Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS213866.roa
File:                     AS213866.roa (raw, json)
Hash identifier:          e9ap+x6qMxUHpVMIPG9dDuLLlQysxNEsZXtaV3EjWXE=
Subject key identifier:   FA:91:60:64:55:3E:CB:7A:1D:7E:3D:BA:73:44:EB:27:A6:1E:63:49
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       029536A3ACDE3A3603BF64EE5E7DFE9160A2F1AE
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS213866.roa
Signing time:             Sat 01 Nov 2025 21:34:11 +0000
ROA not before:           Sat 01 Nov 2025 21:29:11 +0000
ROA not after:            Sat 31 Oct 2026 21:34:11 +0000
asID:                     213866
IP address blocks:        2a0f:6284:4218::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 10:22:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:95:36:a3:ac:de:3a:36:03:bf:64:ee:5e:7d:fe:91:60:a2:f1:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Nov  1 21:29:11 2025 GMT
            Not After : Oct 31 21:34:11 2026 GMT
        Subject: CN=FA916064553ECB7A1D7E3DBA7344EB27A61E6349
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4b:92:f9:63:74:e8:c0:5b:44:71:32:05:21:
                    aa:1c:73:ac:d4:23:23:3a:f5:22:48:f0:d5:ab:24:
                    b4:ca:fc:64:c9:53:ac:ab:a5:52:75:b0:07:db:75:
                    5d:45:88:72:9b:97:16:23:2e:ac:0d:4e:d3:a6:b2:
                    c6:10:80:15:39:01:b9:d2:14:d7:95:d1:13:13:bd:
                    a9:a6:47:38:79:ff:56:75:1e:23:4e:46:71:43:8f:
                    20:f6:78:8b:ba:32:08:99:d4:b6:bc:20:12:69:f5:
                    af:21:9e:f8:87:f0:b1:4f:97:a8:19:c2:99:3f:e0:
                    5f:76:5c:69:63:cb:95:a7:31:9c:00:0a:8a:a1:22:
                    74:22:d7:57:cb:99:0f:28:c4:1f:3e:e4:36:e0:08:
                    45:7d:3d:56:c4:a1:11:f3:dd:29:24:8b:57:92:c3:
                    04:d7:45:54:68:de:89:d1:6f:8e:b1:4c:10:6e:f4:
                    ec:ae:9a:c3:da:a9:00:71:a4:17:70:5e:0c:6d:b4:
                    94:e3:8f:2c:ab:17:6e:e8:fe:0a:17:7b:67:7e:9a:
                    27:d6:87:2a:8b:3a:06:fa:2a:e9:e4:99:63:bd:3b:
                    9f:ba:e5:f7:43:5a:c3:cf:84:36:58:15:a6:cd:5f:
                    a2:f0:67:55:a9:e0:41:4f:f3:78:1b:e0:86:b2:26:
                    ea:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:91:60:64:55:3E:CB:7A:1D:7E:3D:BA:73:44:EB:27:A6:1E:63:49
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS213866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:4218::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:8e:cf:74:3b:a1:f0:de:26:5b:86:63:d5:15:0e:29:93:6b:
         68:d5:44:13:f2:d7:23:24:df:8b:52:db:fd:24:59:73:53:04:
         2b:60:eb:1c:52:f7:77:cf:1d:b0:55:19:ac:6f:f4:49:f4:2c:
         e0:49:19:d3:ea:50:f5:10:ac:75:52:8b:6f:41:f9:fe:2d:b0:
         e6:c6:d6:c1:50:ff:20:63:f7:35:b6:7b:0d:5c:4a:50:4b:5f:
         29:f7:a7:45:9a:bb:7a:d0:70:de:1f:4e:42:e6:a2:3a:3e:5f:
         50:91:9b:c9:dc:14:f2:7f:4c:80:e6:2a:f5:3b:55:29:15:f3:
         d7:c1:c5:6f:7a:83:39:92:c0:f1:e2:84:bb:83:12:ed:e4:3b:
         14:71:4d:89:ce:a3:f8:94:ba:5c:59:51:20:09:37:75:7d:13:
         9a:43:f8:75:2f:d9:d9:e0:ea:c3:fe:f6:3a:1e:4b:e8:62:f1:
         7e:fd:fd:2f:b9:e3:1a:89:ea:83:55:85:ff:c7:bb:c6:27:9d:
         a4:4a:88:c3:c2:5d:69:d9:7c:00:aa:93:94:72:af:85:a1:b7:
         55:f3:ee:6a:ae:cc:d3:99:fe:e8:0a:c4:67:e6:10:8f:7c:7f:
         05:ce:b4:7c:19:38:ab:26:ca:2b:4d:36:63:2a:25:e3:4e:14:
         60:99:2e:4b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUApU2o6zeOjYDv2TuXn3+kWCi8a4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTExMDEyMTI5MTFaFw0yNjEwMzEyMTM0MTFaMDMxMTAvBgNV
BAMTKEZBOTE2MDY0NTUzRUNCN0ExRDdFM0RCQTczNDRFQjI3QTYxRTYzNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDES5L5Y3TowFtEcTIFIaocc6zU
IyM69SJI8NWrJLTK/GTJU6yrpVJ1sAfbdV1FiHKblxYjLqwNTtOmssYQgBU5AbnS
FNeV0RMTvammRzh5/1Z1HiNORnFDjyD2eIu6MgiZ1La8IBJp9a8hnviH8LFPl6gZ
wpk/4F92XGljy5WnMZwACoqhInQi11fLmQ8oxB8+5DbgCEV9PVbEoRHz3Skki1eS
wwTXRVRo3onRb46xTBBu9OyumsPaqQBxpBdwXgxttJTjjyyrF27o/goXe2d+mifW
hyqLOgb6KunkmWO9O5+65fdDWsPPhDZYFabNX6LwZ1Wp4EFP83gb4IayJuq5AgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQU+pFgZFU+y3odfj26c0TrJ6YeY0kwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTM4NjYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
D2KEQhgwDQYJKoZIhvcNAQELBQADggEBAA2Oz3Q7ofDeJluGY9UVDimTa2jVRBPy
1yMk34tS2/0kWXNTBCtg6xxS93fPHbBVGaxv9En0LOBJGdPqUPUQrHVSi29B+f4t
sObG1sFQ/yBj9zW2ew1cSlBLXyn3p0Wau3rQcN4fTkLmojo+X1CRm8ncFPJ/TIDm
KvU7VSkV89fBxW96gzmSwPHihLuDEu3kOxRxTYnOo/iUulxZUSAJN3V9E5pD+HUv
2dng6sP+9joeS+hi8X79/S+54xqJ6oNVhf/Hu8YnnaRKiMPCXWnZfACqk5Ryr4Wh
t1Xz7mquzNOZ/ugKxGfmEI98fwXOtHwZOKsmyitNNmMqJeNOFGCZLks=
-----END CERTIFICATE-----