Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215478.roa
File:                     AS215478.roa (raw, json)
Hash identifier:          G/9nw3m6sY9V/tWnR/KRkOve5XJqhdKLzdOucJ/y3i0=
Subject key identifier:   F2:72:86:B1:BE:A5:DB:CB:58:A2:72:28:FA:05:D1:84:7C:92:4A:07
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       58CD5C5B8578E52A7B180B575344B449B25FA487
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215478.roa
Signing time:             Thu 04 Jun 2026 16:51:47 +0000
ROA not before:           Thu 04 Jun 2026 16:46:47 +0000
ROA not after:            Thu 03 Jun 2027 16:51:47 +0000
asID:                     215478
IP address blocks:        2a05:dfc3:fb00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 22:25:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:cd:5c:5b:85:78:e5:2a:7b:18:0b:57:53:44:b4:49:b2:5f:a4:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jun  4 16:46:47 2026 GMT
            Not After : Jun  3 16:51:47 2027 GMT
        Subject: CN=F27286B1BEA5DBCB58A27228FA05D1847C924A07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:24:48:39:b5:07:f1:f7:ac:a5:f0:47:16:ef:
                    40:db:cf:86:c0:d0:88:bd:f6:ff:4a:5e:cd:fb:51:
                    60:a7:76:d3:ca:e5:9f:87:50:df:b2:f5:a5:11:09:
                    c3:61:65:06:44:da:fe:01:08:2d:f2:6b:08:5c:e0:
                    60:e1:6e:74:f0:e4:ef:9c:84:89:f4:5d:95:17:7c:
                    f3:e2:25:75:df:77:c6:5e:aa:ad:fb:5f:8a:ae:ec:
                    06:70:a8:a1:cd:bc:ce:9e:72:f0:fc:27:f4:4b:01:
                    8c:f7:82:9d:c7:b8:e9:56:4b:02:81:e8:46:a5:9d:
                    36:76:7e:58:65:ca:10:7a:8f:c8:4f:8b:55:46:ca:
                    4b:1a:cb:98:a0:5e:c9:ff:74:64:c0:83:ff:d3:03:
                    96:25:f1:d7:a9:b5:aa:35:8f:d0:d3:95:e6:43:c0:
                    34:40:bd:bb:57:8f:bb:29:52:0e:2f:f8:32:8d:49:
                    de:f8:b8:d6:07:f6:8a:d0:12:09:13:76:80:6b:6e:
                    f0:60:b9:b0:af:70:69:d4:7f:70:34:5e:82:b8:32:
                    95:91:fd:14:c7:15:af:96:70:a9:f9:22:bc:86:64:
                    10:97:34:d3:8d:c1:c3:22:0c:15:6d:c2:90:d1:8e:
                    31:e0:27:ef:32:b6:0c:e8:4d:26:ef:9b:c5:47:97:
                    bd:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:72:86:B1:BE:A5:DB:CB:58:A2:72:28:FA:05:D1:84:7C:92:4A:07
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215478.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3:fb00::/40

    Signature Algorithm: sha256WithRSAEncryption
         3a:f2:ac:8a:4e:8a:37:c8:a0:f0:88:c5:84:75:f1:84:79:5a:
         6c:27:3c:92:f5:62:01:3b:22:c9:9a:df:ce:1a:72:c1:1f:c3:
         0a:63:88:9a:fd:6b:b8:1b:86:f4:9d:39:aa:1e:ad:b2:83:58:
         95:5f:0a:77:fd:cb:09:d4:6a:61:e6:a3:b7:9f:35:00:6b:2f:
         11:12:f6:f5:49:46:1a:c6:81:60:42:14:1a:5b:75:0e:31:db:
         09:7e:5d:5e:17:ae:6d:2d:17:fe:69:37:10:90:8c:f4:70:f2:
         d4:84:70:33:5a:51:ec:dd:31:ea:6d:8c:03:6d:95:4d:9f:c7:
         a4:fc:bc:1f:03:a9:fd:d2:db:08:cd:6a:c3:b6:e9:52:d1:e7:
         0f:df:50:3b:d9:dc:8d:43:4e:37:c9:36:7d:74:43:4c:5b:4e:
         9d:dd:79:1a:8b:54:a7:05:4b:3f:05:e0:8e:e2:d9:a6:81:38:
         0d:a5:63:99:ea:13:3b:e2:d4:ea:3d:5f:3c:58:37:0c:e2:53:
         08:23:94:b8:ed:49:03:b0:af:ae:70:d1:3a:29:dc:1c:fe:1f:
         58:68:7d:8b:f5:12:a0:a5:0f:ef:43:57:af:b4:46:7b:5c:e1:
         66:3a:12:6d:81:bd:ff:d3:fb:c5:81:2e:3d:70:6c:0e:ec:08:
         3f:68:a3:48
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUWM1cW4V45Sp7GAtXU0S0SbJfpIcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA2MDQxNjQ2NDdaFw0yNzA2MDMxNjUxNDdaMDMxMTAvBgNV
BAMTKEYyNzI4NkIxQkVBNURCQ0I1OEEyNzIyOEZBMDVEMTg0N0M5MjRBMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuJEg5tQfx96yl8EcW70Dbz4bA
0Ii99v9KXs37UWCndtPK5Z+HUN+y9aURCcNhZQZE2v4BCC3yawhc4GDhbnTw5O+c
hIn0XZUXfPPiJXXfd8Zeqq37X4qu7AZwqKHNvM6ecvD8J/RLAYz3gp3HuOlWSwKB
6EalnTZ2flhlyhB6j8hPi1VGyksay5igXsn/dGTAg//TA5Yl8deptao1j9DTleZD
wDRAvbtXj7spUg4v+DKNSd74uNYH9orQEgkTdoBrbvBgubCvcGnUf3A0XoK4MpWR
/RTHFa+WcKn5IryGZBCXNNONwcMiDBVtwpDRjjHgJ+8ytgzoTSbvm8VHl73lAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQU8nKGsb6l28tYonIo+gXRhHySSgcwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTU0Nzgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
Bd/D+zANBgkqhkiG9w0BAQsFAAOCAQEAOvKsik6KN8ig8IjFhHXxhHlabCc8kvVi
ATsiyZrfzhpywR/DCmOImv1ruBuG9J05qh6tsoNYlV8Kd/3LCdRqYeajt581AGsv
ERL29UlGGsaBYEIUGlt1DjHbCX5dXheubS0X/mk3EJCM9HDy1IRwM1pR7N0x6m2M
A22VTZ/HpPy8HwOp/dLbCM1qw7bpUtHnD99QO9ncjUNON8k2fXRDTFtOnd15GotU
pwVLPwXgjuLZpoE4DaVjmeoTO+LU6j1fPFg3DOJTCCOUuO1JA7CvrnDROincHP4f
WGh9i/USoKUP70NXr7RGe1zhZjoSbYG9/9P7xYEuPXBsDuwIP2ijSA==
-----END CERTIFICATE-----