Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS210457.roa
File:                     AS210457.roa (raw, json)
Hash identifier:          cf9Kg6a5GDnsFD/n8XQ4Z+3witOeaOwryljr7mi1Y+U=
Subject key identifier:   B5:C1:9A:C7:A0:9C:6E:91:FF:34:16:E2:2A:EA:C2:5A:21:AE:3C:4D
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       3A78D21D20711A06CB1D1B42B8C4A2134E26A36A
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS210457.roa
Signing time:             Tue 14 Oct 2025 18:33:03 +0000
ROA not before:           Tue 14 Oct 2025 18:28:03 +0000
ROA not after:            Tue 13 Oct 2026 18:33:03 +0000
asID:                     210457
IP address blocks:        2a0f:6287:a000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:78:d2:1d:20:71:1a:06:cb:1d:1b:42:b8:c4:a2:13:4e:26:a3:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Oct 14 18:28:03 2025 GMT
            Not After : Oct 13 18:33:03 2026 GMT
        Subject: CN=B5C19AC7A09C6E91FF3416E22AEAC25A21AE3C4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:80:ea:4d:3c:f1:fd:1f:cb:81:1f:9f:15:f3:
                    c6:bc:32:26:30:23:ac:87:06:0f:90:73:f0:36:71:
                    df:69:c8:17:df:8c:a6:b7:20:b9:0e:3c:dc:ad:86:
                    35:01:16:84:bc:d0:14:02:2a:76:5e:d0:10:71:6b:
                    62:b2:e3:75:46:4f:56:27:da:8d:f2:91:ea:03:e5:
                    22:da:4f:90:9b:4f:9c:3e:d3:03:60:27:80:5a:ce:
                    d3:f8:a0:ed:5a:c1:10:66:e0:bd:9a:54:09:e3:d6:
                    06:56:a9:a2:ea:14:37:a8:cc:6b:32:fb:b5:5d:fb:
                    95:43:cf:af:1f:c9:7d:2a:f4:a8:d4:a5:d9:f6:33:
                    d7:22:e7:73:2a:e8:63:b2:93:72:a7:b2:b3:d0:b5:
                    01:15:9d:f1:65:68:a1:34:9a:b2:19:9c:71:9e:2b:
                    77:6f:6e:26:70:cd:65:01:d7:82:8f:cd:bb:0c:9c:
                    ae:f8:11:90:1e:d2:26:14:71:1b:21:51:3c:78:47:
                    01:b8:96:23:7c:8d:02:1e:53:8c:bd:4d:e9:23:c4:
                    f6:3a:18:e5:18:d8:90:81:2a:28:cb:e0:0a:eb:98:
                    15:0d:15:d8:91:4c:94:7e:ed:4e:21:2f:84:d2:1a:
                    6e:9b:a0:47:d9:69:cd:b9:09:c8:c8:43:c8:3c:06:
                    7e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:C1:9A:C7:A0:9C:6E:91:FF:34:16:E2:2A:EA:C2:5A:21:AE:3C:4D
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS210457.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6287:a000::/36

    Signature Algorithm: sha256WithRSAEncryption
         6b:e0:21:71:4a:8d:e0:51:ea:fc:58:f5:e5:53:ca:04:ec:74:
         ca:ba:a7:1b:80:a0:4d:cf:d5:dd:4c:0e:cb:9c:74:cf:6b:d5:
         f6:e2:8b:76:31:de:84:09:f6:16:6e:30:5c:cf:97:4e:9e:1e:
         ad:ea:58:96:6a:3d:96:a7:82:9d:35:ca:df:02:cb:cf:69:52:
         a0:aa:ab:5b:ae:45:d0:53:09:b4:6a:84:4f:bd:53:e5:9f:2d:
         f3:a9:40:f0:56:9b:b4:1e:57:60:88:67:e2:b7:9b:d1:b7:4b:
         94:cc:38:95:6a:d2:de:20:53:a1:20:a3:cb:df:32:b6:a1:f9:
         d2:2b:44:7f:84:81:7c:7a:9d:10:c6:b9:30:23:8a:c1:7c:35:
         bc:d2:04:54:e6:44:bc:ea:4c:57:92:5a:2d:1d:26:37:dd:cb:
         e1:2a:74:4a:aa:2f:59:58:30:c2:ea:6b:a6:b0:f9:c4:8e:b6:
         eb:00:55:95:55:1b:3f:8c:f7:37:55:f7:1b:09:d0:37:e1:38:
         38:23:6e:32:4a:e1:73:34:ce:59:e4:b2:76:91:83:11:59:07:
         f6:83:a8:67:7f:6f:be:cf:a8:d6:86:30:29:80:0a:2a:93:13:
         f8:db:f8:35:7e:c0:c3:e9:46:50:ec:ec:7e:01:f3:7e:19:f1:
         3c:0b:a5:40
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUOnjSHSBxGgbLHRtCuMSiE04mo2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTEwMTQxODI4MDNaFw0yNjEwMTMxODMzMDNaMDMxMTAvBgNV
BAMTKEI1QzE5QUM3QTA5QzZFOTFGRjM0MTZFMjJBRUFDMjVBMjFBRTNDNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9gOpNPPH9H8uBH58V88a8MiYw
I6yHBg+Qc/A2cd9pyBffjKa3ILkOPNythjUBFoS80BQCKnZe0BBxa2Ky43VGT1Yn
2o3ykeoD5SLaT5CbT5w+0wNgJ4BaztP4oO1awRBm4L2aVAnj1gZWqaLqFDeozGsy
+7Vd+5VDz68fyX0q9KjUpdn2M9ci53Mq6GOyk3KnsrPQtQEVnfFlaKE0mrIZnHGe
K3dvbiZwzWUB14KPzbsMnK74EZAe0iYUcRshUTx4RwG4liN8jQIeU4y9TekjxPY6
GOUY2JCBKijL4ArrmBUNFdiRTJR+7U4hL4TSGm6boEfZac25CcjIQ8g8Bn6rAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUtcGax6CcbpH/NBbiKurCWiGuPE0wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTA0NTcucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
D2KHoDANBgkqhkiG9w0BAQsFAAOCAQEAa+AhcUqN4FHq/Fj15VPKBOx0yrqnG4Cg
Tc/V3UwOy5x0z2vV9uKLdjHehAn2Fm4wXM+XTp4erepYlmo9lqeCnTXK3wLLz2lS
oKqrW65F0FMJtGqET71T5Z8t86lA8FabtB5XYIhn4reb0bdLlMw4lWrS3iBToSCj
y98ytqH50itEf4SBfHqdEMa5MCOKwXw1vNIEVOZEvOpMV5JaLR0mN93L4Sp0Sqov
WVgwwuprprD5xI626wBVlVUbP4z3N1X3GwnQN+E4OCNuMkrhczTOWeSydpGDEVkH
9oOoZ39vvs+o1oYwKYAKKpMT+Nv4NX7Aw+lGUOzsfgHzfhnxPAulQA==
-----END CERTIFICATE-----