Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215150.roa
File:                     AS215150.roa (raw, json)
Hash identifier:          7Lgz/TBOnUBMo2T0G5ipBJ89HzhoMu2O0s2Lk0TF5Xc=
Subject key identifier:   CC:8D:31:2A:47:47:66:94:3A:EC:B6:3F:A9:36:44:8B:62:7F:B3:B4
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       68F616E7683CB2673EFEE7721E0E05BA4A7F7076
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215150.roa
Signing time:             Thu 04 Jun 2026 16:51:51 +0000
ROA not before:           Thu 04 Jun 2026 16:46:51 +0000
ROA not after:            Thu 03 Jun 2027 16:51:51 +0000
asID:                     215150
IP address blocks:        2a0a:6044:acc0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Jun 2026 07:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:f6:16:e7:68:3c:b2:67:3e:fe:e7:72:1e:0e:05:ba:4a:7f:70:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jun  4 16:46:51 2026 GMT
            Not After : Jun  3 16:51:51 2027 GMT
        Subject: CN=CC8D312A474766943AECB63FA936448B627FB3B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ec:ec:51:b6:6e:20:33:cc:cc:3c:67:0b:f2:
                    6e:7c:71:ad:d5:99:e0:4c:78:bc:d1:96:d0:ad:05:
                    4c:30:7f:db:16:69:fd:fd:91:2a:4c:9c:5d:1a:9a:
                    60:93:70:bc:59:69:fd:78:47:ec:79:15:43:d0:f3:
                    0b:8b:03:e4:46:7b:e5:30:6b:f9:05:ab:c2:a7:62:
                    cd:76:ea:1d:4e:b8:9c:ef:c3:51:7c:88:e6:ea:b2:
                    0b:0a:1f:99:a3:58:d8:84:99:1b:f3:39:83:52:36:
                    e4:40:08:bb:ed:f7:cf:73:96:f6:05:ad:17:cf:ce:
                    7c:b8:a7:e0:cb:21:b9:aa:9c:ea:5a:49:6e:9f:b0:
                    9a:4a:c9:21:4b:dc:e5:94:d1:50:1f:08:4a:c8:ec:
                    95:89:85:a9:1e:bc:c8:95:76:5a:2c:aa:96:d7:53:
                    b4:5f:56:bf:fa:4b:39:fb:9f:24:d8:20:bf:1e:79:
                    f9:3f:92:cd:a2:01:f5:fa:8b:47:17:b8:c1:1f:42:
                    16:9f:70:e4:f5:3c:17:ae:2b:10:08:a8:af:f1:da:
                    16:48:07:7b:28:74:b2:dd:9b:97:c0:c9:85:e2:89:
                    ce:89:0a:ae:7f:96:60:01:72:38:dc:14:1c:ab:e6:
                    0f:fb:18:2f:e1:37:82:85:88:e7:d4:62:f4:f4:88:
                    dd:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:8D:31:2A:47:47:66:94:3A:EC:B6:3F:A9:36:44:8B:62:7F:B3:B4
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215150.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:acc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6b:2c:b1:e3:b0:1c:40:85:12:15:84:bf:48:f9:fa:3f:66:13:
         dd:34:28:a8:56:90:27:0e:d7:b4:e6:3c:8e:c5:a3:e1:3c:2c:
         f7:af:0f:ca:06:95:c6:20:25:60:a6:c1:40:6b:76:e3:dc:0a:
         e9:4b:b9:8f:a2:ee:25:20:64:a7:a8:31:dc:65:21:a3:c9:a2:
         81:4f:5a:45:4f:29:6f:d0:74:f7:cb:f5:bc:e2:00:13:12:ab:
         ea:98:bd:f4:e1:68:e6:77:4f:1f:c1:6c:7c:c6:83:ef:d9:97:
         c0:ab:88:b1:37:99:44:a8:5c:95:f8:b5:65:b6:6e:8c:27:47:
         ab:75:52:f8:22:f3:c1:0f:7f:9d:be:a6:16:64:c6:79:b5:38:
         93:dc:97:0c:8b:3d:46:05:20:99:6f:44:3b:0f:ba:41:60:e3:
         48:77:f6:91:11:1d:77:9d:4b:ff:a7:07:08:d7:48:11:a2:c6:
         25:d3:9a:32:f0:42:d2:9b:79:29:3a:20:ed:bb:96:26:e6:cd:
         af:87:d2:49:6a:6e:14:ab:d7:09:76:eb:54:b3:65:68:a7:73:
         d0:63:92:4e:55:be:ab:e3:97:00:2d:24:9d:84:37:c8:a9:0f:
         d0:f8:a7:23:ca:06:1d:6d:8e:56:51:a2:8e:8a:7c:ad:b0:39:
         69:9e:3e:c3
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUaPYW52g8smc+/udyHg4Fukp/cHYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA2MDQxNjQ2NTFaFw0yNzA2MDMxNjUxNTFaMDMxMTAvBgNV
BAMTKENDOEQzMTJBNDc0NzY2OTQzQUVDQjYzRkE5MzY0NDhCNjI3RkIzQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx7OxRtm4gM8zMPGcL8m58ca3V
meBMeLzRltCtBUwwf9sWaf39kSpMnF0ammCTcLxZaf14R+x5FUPQ8wuLA+RGe+Uw
a/kFq8KnYs126h1OuJzvw1F8iObqsgsKH5mjWNiEmRvzOYNSNuRACLvt989zlvYF
rRfPzny4p+DLIbmqnOpaSW6fsJpKySFL3OWU0VAfCErI7JWJhakevMiVdlosqpbX
U7RfVr/6Szn7nyTYIL8eefk/ks2iAfX6i0cXuMEfQhafcOT1PBeuKxAIqK/x2hZI
B3sodLLdm5fAyYXiic6JCq5/lmABcjjcFByr5g/7GC/hN4KFiOfUYvT0iN3VAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUzI0xKkdHZpQ67LY/qTZEi2J/s7QwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTUxNTAucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQq
CmBErMAwDQYJKoZIhvcNAQELBQADggEBAGssseOwHECFEhWEv0j5+j9mE900KKhW
kCcO17TmPI7Fo+E8LPevD8oGlcYgJWCmwUBrduPcCulLuY+i7iUgZKeoMdxlIaPJ
ooFPWkVPKW/QdPfL9bziABMSq+qYvfThaOZ3Tx/BbHzGg+/Zl8CriLE3mUSoXJX4
tWW2bownR6t1Uvgi88EPf52+phZkxnm1OJPclwyLPUYFIJlvRDsPukFg40h39pER
HXedS/+nBwjXSBGixiXTmjLwQtKbeSk6IO27libmza+H0klqbhSr1wl261SzZWin
c9Bjkk5VvqvjlwAtJJ2EN8ipD9D4pyPKBh1tjlZRoo6KfK2wOWmePsM=
-----END CERTIFICATE-----