Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215150.roa
File:                     AS215150.roa (raw, json)
Hash identifier:          Q2F+Yvv/DrFL/T0UBQZrtO3LnaQmFqQfEyRF/bhdz4o=
Subject key identifier:   5F:08:31:FD:45:96:89:43:FE:08:3C:0B:4B:05:19:9B:41:30:58:59
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       02FC3ACF2B82AABD821CA6E45E6209FB9F849A00
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215150.roa
Signing time:             Thu 03 Jul 2025 15:53:09 +0000
ROA not before:           Thu 03 Jul 2025 15:48:09 +0000
ROA not after:            Thu 02 Jul 2026 15:53:09 +0000
asID:                     215150
IP address blocks:        2a0a:6044:acc0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:fc:3a:cf:2b:82:aa:bd:82:1c:a6:e4:5e:62:09:fb:9f:84:9a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:09 2025 GMT
            Not After : Jul  2 15:53:09 2026 GMT
        Subject: CN=5F0831FD45968943FE083C0B4B05199B41305859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:59:55:01:55:7c:59:a9:aa:dd:5c:51:1f:5c:
                    cb:b4:a9:6c:4a:e6:d4:dd:66:d9:58:ca:18:81:bd:
                    ff:e5:d8:99:d5:57:58:9e:a4:88:0d:50:bd:c6:26:
                    0c:00:af:a8:83:de:fd:1c:4b:e8:37:49:3c:b3:f8:
                    b0:bd:61:64:ff:d8:fa:91:df:aa:e8:7a:d4:1b:35:
                    cb:e1:bd:65:ee:79:54:ce:ae:42:d4:3f:a9:5c:1a:
                    8b:c6:c1:39:54:b9:0e:80:83:d9:26:88:bd:bc:ac:
                    17:79:18:d0:f7:97:be:2c:48:db:1d:25:6a:1d:29:
                    0a:7a:56:a3:0e:dc:eb:e7:1f:f4:c9:07:61:d6:b8:
                    88:aa:5d:b5:9a:eb:aa:ba:34:bc:22:3d:1a:b8:2d:
                    7e:65:a8:5c:15:60:f2:04:3c:36:1f:8b:85:4f:88:
                    a3:41:f3:1c:43:18:a4:3f:22:20:8f:cb:b9:ad:20:
                    1a:4e:c6:6d:c5:ef:64:2d:b6:a1:0f:b0:4f:d4:44:
                    14:6d:a1:67:7f:d0:fc:a0:fd:d8:55:00:66:aa:67:
                    eb:42:c7:c4:4b:88:2f:87:cb:db:47:5e:21:1a:75:
                    b2:20:80:60:ef:66:b6:19:b6:bc:a0:87:1a:47:d3:
                    13:01:ec:e0:8c:24:3e:c4:5c:ea:40:6d:b5:4f:0a:
                    76:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:08:31:FD:45:96:89:43:FE:08:3C:0B:4B:05:19:9B:41:30:58:59
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215150.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:acc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         31:76:eb:61:9e:35:68:8a:b4:62:89:37:3b:38:f7:bc:53:80:
         ff:c3:e8:19:8e:b2:d9:b2:c3:74:df:f9:19:ed:fb:d0:2a:97:
         59:d6:e2:42:25:7e:65:2b:29:13:0d:e6:2f:3e:4e:bb:6a:db:
         ba:04:f0:3e:88:1d:80:02:36:a2:30:4b:36:c0:1d:a7:6d:8f:
         7a:6c:56:5b:1a:ad:db:b7:ea:85:b0:40:f1:ea:31:66:d5:0a:
         ea:4c:79:60:e7:98:38:f8:78:d3:08:2c:41:94:ae:8e:8a:80:
         92:df:af:6c:cf:91:3e:76:94:f8:ad:b5:ce:a3:93:07:15:0f:
         e2:34:fd:4d:ca:0d:e9:fe:22:6b:8a:d6:ca:89:7c:31:8d:97:
         79:23:c6:43:ad:2d:9a:1e:1e:db:12:e1:3b:04:74:16:14:e9:
         35:81:03:ba:ee:35:b9:6c:25:74:a4:25:8b:64:5d:6a:18:52:
         a3:32:b6:5b:74:0e:fa:1b:2f:f2:5b:62:2c:7f:c6:4c:9b:48:
         13:9a:a5:83:b2:72:44:c7:36:9d:99:1e:35:69:fa:99:f1:ab:
         59:72:f2:ef:d4:6e:a5:3d:5d:43:aa:cd:3d:92:f8:60:4a:97:
         8a:05:73:e2:e9:43:75:38:c1:a6:6c:c5:2b:2b:22:dd:a3:84:
         c3:c4:fc:10
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUAvw6zyuCqr2CHKbkXmIJ+5+EmgAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDlaFw0yNjA3MDIxNTUzMDlaMDMxMTAvBgNV
BAMTKDVGMDgzMUZENDU5Njg5NDNGRTA4M0MwQjRCMDUxOTlCNDEzMDU4NTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXWVUBVXxZqardXFEfXMu0qWxK
5tTdZtlYyhiBvf/l2JnVV1iepIgNUL3GJgwAr6iD3v0cS+g3STyz+LC9YWT/2PqR
36roetQbNcvhvWXueVTOrkLUP6lcGovGwTlUuQ6Ag9kmiL28rBd5GND3l74sSNsd
JWodKQp6VqMO3OvnH/TJB2HWuIiqXbWa66q6NLwiPRq4LX5lqFwVYPIEPDYfi4VP
iKNB8xxDGKQ/IiCPy7mtIBpOxm3F72QttqEPsE/URBRtoWd/0Pyg/dhVAGaqZ+tC
x8RLiC+Hy9tHXiEadbIggGDvZrYZtryghxpH0xMB7OCMJD7EXOpAbbVPCnYTAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUXwgx/UWWiUP+CDwLSwUZm0EwWFkwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTUxNTAucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQq
CmBErMAwDQYJKoZIhvcNAQELBQADggEBADF262GeNWiKtGKJNzs497xTgP/D6BmO
stmyw3Tf+Rnt+9Aql1nW4kIlfmUrKRMN5i8+Trtq27oE8D6IHYACNqIwSzbAHadt
j3psVlsardu36oWwQPHqMWbVCupMeWDnmDj4eNMILEGUro6KgJLfr2zPkT52lPit
tc6jkwcVD+I0/U3KDen+ImuK1sqJfDGNl3kjxkOtLZoeHtsS4TsEdBYU6TWBA7ru
NblsJXSkJYtkXWoYUqMytlt0DvobL/JbYix/xkybSBOapYOyckTHNp2ZHjVp+pnx
q1ly8u/UbqU9XUOqzT2S+GBKl4oFc+LpQ3U4waZsxSsrIt2jhMPE/BA=
-----END CERTIFICATE-----