:09:B1:40:EF:66:D3:47:C1:C0:5A:0D:6F:71:CB:5C:F7
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215820.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1281:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7b:9a:22:2a:d2:bb:9c:db:a0:69:2d:81:89:14:13:b4:f2:15:
         f1:20:d6:75:41:60:e3:1e:de:72:85:65:f2:e4:1c:2a:16:6a:
         4d:0c:da:8c:39:6e:e4:6a:d2:fe:24:a5:55:ab:4d:da:cd:40:
         75:01:9a:3c:71:e5:ab:1e:97:8a:98:29:26:1e:36:bb:ef:51:
         2c:03:6d:a7:d9:ed:58:5e:aa:53:0c:17:fe:3a:61:4e:23:4f:
         77:98:52:56:b1:32:af:f2:c9:74:94:7e:4c:40:e9:41:92:d3:
         41:e4:d8:4b:87:5f:70:37:bc:5d:0d:c3:10:08:95:b2:31:c8:
         31:af:5e:57:83:16:03:aa:37:24:75:87:84:78:d3:f1:1c:5b:
         85:f2:33:5c:a6:77:40:52:f2:9c:a5:75:36:5c:b4:7c:a4:91:
         b2:82:eb:d5:08:0b:49:d9:01:9f:db:ff:50:5a:e5:79:5b:11:
         b2:35:f8:1f:a1:b0:7e:5d:0d:d2:e7:8e:f3:14:40:1b:32:45:
         fa:60:f9:a5:bb:d0:ed:e2:8a:39:cc:9d:0b:a0:b2:a5:5a:d4:
         84:dc:28:0f:7d:d3:6d:c1:7c:65:23:b1:1d:4c:41:4b:63:77:
         20:1d:3f:fe:bd:61:36:1f:01:45:cc:0c:ed:93:f4:d1:c7:b4:
         10:49:bb:f3
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUFz8LVKoyWQ5CAiONNLcnOx2L1/YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDNaFw0yNjA3MDIxNTUzMDNaMDMxMTAvBgNV
BAMTKDQ1MTc1OTI2MDlCMTQwRUY2NkQzNDdDMUMwNUEwRDZGNzFDQjVDRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/NF/4pm3Fyt1TqAlihNH+S3K7
SoRnh3dcq6BGDGmf1KzQAJ98Y4SrTFvpgkhVZg4A2vgMiC0GCRfKuEeRIsKqgG5n
1iGfYAyUIJTPdl4v6ASwi8AmSzHpb3Y8+NDL2nN35cONMlDAUZSWYoGY4cIeT0t6
HQGKOf53TnU4srMobYNK83g5jBVx0UUtVsRMIHJuEaG8leqT5qP4JVEIKJ9YLyiC
kp1unC7cqrduvg82VIj3/aIKGR3FnUaKwL6bhco7C9JLvBroj8UkTWTwFS4QDjZ/
HC9wxTd0wfbnR3Wq14btQ7+cB6FSK0Mb8ldLxFsWF8+TmTR3JRT5PdDugzT1AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQURRdZJgmxQO9m00fBwFoNb3HLXPcwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTU4MjAucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
BhKBYDANBgkqhkiG9w0BAQsFAAOCAQEAe5oiKtK7nNugaS2BiRQTtPIV8SDWdUFg
4x7ecoVl8uQcKhZqTQzajDlu5GrS/iSlVatN2s1AdQGaPHHlqx6XipgpJh42u+9R
LANtp9ntWF6qUwwX/jphTiNPd5hSVrEyr/LJdJR+TEDpQZLTQeTYS4dfcDe8XQ3D
EAiVsjHIMa9eV4MWA6o3JHWHhHjT8RxbhfIzXKZ3QFLynKV1Nly0fKSRsoLr1QgL
SdkBn9v/UFrleVsRsjX4H6Gwfl0N0ueO8xRAGzJF+mD5pbvQ7eKKOcydC6CypVrU
hNwoD33TbcF8ZSOxHUxBS2N3IB0//r1hNh8BRcwM7ZP00ce0EEm78w==
-----END CERTIFICATE-----