Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS214610.roa
File:                     AS214610.roa (raw, json)
Hash identifier:          SqpZHX0rgBvsdv4jlcLx9g4PKBHP0aLpT5WpSIv/MsI=
Subject key identifier:   72:78:A3:06:20:C7:FE:90:31:44:2D:E4:60:4E:9E:89:F3:A4:6E:51
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       0A021E1D36FE516AD1A92E786D47C8E8041B6CE8
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS214610.roa
Signing time:             Tue 04 Nov 2025 16:15:30 +0000
ROA not before:           Tue 04 Nov 2025 16:10:30 +0000
ROA not after:            Tue 03 Nov 2026 16:15:30 +0000
asID:                     214610
IP address blocks:        2a0f:6284:300::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:43:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:02:1e:1d:36:fe:51:6a:d1:a9:2e:78:6d:47:c8:e8:04:1b:6c:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Nov  4 16:10:30 2025 GMT
            Not After : Nov  3 16:15:30 2026 GMT
        Subject: CN=7278A30620C7FE9031442DE4604E9E89F3A46E51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:88:bb:48:19:f0:46:fc:74:cc:cc:01:14:0d:
                    1f:34:9e:28:ea:2b:2a:a2:65:2f:9b:7c:62:03:23:
                    b0:b4:0e:17:d7:0d:9a:34:59:d7:b4:86:ad:24:63:
                    5e:d0:a4:78:a7:6a:d9:5e:48:ba:b2:92:75:35:9d:
                    99:b2:01:e9:c8:ef:ab:cc:0c:53:33:72:08:b8:16:
                    a7:8e:64:22:04:90:1d:8b:38:76:08:03:9b:c8:a2:
                    97:c1:4e:79:61:84:e4:96:bc:2b:a8:0b:08:0b:8e:
                    be:8a:74:ef:92:74:39:79:1b:58:18:91:88:a9:03:
                    88:8b:a9:16:43:5e:31:bb:2c:f2:f6:a5:d9:a6:90:
                    4f:f6:bc:4c:01:f3:ef:21:4d:59:d2:d8:f3:85:d8:
                    04:4b:c4:96:15:22:1f:3b:03:e0:69:a1:54:30:27:
                    b9:7e:65:91:34:a0:73:91:51:24:43:69:ad:91:e1:
                    6f:5c:3c:18:9f:cf:e3:69:87:78:a0:64:bb:e6:b5:
                    87:fa:a8:e2:97:07:9e:13:ff:8e:da:bc:79:1a:bb:
                    e4:c7:ff:9d:10:bf:05:03:8f:16:62:77:0a:50:ea:
                    93:26:f2:ff:60:9b:aa:6a:f5:80:7d:72:57:a0:88:
                    ae:04:6f:f8:1c:0a:e8:40:53:24:bf:f6:c3:12:49:
                    e6:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:78:A3:06:20:C7:FE:90:31:44:2D:E4:60:4E:9E:89:F3:A4:6E:51
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS214610.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         64:16:7b:83:37:96:d5:7f:e0:75:06:08:75:dd:a0:75:15:15:
         56:93:4c:fc:41:b9:42:86:e9:83:9a:f1:01:39:0b:65:b0:7d:
         a2:4d:07:9b:fa:e6:b4:6d:a5:fe:7d:ff:f5:1a:8f:48:8f:d0:
         7e:57:c8:1d:23:3c:93:d6:37:70:fb:4a:83:83:2b:9d:69:36:
         99:68:3b:65:f1:a4:73:bf:c8:bf:37:c4:9c:1b:b7:95:3c:86:
         d3:85:35:91:a9:52:ee:6c:77:9d:28:81:de:30:c0:df:77:17:
         93:20:b4:19:fe:b0:85:f7:9f:20:db:50:cd:3c:67:31:e3:bd:
         25:d6:d7:01:ac:33:ce:b3:a2:10:0f:db:4a:d6:6e:53:a3:f7:
         6f:02:25:74:0f:ad:31:8e:1e:6a:76:77:21:22:5b:ba:db:72:
         4a:03:1e:f4:06:1b:72:3b:c4:85:d5:eb:08:cb:f5:b0:fc:7e:
         d9:f9:d2:4b:9f:51:3e:c9:20:df:1e:71:23:e4:f5:f7:06:52:
         db:58:ee:07:2e:8e:9d:ec:8c:e3:db:0f:0d:49:22:f8:43:fe:
         28:25:64:11:30:3c:e6:7c:2c:9a:04:ef:1c:da:1a:a0:7f:ef:
         49:aa:16:1b:fe:f3:76:d2:73:16:6b:51:fe:a8:c5:ae:0a:23:
         2a:ef:d2:30
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUCgIeHTb+UWrRqS54bUfI6AQbbOgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTExMDQxNjEwMzBaFw0yNjExMDMxNjE1MzBaMDMxMTAvBgNV
BAMTKDcyNzhBMzA2MjBDN0ZFOTAzMTQ0MkRFNDYwNEU5RTg5RjNBNDZFNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAiLtIGfBG/HTMzAEUDR80nijq
KyqiZS+bfGIDI7C0DhfXDZo0Wde0hq0kY17QpHinatleSLqyknU1nZmyAenI76vM
DFMzcgi4FqeOZCIEkB2LOHYIA5vIopfBTnlhhOSWvCuoCwgLjr6KdO+SdDl5G1gY
kYipA4iLqRZDXjG7LPL2pdmmkE/2vEwB8+8hTVnS2POF2ARLxJYVIh87A+BpoVQw
J7l+ZZE0oHORUSRDaa2R4W9cPBifz+Nph3igZLvmtYf6qOKXB54T/47avHkau+TH
/50QvwUDjxZidwpQ6pMm8v9gm6pq9YB9clegiK4Eb/gcCuhAUyS/9sMSSeZLAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUcnijBiDH/pAxRC3kYE6eifOkblEwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTQ2MTAucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
D2KEAzANBgkqhkiG9w0BAQsFAAOCAQEAZBZ7gzeW1X/gdQYIdd2gdRUVVpNM/EG5
Qobpg5rxATkLZbB9ok0Hm/rmtG2l/n3/9RqPSI/QflfIHSM8k9Y3cPtKg4MrnWk2
mWg7ZfGkc7/IvzfEnBu3lTyG04U1kalS7mx3nSiB3jDA33cXkyC0Gf6whfefINtQ
zTxnMeO9JdbXAawzzrOiEA/bStZuU6P3bwIldA+tMY4eanZ3ISJbuttySgMe9AYb
cjvEhdXrCMv1sPx+2fnSS59RPskg3x5xI+T19wZS21juBy6OneyM49sPDUki+EP+
KCVkETA85nwsmgTvHNoaoH/vSaoWG/7zdtJzFmtR/qjFrgojKu/SMA==
-----END CERTIFICATE-----