Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS211780.roa
File:                     AS211780.roa (raw, json)
Hash identifier:          TAD97UTfv/id9NCDtK+xVIBwFIX2SOt7oKDFSJLRpG0=
Subject key identifier:   C6:8F:CB:E4:11:41:E5:BA:C5:93:64:8A:27:3B:B7:92:A0:19:1A:C3
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       6B83F3A31A3792C6548C13338B392F232173B4B1
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS211780.roa
Signing time:             Sat 14 Mar 2026 08:00:48 +0000
ROA not before:           Sat 14 Mar 2026 07:55:48 +0000
ROA not after:            Sat 13 Mar 2027 08:00:48 +0000
asID:                     211780
IP address blocks:        2a0f:6280:1000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:11:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:83:f3:a3:1a:37:92:c6:54:8c:13:33:8b:39:2f:23:21:73:b4:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Mar 14 07:55:48 2026 GMT
            Not After : Mar 13 08:00:48 2027 GMT
        Subject: CN=C68FCBE41141E5BAC593648A273BB792A0191AC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:12:e6:52:91:c2:99:40:4d:ef:d4:be:3d:e5:
                    33:a6:cf:a7:39:32:72:f8:46:d7:f3:7d:5c:f8:8b:
                    51:39:43:46:66:99:2d:c4:de:ae:59:db:3d:b9:f9:
                    5c:5d:44:fd:fe:cc:18:fd:0a:bd:f2:3a:3c:ae:c8:
                    43:26:3c:34:cc:7a:d9:c3:76:b1:23:49:c2:02:28:
                    12:6e:1a:07:ba:50:cb:6a:f2:22:9b:45:35:65:ce:
                    ef:d4:c8:5e:7c:7c:5a:70:49:7a:4d:97:3c:07:55:
                    7d:6f:b2:34:ae:7c:72:7c:6b:a5:0c:c9:8c:3b:61:
                    9d:49:27:19:93:ec:95:85:3b:1d:06:e9:b1:70:51:
                    b0:ae:0a:4c:06:f0:7a:ad:99:5b:83:f2:3a:75:6a:
                    08:3f:a5:6b:8f:e8:33:ad:fc:cf:b3:b7:e4:a4:27:
                    e4:fe:bb:25:c8:dd:5e:84:9f:b0:13:fb:7a:b1:ea:
                    bd:af:30:89:9a:1a:88:08:e8:b8:59:93:d3:e3:47:
                    2e:c5:6b:60:7b:49:60:94:5a:fc:92:60:00:4b:65:
                    ef:a9:30:f2:ab:0f:85:f1:ff:35:75:ff:2a:a5:fd:
                    3e:0b:a0:f0:ca:3f:c9:7b:44:c4:30:b6:a9:db:3b:
                    aa:b2:88:48:28:68:92:df:9c:a9:48:cc:e4:60:27:
                    2a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:8F:CB:E4:11:41:E5:BA:C5:93:64:8A:27:3B:B7:92:A0:19:1A:C3
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS211780.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6280:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         59:6b:43:f2:74:23:1a:8d:6d:fe:f7:4e:c2:ff:70:34:5c:4a:
         85:55:5f:b5:ee:f5:f5:da:a9:be:5e:f9:4d:16:27:9e:fa:6d:
         7a:45:ab:15:54:ed:16:17:c9:d0:82:d5:fa:a9:1b:94:cf:88:
         fc:7f:b0:07:8d:64:37:32:2e:b1:a5:e2:d4:57:79:b8:77:e6:
         d1:38:5c:ee:c3:69:98:57:03:6d:77:51:d2:0d:b9:05:3f:f2:
         ab:de:01:6f:a7:0c:44:e7:8d:5f:c7:fc:41:bc:93:b1:51:8d:
         11:b3:19:fc:df:0c:b0:8f:ba:a6:e8:48:30:ba:37:2f:26:3c:
         28:d7:0f:18:b0:2b:21:2f:f4:1c:ac:6e:62:e1:8f:a6:3f:3a:
         d1:19:42:aa:85:3a:8a:b0:7e:d2:e3:c2:e9:55:66:a2:fd:7f:
         d3:72:92:71:e5:c7:e7:f1:5a:73:aa:6b:eb:5c:cf:cb:17:ce:
         a3:25:a7:5d:fe:39:d1:04:f6:47:1d:a9:68:00:09:7e:e1:e1:
         52:44:34:4e:61:2f:f7:18:0d:62:7b:74:70:90:bc:e5:96:ef:
         1d:f7:f3:06:3d:2d:af:4b:88:67:e2:13:c7:a3:a6:db:da:25:
         83:32:8e:6c:39:6e:c3:49:de:7b:92:88:30:24:ce:5f:7c:80:
         15:e9:d8:ff
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUa4Pzoxo3ksZUjBMzizkvIyFztLEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjAzMTQwNzU1NDhaFw0yNzAzMTMwODAwNDhaMDMxMTAvBgNV
BAMTKEM2OEZDQkU0MTE0MUU1QkFDNTkzNjQ4QTI3M0JCNzkyQTAxOTFBQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaEuZSkcKZQE3v1L495TOmz6c5
MnL4RtfzfVz4i1E5Q0ZmmS3E3q5Z2z25+VxdRP3+zBj9Cr3yOjyuyEMmPDTMetnD
drEjScICKBJuGge6UMtq8iKbRTVlzu/UyF58fFpwSXpNlzwHVX1vsjSufHJ8a6UM
yYw7YZ1JJxmT7JWFOx0G6bFwUbCuCkwG8HqtmVuD8jp1agg/pWuP6DOt/M+zt+Sk
J+T+uyXI3V6En7AT+3qx6r2vMImaGogI6LhZk9PjRy7Fa2B7SWCUWvySYABLZe+p
MPKrD4Xx/zV1/yql/T4LoPDKP8l7RMQwtqnbO6qyiEgoaJLfnKlIzORgJypfAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUxo/L5BFB5brFk2SKJzu3kqAZGsMwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTE3ODAucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
D2KAEDANBgkqhkiG9w0BAQsFAAOCAQEAWWtD8nQjGo1t/vdOwv9wNFxKhVVfte71
9dqpvl75TRYnnvptekWrFVTtFhfJ0ILV+qkblM+I/H+wB41kNzIusaXi1Fd5uHfm
0Thc7sNpmFcDbXdR0g25BT/yq94Bb6cMROeNX8f8QbyTsVGNEbMZ/N8MsI+6puhI
MLo3LyY8KNcPGLArIS/0HKxuYuGPpj860RlCqoU6irB+0uPC6VVmov1/03KSceXH
5/Fac6pr61zPyxfOoyWnXf450QT2Rx2paAAJfuHhUkQ0TmEv9xgNYnt0cJC85Zbv
HffzBj0tr0uIZ+ITx6Om29olgzKObDluw0nee5KIMCTOX3yAFenY/w==
-----END CERTIFICATE-----