Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS211066.roa
File:                     AS211066.roa (raw, json)
Hash identifier:          dY+FvgdqGGwjCfuFrQTH7MG4vsNOKTZHuT1qkaJjylY=
Subject key identifier:   28:D1:80:FD:B9:E1:AD:BF:97:36:6B:EC:9D:EB:AF:0D:DA:BC:26:26
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       7B7C174FA563C92D13D01F83390FB9551BA5333E
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS211066.roa
Signing time:             Fri 11 Jul 2025 16:17:20 +0000
ROA not before:           Fri 11 Jul 2025 16:12:20 +0000
ROA not after:            Fri 10 Jul 2026 16:17:20 +0000
asID:                     211066
IP address blocks:        2a05:dfc3:fc00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 11:05:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:7c:17:4f:a5:63:c9:2d:13:d0:1f:83:39:0f:b9:55:1b:a5:33:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul 11 16:12:20 2025 GMT
            Not After : Jul 10 16:17:20 2026 GMT
        Subject: CN=28D180FDB9E1ADBF97366BEC9DEBAF0DDABC2626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:87:38:83:70:aa:ee:69:b7:6b:62:2d:71:22:
                    dd:9a:fd:62:1a:a1:f4:3d:41:89:73:62:f6:8d:de:
                    08:4a:a0:ec:b2:92:ad:97:09:c1:cb:5c:78:75:04:
                    0e:d7:c4:70:25:f5:0d:70:cd:da:6d:f5:41:78:9e:
                    eb:0c:be:d3:c8:82:d1:14:d1:a5:bb:42:c3:ca:e2:
                    71:6d:5a:ab:49:4a:1e:64:c8:e4:52:31:08:d1:91:
                    23:58:e8:0f:1b:4e:7c:94:9a:04:be:d1:9a:b9:96:
                    6a:33:67:2a:bd:90:09:69:a4:dd:b1:c7:d4:cd:45:
                    d3:46:e5:fc:54:5f:9d:b5:99:89:12:d9:d0:79:57:
                    f2:8b:0a:b7:62:92:be:fe:55:f9:c3:9c:aa:59:c7:
                    76:44:dc:e1:bd:93:de:28:85:15:ce:6f:fc:67:6c:
                    d8:74:7c:ec:4d:70:1c:c3:05:f4:81:75:49:c1:fe:
                    d1:01:93:81:e6:39:2a:69:ca:0b:ae:b9:27:f9:b7:
                    43:3b:23:2d:a7:c7:cf:81:f7:57:87:52:f4:82:87:
                    c9:eb:df:84:aa:d9:94:3d:2e:92:7f:f3:55:8f:0b:
                    26:f1:8d:52:66:cd:77:93:9f:71:d1:d1:1e:52:b3:
                    40:1e:fa:ea:b0:47:83:3f:30:b3:7a:1a:26:06:0c:
                    ab:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D1:80:FD:B9:E1:AD:BF:97:36:6B:EC:9D:EB:AF:0D:DA:BC:26:26
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS211066.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3:fc00::/40

    Signature Algorithm: sha256WithRSAEncryption
         33:09:91:4e:35:c0:22:b1:ae:c3:b3:e2:fe:22:62:94:e2:36:
         e6:15:d5:87:b2:70:7a:0f:a1:56:9c:de:04:86:48:7e:91:b1:
         f6:2f:85:90:5d:18:57:23:20:35:cf:88:53:a8:3c:b0:24:b8:
         b1:cb:e9:b2:37:54:81:0b:82:ca:af:18:9f:50:3a:17:86:9e:
         ea:fb:3c:d6:b2:23:96:fe:67:a0:a2:33:cf:c7:6c:1a:44:3c:
         fc:df:cf:4d:53:d8:2b:b1:e8:98:37:d0:e4:50:04:06:37:21:
         2b:5b:4a:a3:1a:2e:d7:77:9d:9f:f0:06:34:d7:2a:3d:e8:ff:
         ea:05:59:e8:d7:ec:85:41:15:85:0f:a9:27:33:0d:6e:cb:f5:
         e8:30:65:1c:f9:c2:fa:9c:1c:62:3d:3f:c4:75:07:de:e2:f0:
         d2:06:f8:2c:45:7f:79:b7:8c:37:fd:c9:48:15:6a:a8:9b:76:
         b2:6d:76:24:04:52:7d:83:36:c3:04:98:40:2a:71:d5:31:2d:
         48:b3:63:fb:29:a2:d4:a4:17:06:64:3e:6b:cc:28:a5:8f:3b:
         95:1d:e6:b3:b2:4e:00:71:c9:d8:c4:fa:f0:7b:c3:35:1e:3b:
         37:c0:b2:3c:83:64:83:1f:c7:2a:41:0b:e6:fc:4f:1b:88:6f:
         cd:d2:96:bc
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUe3wXT6VjyS0T0B+DOQ+5VRulMz4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MTExNjEyMjBaFw0yNjA3MTAxNjE3MjBaMDMxMTAvBgNV
BAMTKDI4RDE4MEZEQjlFMUFEQkY5NzM2NkJFQzlERUJBRjBEREFCQzI2MjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbhziDcKruabdrYi1xIt2a/WIa
ofQ9QYlzYvaN3ghKoOyykq2XCcHLXHh1BA7XxHAl9Q1wzdpt9UF4nusMvtPIgtEU
0aW7QsPK4nFtWqtJSh5kyORSMQjRkSNY6A8bTnyUmgS+0Zq5lmozZyq9kAlppN2x
x9TNRdNG5fxUX521mYkS2dB5V/KLCrdikr7+VfnDnKpZx3ZE3OG9k94ohRXOb/xn
bNh0fOxNcBzDBfSBdUnB/tEBk4HmOSppyguuuSf5t0M7Iy2nx8+B91eHUvSCh8nr
34Sq2ZQ9LpJ/81WPCybxjVJmzXeTn3HR0R5Ss0Ae+uqwR4M/MLN6GiYGDKujAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUKNGA/bnhrb+XNmvsneuvDdq8JiYwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTEwNjYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
Bd/D/DANBgkqhkiG9w0BAQsFAAOCAQEAMwmRTjXAIrGuw7Pi/iJilOI25hXVh7Jw
eg+hVpzeBIZIfpGx9i+FkF0YVyMgNc+IU6g8sCS4scvpsjdUgQuCyq8Yn1A6F4ae
6vs81rIjlv5noKIzz8dsGkQ8/N/PTVPYK7HomDfQ5FAEBjchK1tKoxou13edn/AG
NNcqPej/6gVZ6NfshUEVhQ+pJzMNbsv16DBlHPnC+pwcYj0/xHUH3uLw0gb4LEV/
ebeMN/3JSBVqqJt2sm12JARSfYM2wwSYQCpx1TEtSLNj+ymi1KQXBmQ+a8wopY87
lR3ms7JOAHHJ2MT68HvDNR47N8CyPINkgx/HKkEL5vxPG4hvzdKWvA==
-----END CERTIFICATE-----