Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215916.roa
File:                     AS215916.roa (raw, json)
Hash identifier:          xNBX0Ag4CeskfdOPYxbgBt5wYGY2FtR/fkw7ZAuVH6M=
Subject key identifier:   24:41:A2:F4:40:66:2F:76:69:BC:05:85:9F:8A:B1:C4:02:FA:CF:E2
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       18A5A586EC08D76FF40413A711E2CDFE9407B6C5
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215916.roa
Signing time:             Fri 29 Aug 2025 17:01:18 +0000
ROA not before:           Fri 29 Aug 2025 16:56:18 +0000
ROA not after:            Fri 28 Aug 2026 17:01:18 +0000
asID:                     215916
IP address blocks:        2a0f:6284:4800::/40 maxlen: 42
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 03:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:a5:a5:86:ec:08:d7:6f:f4:04:13:a7:11:e2:cd:fe:94:07:b6:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Aug 29 16:56:18 2025 GMT
            Not After : Aug 28 17:01:18 2026 GMT
        Subject: CN=2441A2F440662F7669BC05859F8AB1C402FACFE2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:df:02:cb:8c:db:5c:d7:a6:87:58:00:cb:c5:
                    09:36:0a:f2:13:67:0b:46:68:47:65:4d:55:41:d9:
                    aa:7d:ec:80:8b:07:d6:20:27:30:80:bb:69:9c:3b:
                    bd:08:50:89:68:04:28:ac:39:a2:b5:8a:52:69:26:
                    b8:42:d9:a4:91:55:ae:57:3e:be:5f:e5:f1:2c:64:
                    ab:cd:33:5a:7e:38:7b:70:96:ba:85:1f:0a:37:19:
                    39:33:01:82:ca:aa:af:6e:1d:3f:5f:f8:54:27:94:
                    1a:31:97:c1:55:b1:b6:c9:58:98:63:29:7b:95:9c:
                    b2:fe:72:65:eb:7b:71:90:d3:20:81:0d:fa:17:82:
                    2c:ae:f5:0d:d3:42:b5:89:17:5e:7d:4d:f0:bc:9c:
                    96:d6:85:5d:80:e3:57:61:aa:8a:ee:6c:9a:70:f5:
                    6e:02:9b:ca:dc:79:06:5e:fd:cd:06:46:b9:4a:7b:
                    1c:f1:db:c3:70:eb:8e:06:97:33:b8:ae:87:90:ad:
                    62:33:62:80:ad:2b:5c:2a:49:e5:9c:4f:c1:39:ab:
                    2e:b4:bd:15:33:0f:f6:fe:0b:a2:74:61:c2:16:0d:
                    b3:2d:19:95:24:bf:f1:d1:89:a1:f8:ff:ef:56:1b:
                    72:60:7f:99:2f:9f:ab:65:0e:50:d5:b8:57:29:98:
                    e4:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:41:A2:F4:40:66:2F:76:69:BC:05:85:9F:8A:B1:C4:02:FA:CF:E2
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215916.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         13:4f:d9:8e:52:79:28:0a:31:0f:f7:3a:db:58:46:bc:c7:5b:
         66:da:b7:97:3a:87:2c:4b:64:de:04:4b:4c:a4:fb:9c:d6:c6:
         69:f1:01:86:f2:3a:19:63:02:d5:dd:0d:08:a6:6f:80:08:65:
         55:c9:ff:62:a5:54:0b:4d:21:42:e1:25:ad:5a:5d:4c:44:b7:
         3a:9c:15:a2:73:ea:a7:c7:34:d4:b5:44:4b:76:61:23:0b:d0:
         53:24:1a:c8:5f:2a:90:c1:ee:2f:07:a2:cc:32:98:2c:0f:46:
         54:5b:c8:e6:5a:ab:50:63:47:79:04:fa:1b:2f:f1:53:6e:9c:
         a5:fa:f5:51:d4:fb:1c:2a:36:9a:ca:c4:81:e5:5e:d9:1c:f1:
         ca:03:a1:fe:d3:57:b9:e0:90:b5:90:ee:1e:2c:43:39:fa:e5:
         df:47:99:79:4f:0f:24:3e:05:aa:14:1e:a9:ca:da:d6:e5:8a:
         38:fb:40:f0:26:cb:e6:31:ba:c8:21:7f:8f:52:95:4b:f1:c4:
         9d:8b:f3:6d:0b:fc:46:c5:74:85:f8:4e:85:41:9d:22:51:50:
         ed:83:de:d5:39:df:d6:69:70:c1:77:14:7b:09:cc:21:ab:8b:
         e9:79:dc:c0:66:f9:43:42:0f:a3:ef:20:70:78:86:64:4e:ce:
         cd:69:32:21
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUGKWlhuwI12/0BBOnEeLN/pQHtsUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA4MjkxNjU2MThaFw0yNjA4MjgxNzAxMThaMDMxMTAvBgNV
BAMTKDI0NDFBMkY0NDA2NjJGNzY2OUJDMDU4NTlGOEFCMUM0MDJGQUNGRTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc3wLLjNtc16aHWADLxQk2CvIT
ZwtGaEdlTVVB2ap97ICLB9YgJzCAu2mcO70IUIloBCisOaK1ilJpJrhC2aSRVa5X
Pr5f5fEsZKvNM1p+OHtwlrqFHwo3GTkzAYLKqq9uHT9f+FQnlBoxl8FVsbbJWJhj
KXuVnLL+cmXre3GQ0yCBDfoXgiyu9Q3TQrWJF159TfC8nJbWhV2A41dhqorubJpw
9W4Cm8rceQZe/c0GRrlKexzx28Nw644GlzO4roeQrWIzYoCtK1wqSeWcT8E5qy60
vRUzD/b+C6J0YcIWDbMtGZUkv/HRiaH4/+9WG3Jgf5kvn6tlDlDVuFcpmOR3AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUJEGi9EBmL3ZpvAWFn4qxxAL6z+IwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTU5MTYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
D2KESDANBgkqhkiG9w0BAQsFAAOCAQEAE0/ZjlJ5KAoxD/c621hGvMdbZtq3lzqH
LEtk3gRLTKT7nNbGafEBhvI6GWMC1d0NCKZvgAhlVcn/YqVUC00hQuElrVpdTES3
OpwVonPqp8c01LVES3ZhIwvQUyQayF8qkMHuLweizDKYLA9GVFvI5lqrUGNHeQT6
Gy/xU26cpfr1UdT7HCo2msrEgeVe2RzxygOh/tNXueCQtZDuHixDOfrl30eZeU8P
JD4FqhQeqcra1uWKOPtA8CbL5jG6yCF/j1KVS/HEnYvzbQv8RsV0hfhOhUGdIlFQ
7YPe1Tnf1mlwwXcUewnMIauL6XncwGb5Q0IPo+8gcHiGZE7OzWkyIQ==
-----END CERTIFICATE-----