Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215478.roa
File:                     AS215478.roa (raw, json)
Hash identifier:          g09d6isBpQtYc4taN9PcPfA5sbIKDhpXpKJuvrQ/CkQ=
Subject key identifier:   8C:09:5F:4D:B3:96:7B:14:63:15:3E:21:57:DB:B2:D7:78:7D:C5:40
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       606C64D84FCB87E26BA52570A6B2DF0262677EB5
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215478.roa
Signing time:             Thu 03 Jul 2025 15:52:58 +0000
ROA not before:           Thu 03 Jul 2025 15:47:58 +0000
ROA not after:            Thu 02 Jul 2026 15:52:58 +0000
asID:                     215478
IP address blocks:        2a05:dfc3:fb00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 23:53:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:6c:64:d8:4f:cb:87:e2:6b:a5:25:70:a6:b2:df:02:62:67:7e:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:47:58 2025 GMT
            Not After : Jul  2 15:52:58 2026 GMT
        Subject: CN=8C095F4DB3967B1463153E2157DBB2D7787DC540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:10:a2:5d:cc:4c:4f:35:12:64:3e:c2:f6:7c:
                    f3:ea:2c:1f:9e:27:b5:43:fa:4b:59:5b:4d:15:3e:
                    8a:e6:e6:c7:1b:2b:fa:4a:e4:24:17:a1:b0:76:20:
                    f4:3d:28:5a:40:f5:a1:a0:0a:3d:93:6a:0c:7b:96:
                    2c:6f:3e:47:0e:19:49:06:c4:70:1e:02:5e:f7:25:
                    30:1e:4e:08:8b:8e:35:43:50:2e:64:fa:10:2c:cc:
                    b5:e2:1a:03:b1:b9:5a:50:95:9d:43:f2:f3:67:68:
                    21:bc:b1:d1:50:04:c6:75:88:3a:ba:68:d9:f6:b2:
                    81:4a:f3:6c:ea:3b:21:62:1f:a5:fa:a1:12:ad:86:
                    39:66:5d:2c:8e:20:23:be:92:48:9d:03:4e:e2:69:
                    94:fe:27:f9:14:f0:df:d0:40:8e:a1:70:48:25:db:
                    26:11:87:72:95:77:6a:9f:c3:1c:ca:d7:3f:b9:46:
                    a9:e9:af:79:9b:85:96:73:ad:cd:1b:39:17:e0:76:
                    50:c7:af:95:61:13:77:da:dc:e2:b2:58:34:95:0b:
                    f9:69:07:e1:b4:3f:9b:3d:4b:da:6d:75:66:1b:ad:
                    00:93:5a:b6:83:e4:48:67:44:0a:06:04:83:47:7d:
                    db:1a:8b:3b:a1:82:ee:2d:23:f4:84:f8:21:58:e5:
                    c5:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:09:5F:4D:B3:96:7B:14:63:15:3E:21:57:DB:B2:D7:78:7D:C5:40
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215478.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc3:fb00::/40

    Signature Algorithm: sha256WithRSAEncryption
         77:40:76:f2:c9:84:6b:3c:66:c8:3d:87:1e:b2:a4:d6:19:ca:
         ea:0f:94:97:75:3e:1c:bd:ab:c0:66:87:10:4d:2b:9f:11:42:
         48:5c:6a:d0:96:4a:d0:17:1b:fb:82:75:17:e7:b5:4f:f5:8c:
         46:49:ec:de:1e:a1:d6:8f:0b:a7:7c:01:ea:e8:c6:ee:60:37:
         b9:0f:20:1c:cb:4b:8a:02:a4:34:25:73:d4:fb:40:b1:10:68:
         16:5b:54:33:88:af:d9:88:39:85:4e:21:e7:9f:3e:59:c9:0d:
         d6:1e:33:01:62:4d:ad:80:02:b3:fb:d5:73:cc:03:20:92:49:
         0b:aa:72:5e:62:88:09:c9:ab:fa:50:b1:3f:e4:45:37:fd:63:
         bc:8f:34:40:90:27:99:0f:74:f8:a4:9d:e2:35:99:20:76:d9:
         a1:ae:4f:38:45:89:64:c0:43:6e:ec:1d:64:a7:a2:58:1d:ae:
         5a:bc:e9:50:8f:05:27:87:9b:9b:78:a9:2a:03:fb:24:81:80:
         e5:d2:7e:48:35:a7:3e:0e:7c:76:74:f8:d3:2a:7d:12:7d:69:
         05:e8:c3:18:6d:dd:43:f3:3c:d1:2e:3a:d8:c4:45:0a:f2:39:
         85:f9:85:41:53:e1:b1:09:cd:ef:19:2b:26:3a:4c:85:65:96:
         9a:9e:69:d0
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUYGxk2E/Lh+JrpSVwprLfAmJnfrUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ3NThaFw0yNjA3MDIxNTUyNThaMDMxMTAvBgNV
BAMTKDhDMDk1RjREQjM5NjdCMTQ2MzE1M0UyMTU3REJCMkQ3Nzg3REM1NDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxEKJdzExPNRJkPsL2fPPqLB+e
J7VD+ktZW00VPorm5scbK/pK5CQXobB2IPQ9KFpA9aGgCj2Tagx7lixvPkcOGUkG
xHAeAl73JTAeTgiLjjVDUC5k+hAszLXiGgOxuVpQlZ1D8vNnaCG8sdFQBMZ1iDq6
aNn2soFK82zqOyFiH6X6oRKthjlmXSyOICO+kkidA07iaZT+J/kU8N/QQI6hcEgl
2yYRh3KVd2qfwxzK1z+5Rqnpr3mbhZZzrc0bORfgdlDHr5VhE3fa3OKyWDSVC/lp
B+G0P5s9S9ptdWYbrQCTWraD5EhnRAoGBINHfdsaizuhgu4tI/SE+CFY5cVVAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUjAlfTbOWexRjFT4hV9uy13h9xUAwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTU0Nzgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
Bd/D+zANBgkqhkiG9w0BAQsFAAOCAQEAd0B28smEazxmyD2HHrKk1hnK6g+Ul3U+
HL2rwGaHEE0rnxFCSFxq0JZK0Bcb+4J1F+e1T/WMRkns3h6h1o8Lp3wB6ujG7mA3
uQ8gHMtLigKkNCVz1PtAsRBoFltUM4iv2Yg5hU4h558+WckN1h4zAWJNrYACs/vV
c8wDIJJJC6pyXmKICcmr+lCxP+RFN/1jvI80QJAnmQ90+KSd4jWZIHbZoa5POEWJ
ZMBDbuwdZKeiWB2uWrzpUI8FJ4ebm3ipKgP7JIGA5dJ+SDWnPg58dnT40yp9En1p
BejDGG3dQ/M80S462MRFCvI5hfmFQVPhsQnN7xkrJjpMhWWWmp5p0A==
-----END CERTIFICATE-----