Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS214915.roa
File:                     AS214915.roa (raw, json)
Hash identifier:          OznMf01KB/N/8XrIYOM75aM/dG+k8mBNUBFgsWhAS0g=
Subject key identifier:   7F:DD:B7:41:50:9F:8C:2D:E7:C0:EF:59:BB:70:40:12:A6:2B:F4:C9
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       1A7D4D1DF434F467DBB262CCC059FD74035AEBC2
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS214915.roa
Signing time:             Fri 01 Aug 2025 12:04:06 +0000
ROA not before:           Fri 01 Aug 2025 11:59:06 +0000
ROA not after:            Fri 31 Jul 2026 12:04:06 +0000
asID:                     214915
IP address blocks:        2a0f:6284:4300::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:7d:4d:1d:f4:34:f4:67:db:b2:62:cc:c0:59:fd:74:03:5a:eb:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Aug  1 11:59:06 2025 GMT
            Not After : Jul 31 12:04:06 2026 GMT
        Subject: CN=7FDDB741509F8C2DE7C0EF59BB704012A62BF4C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:83:59:be:31:93:2c:e7:eb:fe:59:f9:a2:5c:
                    59:bd:98:11:09:62:35:f3:f4:51:d5:04:17:b3:d2:
                    80:c9:26:bd:7b:24:6f:34:04:a5:97:3d:b4:5e:18:
                    1f:e6:bf:66:7f:71:0f:f7:d9:50:6e:14:39:5c:f0:
                    0f:0a:72:b9:dc:5b:af:57:13:0d:09:b0:fe:12:8d:
                    54:eb:07:dd:a6:f1:3c:b2:76:15:46:38:57:9f:f8:
                    c2:3f:97:a2:f9:60:fb:20:8c:52:6d:92:41:31:e8:
                    0c:38:e0:92:8c:58:b3:af:e5:1d:16:b6:c6:15:58:
                    07:32:ac:38:a4:27:1c:52:99:ae:f4:ea:80:62:9a:
                    2d:ad:4c:17:be:1e:05:cb:9f:d9:9a:6f:2b:97:69:
                    6a:09:1b:eb:83:49:ca:91:a3:a9:33:c4:cf:02:08:
                    50:4f:34:3c:02:35:db:dc:84:97:c5:45:12:39:f7:
                    19:e5:c7:6b:c2:01:45:02:04:a7:a2:f1:05:7c:93:
                    f0:11:bf:a9:81:85:ca:b9:43:76:66:ea:f1:ff:6d:
                    e6:fb:68:4f:6c:16:40:e9:7d:85:c4:85:8f:d8:6f:
                    86:cb:ce:c5:1a:ce:44:f7:00:9a:c8:98:ec:54:75:
                    ca:73:72:a0:6b:c1:44:47:3b:52:cf:e1:dc:8d:12:
                    ad:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:DD:B7:41:50:9F:8C:2D:E7:C0:EF:59:BB:70:40:12:A6:2B:F4:C9
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS214915.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:4300::/40

    Signature Algorithm: sha256WithRSAEncryption
         0e:b7:16:00:99:ed:90:ae:b5:49:36:e7:69:5f:7b:77:ba:e2:
         03:aa:f8:38:76:27:a8:34:03:54:59:79:9e:6e:ce:ed:3d:a6:
         0a:cb:a8:ea:ff:18:9c:51:55:7d:ed:95:44:85:e1:f4:e9:e7:
         b6:d4:b0:3f:e9:68:5f:5f:46:0f:e5:4d:60:ff:89:f7:4d:ce:
         6d:45:fe:91:69:f9:04:1d:92:72:5a:e5:0f:bf:24:6b:82:7c:
         35:e4:35:c7:bd:fb:b4:64:82:bf:c5:0e:40:2b:9d:b4:4f:bc:
         47:db:3e:c4:be:54:53:8d:70:fb:7e:9d:54:f0:e9:9b:98:87:
         ab:b3:15:6e:72:c4:d0:70:d7:0d:cb:75:d8:05:e7:8e:20:6f:
         4a:d2:8b:34:0d:38:4c:33:de:51:6b:f4:77:95:30:c7:3a:9b:
         ef:84:53:18:c7:1c:bf:1b:4d:83:21:0b:1e:07:48:2e:e5:82:
         00:e3:a8:f1:73:2d:a0:fd:48:e2:a0:49:94:a8:5c:fd:ba:26:
         0f:f2:83:b8:1a:f2:98:d0:46:4f:2e:43:69:2f:ed:a4:d9:d5:
         ca:ff:35:35:46:eb:a2:ff:b3:b8:b2:5e:40:0c:c0:21:07:66:
         69:3c:4e:5e:01:9c:0b:f3:ae:cc:de:9d:81:c2:c0:fb:11:da:
         9e:55:fe:df
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUGn1NHfQ09GfbsmLMwFn9dANa68IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA4MDExMTU5MDZaFw0yNjA3MzExMjA0MDZaMDMxMTAvBgNV
BAMTKDdGRERCNzQxNTA5RjhDMkRFN0MwRUY1OUJCNzA0MDEyQTYyQkY0QzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYg1m+MZMs5+v+WfmiXFm9mBEJ
YjXz9FHVBBez0oDJJr17JG80BKWXPbReGB/mv2Z/cQ/32VBuFDlc8A8KcrncW69X
Ew0JsP4SjVTrB92m8TyydhVGOFef+MI/l6L5YPsgjFJtkkEx6Aw44JKMWLOv5R0W
tsYVWAcyrDikJxxSma706oBimi2tTBe+HgXLn9mabyuXaWoJG+uDScqRo6kzxM8C
CFBPNDwCNdvchJfFRRI59xnlx2vCAUUCBKei8QV8k/ARv6mBhcq5Q3Zm6vH/beb7
aE9sFkDpfYXEhY/Yb4bLzsUazkT3AJrImOxUdcpzcqBrwURHO1LP4dyNEq3VAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUf923QVCfjC3nwO9Zu3BAEqYr9MkwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTQ5MTUucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
D2KEQzANBgkqhkiG9w0BAQsFAAOCAQEADrcWAJntkK61STbnaV97d7riA6r4OHYn
qDQDVFl5nm7O7T2mCsuo6v8YnFFVfe2VRIXh9OnnttSwP+loX19GD+VNYP+J903O
bUX+kWn5BB2SclrlD78ka4J8NeQ1x737tGSCv8UOQCudtE+8R9s+xL5UU41w+36d
VPDpm5iHq7MVbnLE0HDXDct12AXnjiBvStKLNA04TDPeUWv0d5Uwxzqb74RTGMcc
vxtNgyELHgdILuWCAOOo8XMtoP1I4qBJlKhc/bomD/KDuBrymNBGTy5DaS/tpNnV
yv81NUbrov+zuLJeQAzAIQdmaTxOXgGcC/OuzN6dgcLA+xHanlX+3w==
-----END CERTIFICATE-----