Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS214206.roa
File:                     AS214206.roa (raw, json)
Hash identifier:          xxkoXPMXfF8sc09mXyMn0jg2VbWZ0k894bnoEJKXk8w=
Subject key identifier:   FC:5A:4E:EF:F5:5F:E5:07:71:08:97:20:C2:DF:11:11:27:57:8A:96
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       26729BD2B1D61E45DCF815065E58344F468BCE1F
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS214206.roa
Signing time:             Thu 04 Jun 2026 16:51:48 +0000
ROA not before:           Thu 04 Jun 2026 16:46:48 +0000
ROA not after:            Thu 03 Jun 2027 16:51:48 +0000
asID:                     214206
IP address blocks:        2a05:dfc3:fd70::/44 maxlen: 52
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 22:25:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:72:9b:d2:b1:d6:1e:45:dc:f8:15:06:5e:58:34:4f:46:8b:ce:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jun  4 16:46:48 2026 GMT
            Not After : Jun  3 16:51:48 2027 GMT
        Subject: CN=FC5A4EEFF55FE50771089720C2DF111127578A96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d9:a7:fe:7b:38:12:73:72:4d:0b:5c:67:99:
                    a7:fa:63:a2:7b:dd:24:e2:70:51:61:82:c5:1b:c0:
                    ea:37:e9:87:a6:ff:18:e3:0f:a8:9f:1d:32:6a:4d:
                    6b:6d:ae:69:b6:88:8d:f8:b4:f4:f4:4c:1f:84:b2:
                    69:8e:69:c8:94:73:7b:b7:ad:46:29:1e:2e:56:da:
                    11:d2:cb:78:ce:c8:d1:8e:6d:36:d3:04:f3:5f:b5:
                    d2:d3:ff:65:33:0f:6e:f4:ac:02:12:e2:da:7f:4e:
                    ee:57:55:93:c2:2a:ab:0e:ff:c2:30:60:07:6e:54:
                    30:2f:0d:ec:2d:53:0b:ee:9b:e2:54:c3:5c:30:5a:
                    b5:de:40:b8:63:5f:af:9e:b8:56:42:67:c0:d6:59:
                    8b:59:52:84:fb:df:cd:f8:b0:ad:f8:35:5b:e0:c8:
                    a6:97:6a:66:b3:c0:64:72:26:f4:cd:a5:09:54:4d:
                    ca:53:2f:21:62:93:d2:42:ae:8e:54:71:66:4a:cf:
                    ec:a4:b9:dd:a3:ca:30:a3:6b:5b:85:c5:9a:78:d1:
                    8d:a7:42:f0:3a:79:be:b7:a3:5b:7d:9d:74:9d:39:
                    b3:89:a5:70:44:af:f2:01:40:68:db:6a:cc:f5:7c:
                    4c:0a:75:ed:35:35:36:0d:30:32:25:29:f1:b9:36:
                    de:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:5A:4E:EF:F5:5F:E5:07:71:08:97:20:C2:DF:11:11:27:57:8A:96
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS214206.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3:fd70::/44

    Signature Algorithm: sha256WithRSAEncryption
         4a:18:16:ed:28:e0:76:c4:07:c9:51:2a:74:65:29:02:59:8a:
         d8:9c:2a:9c:13:df:17:27:24:07:34:fe:2a:96:8c:de:d0:01:
         7f:03:67:d4:f8:2a:ad:28:e8:12:c3:29:74:9f:9b:99:0d:c6:
         8d:2e:93:89:47:8b:23:d9:89:fa:68:ce:a2:4c:0e:af:87:11:
         b4:f8:66:33:48:0f:13:8d:76:ee:47:a1:6f:49:34:5b:66:c9:
         ae:33:1c:2b:d4:76:72:22:6a:61:52:c6:57:6d:fa:d2:22:16:
         a0:9f:c2:7f:bc:4c:8f:c9:a9:a2:67:78:e9:37:ca:9d:5a:5e:
         24:bf:c9:d8:52:21:16:e4:54:b1:20:11:5e:35:be:0e:04:8d:
         16:7c:42:24:2f:00:5b:d9:51:61:5d:2c:9d:69:22:8a:0a:cc:
         f3:77:53:73:4e:6f:94:c6:0b:95:8d:a2:2c:8d:db:48:8e:17:
         b6:8f:5c:5c:df:67:1b:4d:98:5b:27:67:c6:9d:bd:14:30:d4:
         aa:54:4d:60:d4:5f:72:45:20:dd:f2:7a:e0:8b:83:38:30:7f:
         0b:59:89:64:fd:9c:2c:d9:98:b5:ea:86:4e:b5:0d:77:e9:e0:
         13:9e:6c:eb:ad:d8:2b:94:b0:fb:24:ba:64:30:35:ba:ed:20:
         cf:dd:7a:c4
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUJnKb0rHWHkXc+BUGXlg0T0aLzh8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA2MDQxNjQ2NDhaFw0yNzA2MDMxNjUxNDhaMDMxMTAvBgNV
BAMTKEZDNUE0RUVGRjU1RkU1MDc3MTA4OTcyMEMyREYxMTExMjc1NzhBOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM2af+ezgSc3JNC1xnmaf6Y6J7
3STicFFhgsUbwOo36Yem/xjjD6ifHTJqTWttrmm2iI34tPT0TB+EsmmOaciUc3u3
rUYpHi5W2hHSy3jOyNGObTbTBPNftdLT/2UzD270rAIS4tp/Tu5XVZPCKqsO/8Iw
YAduVDAvDewtUwvum+JUw1wwWrXeQLhjX6+euFZCZ8DWWYtZUoT73834sK34NVvg
yKaXamazwGRyJvTNpQlUTcpTLyFik9JCro5UcWZKz+ykud2jyjCja1uFxZp40Y2n
QvA6eb63o1t9nXSdObOJpXBEr/IBQGjbasz1fEwKde01NTYNMDIlKfG5Nt6rAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQU/FpO7/Vf5QdxCJcgwt8RESdXipYwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTQyMDYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQq
Bd/D/XAwDQYJKoZIhvcNAQELBQADggEBAEoYFu0o4HbEB8lRKnRlKQJZiticKpwT
3xcnJAc0/iqWjN7QAX8DZ9T4Kq0o6BLDKXSfm5kNxo0uk4lHiyPZifpozqJMDq+H
EbT4ZjNIDxONdu5HoW9JNFtmya4zHCvUdnIiamFSxldt+tIiFqCfwn+8TI/JqaJn
eOk3yp1aXiS/ydhSIRbkVLEgEV41vg4EjRZ8QiQvAFvZUWFdLJ1pIooKzPN3U3NO
b5TGC5WNoiyN20iOF7aPXFzfZxtNmFsnZ8advRQw1KpUTWDUX3JFIN3yeuCLgzgw
fwtZiWT9nCzZmLXqhk61DXfp4BOebOut2CuUsPskumQwNbrtIM/desQ=
-----END CERTIFICATE-----