Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS214420.roa
File:                     AS214420.roa (raw, json)
Hash identifier:          zRpheH2aDTAQ/ebznqDBA4u9N8gKkOlxqmuSDdrBbmQ=
Subject key identifier:   8F:80:46:AF:FD:F8:2F:4A:66:39:FB:16:E3:6D:55:C6:0A:45:55:30
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       100BC97A70AFB34B402779BD39AF185D5317F488
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS214420.roa
Signing time:             Sat 02 Aug 2025 21:39:40 +0000
ROA not before:           Sat 02 Aug 2025 21:34:40 +0000
ROA not after:            Sat 01 Aug 2026 21:39:40 +0000
asID:                     214420
IP address blocks:        2a0f:6284:4100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 04:14:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:0b:c9:7a:70:af:b3:4b:40:27:79:bd:39:af:18:5d:53:17:f4:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Aug  2 21:34:40 2025 GMT
            Not After : Aug  1 21:39:40 2026 GMT
        Subject: CN=8F8046AFFDF82F4A6639FB16E36D55C60A455530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:64:9c:9b:bb:58:b0:70:ac:f4:1f:28:b1:7e:
                    43:1d:2c:37:45:48:5b:46:7d:d5:16:a5:22:7f:ac:
                    71:3e:83:1c:ac:de:54:c0:f8:ee:bc:9b:cd:ff:b5:
                    cd:7d:3b:53:d7:28:d1:ce:a9:46:1b:b4:cc:50:a1:
                    eb:1f:ba:f6:11:d2:01:b0:89:b4:35:fc:dc:5b:7f:
                    14:73:cf:1a:88:7e:db:4a:16:03:7f:ec:1d:ad:ba:
                    6b:65:56:43:5d:77:bc:b2:2a:be:03:19:06:90:b2:
                    ab:c7:85:0b:93:04:b3:e8:ea:a9:19:de:ff:ec:6e:
                    34:1b:85:86:5c:b2:19:d5:01:84:5c:80:a1:79:da:
                    30:9f:e8:c6:9d:f8:cb:e2:41:e9:d4:80:43:d8:54:
                    42:49:b3:85:88:af:53:1f:b9:76:29:35:73:ae:04:
                    99:c7:26:3c:64:3b:6e:09:b6:ce:89:4b:b2:8f:5d:
                    ae:8a:22:36:9b:7d:2e:ed:60:b2:56:81:fb:fe:43:
                    10:62:39:d0:da:f2:a6:b2:4c:59:3f:be:7d:7b:dd:
                    de:65:d0:f2:43:db:4a:04:bc:c4:9d:fe:64:7d:d6:
                    a8:27:72:76:f4:29:f1:fb:63:ff:e5:63:8e:3a:80:
                    40:ce:38:ef:f5:e0:b1:1d:a6:2c:d4:26:91:a0:33:
                    ed:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:80:46:AF:FD:F8:2F:4A:66:39:FB:16:E3:6D:55:C6:0A:45:55:30
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS214420.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:4100::/40

    Signature Algorithm: sha256WithRSAEncryption
         30:69:fa:7c:3f:24:e9:c0:9b:a8:13:57:92:0e:dc:46:bc:0c:
         c4:73:44:09:4a:ad:83:ef:74:c1:96:eb:5b:a7:f5:27:0b:d5:
         94:49:c9:24:4e:2d:ca:fb:40:61:0c:e2:68:79:4c:f6:93:57:
         91:7f:5a:a7:d7:28:ec:f7:22:33:fd:4d:2b:b5:4c:42:c0:6b:
         ca:ae:7b:af:8e:c8:fe:46:b7:87:66:13:51:81:1f:c7:c4:a1:
         c5:41:06:c4:f9:37:80:a0:30:c1:a1:97:1d:9e:34:30:11:9f:
         47:71:e7:a9:7a:11:b1:d4:4b:4c:b5:b4:71:d6:75:d3:8d:1a:
         30:2e:c5:90:76:75:f9:26:67:2e:3a:2b:80:14:06:e4:eb:87:
         a3:15:f4:50:d1:48:7f:ee:7b:86:be:72:f4:5d:72:17:5c:04:
         10:50:5d:b0:fe:e7:57:82:0b:12:ad:97:50:94:6c:e1:f9:57:
         41:44:91:35:49:0b:4e:d0:aa:36:bc:ba:2a:be:76:ba:a3:0c:
         37:d4:a8:03:25:5b:37:93:15:4c:85:ad:28:8c:8a:19:bb:f4:
         1a:b4:2b:5b:35:84:04:14:8d:e7:44:0e:aa:6e:61:85:de:8d:
         7f:70:3a:bf:8a:1b:8d:cf:36:41:9f:96:5e:19:b5:70:37:22:
         51:f5:bb:9b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUEAvJenCvs0tAJ3m9Oa8YXVMX9IgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA4MDIyMTM0NDBaFw0yNjA4MDEyMTM5NDBaMDMxMTAvBgNV
BAMTKDhGODA0NkFGRkRGODJGNEE2NjM5RkIxNkUzNkQ1NUM2MEE0NTU1MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUZJybu1iwcKz0HyixfkMdLDdF
SFtGfdUWpSJ/rHE+gxys3lTA+O68m83/tc19O1PXKNHOqUYbtMxQoesfuvYR0gGw
ibQ1/NxbfxRzzxqIfttKFgN/7B2tumtlVkNdd7yyKr4DGQaQsqvHhQuTBLPo6qkZ
3v/sbjQbhYZcshnVAYRcgKF52jCf6Mad+MviQenUgEPYVEJJs4WIr1MfuXYpNXOu
BJnHJjxkO24Jts6JS7KPXa6KIjabfS7tYLJWgfv+QxBiOdDa8qayTFk/vn173d5l
0PJD20oEvMSd/mR91qgncnb0KfH7Y//lY446gEDOOO/14LEdpizUJpGgM+1FAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUj4BGr/34L0pmOfsW421VxgpFVTAwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTQ0MjAucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
D2KEQTANBgkqhkiG9w0BAQsFAAOCAQEAMGn6fD8k6cCbqBNXkg7cRrwMxHNECUqt
g+90wZbrW6f1JwvVlEnJJE4tyvtAYQziaHlM9pNXkX9ap9co7PciM/1NK7VMQsBr
yq57r47I/ka3h2YTUYEfx8ShxUEGxPk3gKAwwaGXHZ40MBGfR3HnqXoRsdRLTLW0
cdZ1040aMC7FkHZ1+SZnLjorgBQG5OuHoxX0UNFIf+57hr5y9F1yF1wEEFBdsP7n
V4ILEq2XUJRs4flXQUSRNUkLTtCqNry6Kr52uqMMN9SoAyVbN5MVTIWtKIyKGbv0
GrQrWzWEBBSN50QOqm5hhd6Nf3A6v4objc82QZ+WXhm1cDciUfW7mw==
-----END CERTIFICATE-----