Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215265.roa
File:                     AS215265.roa (raw, json)
Hash identifier:          2BvI5ax9TCzfvvh4Jqkb45+xHMjO6rtLXr/HFui06D8=
Subject key identifier:   67:62:20:2D:91:6F:50:DA:24:3E:5D:EC:60:30:9A:33:19:69:F8:38
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       53F7A1CF11277E9422A01C791451965FA7F2B89C
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215265.roa
Signing time:             Tue 04 Nov 2025 10:25:48 +0000
ROA not before:           Tue 04 Nov 2025 10:20:48 +0000
ROA not after:            Tue 03 Nov 2026 10:25:48 +0000
asID:                     215265
IP address blocks:        2a06:1284::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:f7:a1:cf:11:27:7e:94:22:a0:1c:79:14:51:96:5f:a7:f2:b8:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Nov  4 10:20:48 2025 GMT
            Not After : Nov  3 10:25:48 2026 GMT
        Subject: CN=6762202D916F50DA243E5DEC60309A331969F838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7e:48:7f:87:49:64:aa:f3:92:88:f9:5c:04:
                    27:49:fc:9a:e6:60:4d:97:6c:3c:68:64:6c:6c:10:
                    f6:61:3f:36:48:fa:02:59:4a:fb:c1:a4:68:62:ba:
                    e5:ff:01:b9:f6:09:9a:b1:18:b7:96:ff:e4:48:de:
                    01:21:ac:d1:e0:c9:c8:8b:d9:4e:22:f3:67:28:68:
                    83:c9:35:1d:8e:d5:e7:37:88:f4:bd:02:6e:d9:27:
                    96:4d:a4:3a:ba:6a:dd:5b:fc:bc:3a:e4:44:71:68:
                    a0:d5:30:09:17:27:55:98:fd:51:54:28:c0:79:9a:
                    07:ad:c4:35:2d:7a:4b:af:2f:8d:38:12:61:73:7b:
                    7b:db:29:00:e3:f1:c6:5d:a5:e0:f0:76:c7:c1:59:
                    73:bd:c9:47:38:e0:9a:d0:66:75:e0:09:2d:24:16:
                    34:c0:2b:92:23:04:74:ec:52:4d:d1:31:2e:a2:3d:
                    ae:30:63:5a:c0:57:ee:fd:99:09:0d:bf:a1:bc:c1:
                    43:55:5f:9e:c4:79:06:4d:92:c2:89:52:ee:e3:37:
                    0b:6d:a6:b6:31:8b:15:f2:af:52:9a:76:db:60:eb:
                    91:b4:c0:5d:03:18:c3:da:af:7e:f0:fe:98:43:dd:
                    4c:cf:32:58:03:d3:1d:6e:fd:1c:b5:b4:79:49:3f:
                    4d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:62:20:2D:91:6F:50:DA:24:3E:5D:EC:60:30:9A:33:19:69:F8:38
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215265.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1284::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:84:af:89:60:17:a0:56:9f:19:ae:2c:b4:a8:63:94:7b:f5:
         1b:f3:4e:ef:e3:86:cf:78:9c:43:6f:82:cc:1c:6f:36:8e:bc:
         fa:1d:2b:c9:8f:59:0c:fa:cb:32:1b:21:a2:7f:fe:96:21:6d:
         63:9d:5c:55:5c:75:9d:e7:b7:b7:d9:b0:d8:2e:72:d0:27:f4:
         8a:8f:0b:b6:39:1c:3d:43:ab:a8:f2:00:28:1c:d1:c3:f4:f8:
         7f:a7:ef:f3:1c:d1:a2:e8:e4:aa:71:53:a6:8b:93:0c:0f:fb:
         35:d6:c5:f8:9f:df:b1:a3:e5:74:b5:25:a5:c7:44:f8:6c:76:
         39:b0:9d:d9:cd:cf:f7:bf:39:4d:c7:11:9c:a1:2f:50:95:f9:
         11:ae:c8:5b:b9:17:d9:ee:16:e9:24:f9:3e:52:27:e1:02:2f:
         2f:6c:2e:ca:9f:55:e5:42:35:a7:5d:56:ae:c0:23:f1:17:5c:
         a1:ee:0f:24:65:27:32:c4:42:77:2e:a1:4c:76:a1:09:1d:5a:
         17:1b:0e:73:a7:84:fb:84:a0:23:42:c7:85:14:45:7c:82:7d:
         e5:53:60:fc:c0:d5:cc:60:cd:59:78:8f:dc:d4:aa:26:29:d0:
         c5:81:58:f0:5c:a7:76:39:fe:f3:3e:59:43:8f:8c:51:c3:7c:
         9c:a7:dc:bd
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIUU/ehzxEnfpQioBx5FFGWX6fyuJwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTExMDQxMDIwNDhaFw0yNjExMDMxMDI1NDhaMDMxMTAvBgNV
BAMTKDY3NjIyMDJEOTE2RjUwREEyNDNFNURFQzYwMzA5QTMzMTk2OUY4MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCafkh/h0lkqvOSiPlcBCdJ/Jrm
YE2XbDxoZGxsEPZhPzZI+gJZSvvBpGhiuuX/Abn2CZqxGLeW/+RI3gEhrNHgyciL
2U4i82coaIPJNR2O1ec3iPS9Am7ZJ5ZNpDq6at1b/Lw65ERxaKDVMAkXJ1WY/VFU
KMB5mgetxDUtekuvL404EmFze3vbKQDj8cZdpeDwdsfBWXO9yUc44JrQZnXgCS0k
FjTAK5IjBHTsUk3RMS6iPa4wY1rAV+79mQkNv6G8wUNVX57EeQZNksKJUu7jNwtt
prYxixXyr1Kadttg65G0wF0DGMPar37w/phD3UzPMlgD0x1u/Ry1tHlJP03pAgMB
AAGjggHdMIIB2TAdBgNVHQ4EFgQUZ2IgLZFvUNokPl3sYDCaMxlp+DgwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTUyNjUucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAq
BhKEMA0GCSqGSIb3DQEBCwUAA4IBAQBGhK+JYBegVp8Zriy0qGOUe/Ub807v44bP
eJxDb4LMHG82jrz6HSvJj1kM+ssyGyGif/6WIW1jnVxVXHWd57e32bDYLnLQJ/SK
jwu2ORw9Q6uo8gAoHNHD9Ph/p+/zHNGi6OSqcVOmi5MMD/s11sX4n9+xo+V0tSWl
x0T4bHY5sJ3Zzc/3vzlNxxGcoS9QlfkRrshbuRfZ7hbpJPk+UifhAi8vbC7Kn1Xl
QjWnXVauwCPxF1yh7g8kZScyxEJ3LqFMdqEJHVoXGw5zp4T7hKAjQseFFEV8gn3l
U2D8wNXMYM1ZeI/c1KomKdDFgVjwXKd2Of7zPllDj4xRw3ycp9y9
-----END CERTIFICATE-----