Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS212895.roa
File:                     AS212895.roa (raw, json)
Hash identifier:          SszuEUvF7ukrGJ/LipiUlGCB+PMZmf/Qzg/jIYDsAWI=
Subject key identifier:   5C:80:F8:25:7D:70:AF:22:EE:9B:64:4A:88:96:01:7F:06:03:69:88
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       6624812CADF9F3D566DAEE76F51A192986653552
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS212895.roa
Signing time:             Fri 01 May 2026 09:35:24 +0000
ROA not before:           Fri 01 May 2026 09:30:24 +0000
ROA not after:            Fri 30 Apr 2027 09:35:24 +0000
asID:                     212895
IP address blocks:        2a0f:6284:d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:24:81:2c:ad:f9:f3:d5:66:da:ee:76:f5:1a:19:29:86:65:35:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: May  1 09:30:24 2026 GMT
            Not After : Apr 30 09:35:24 2027 GMT
        Subject: CN=5C80F8257D70AF22EE9B644A8896017F06036988
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b9:d1:af:89:7d:ce:f5:97:36:07:2b:f7:f0:
                    94:21:d9:77:4d:f9:11:34:c8:9f:f2:a6:50:d1:d5:
                    23:8a:db:55:82:a3:a2:88:e2:d9:41:4b:05:d2:ee:
                    bb:69:19:7e:1b:e9:f9:2b:1a:83:84:67:91:57:0c:
                    0e:1a:46:a4:21:9e:ae:ba:c6:b0:07:c3:18:e9:80:
                    d6:78:e4:72:31:a6:8f:8c:6d:79:75:16:4a:34:2c:
                    66:e1:08:18:b3:ce:0c:c5:ed:86:db:5a:12:a6:c1:
                    44:93:76:3e:a7:d6:60:ee:28:ff:e2:c8:47:9e:fb:
                    e1:cb:5f:f4:e4:a2:53:a9:bd:00:a1:46:c2:5b:b7:
                    61:7b:2b:23:9f:e4:bb:9c:87:7f:cc:53:dc:48:e3:
                    88:42:9f:58:63:75:c9:e8:33:13:d7:ed:d5:a0:d2:
                    37:52:7b:ac:e3:92:53:38:fd:df:a3:d1:64:80:1e:
                    93:8c:0f:6a:65:8f:1e:c2:77:20:2a:94:a4:d1:e2:
                    92:93:56:b6:6d:db:24:87:eb:fa:83:47:3c:4f:5d:
                    75:1c:c1:f4:8c:89:58:db:84:eb:2f:c0:88:4a:ff:
                    71:c9:3a:17:40:41:29:51:71:2f:77:68:dd:04:1b:
                    83:80:d7:1c:c8:96:a5:f6:1e:00:d0:b3:64:39:8b:
                    0a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:80:F8:25:7D:70:AF:22:EE:9B:64:4A:88:96:01:7F:06:03:69:88
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS212895.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:d::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:db:36:40:f4:53:65:c8:bf:cf:19:16:0c:e5:5f:ef:e8:00:
         06:df:06:4e:4c:a2:bc:2a:cc:e4:87:57:2a:23:9a:41:f8:54:
         af:20:ad:ec:f8:69:63:78:b6:b6:61:17:e9:74:59:b5:78:6e:
         86:40:fe:77:f9:42:d0:15:f2:67:4b:7b:c0:f8:26:fe:e6:7e:
         05:90:45:76:6d:aa:9f:f8:bf:b2:c1:b8:9a:f6:e4:5f:a4:74:
         c9:4f:5b:ef:75:51:b2:6b:78:8d:f8:27:4e:ea:2e:3c:5a:20:
         f5:5b:c3:f9:b4:d0:82:b4:11:76:29:4b:0b:56:d5:51:76:f2:
         42:5b:c1:81:af:1c:25:ee:66:2b:04:e1:fe:61:e7:38:19:7c:
         86:d7:20:fa:dc:ea:52:98:46:79:46:22:59:1f:27:75:1b:90:
         bd:aa:cc:60:8d:1c:df:30:96:6e:91:42:f1:de:3e:f2:55:6e:
         f0:eb:39:d1:3e:ae:b9:af:f5:6a:78:9c:62:01:30:40:89:32:
         93:96:99:bb:3c:6c:98:08:7a:8d:0a:4b:28:14:e2:51:0c:fd:
         f9:dd:69:2b:6f:0d:58:3d:de:c8:33:02:45:87:da:ec:76:a1:
         3a:2f:37:f0:f0:7c:72:00:4e:8d:5c:0a:24:9a:49:9a:8c:cd:
         43:00:17:bf
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUZiSBLK3589Vm2u529RoZKYZlNVIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjA1MDEwOTMwMjRaFw0yNzA0MzAwOTM1MjRaMDMxMTAvBgNV
BAMTKDVDODBGODI1N0Q3MEFGMjJFRTlCNjQ0QTg4OTYwMTdGMDYwMzY5ODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAudGviX3O9Zc2Byv38JQh2XdN
+RE0yJ/yplDR1SOK21WCo6KI4tlBSwXS7rtpGX4b6fkrGoOEZ5FXDA4aRqQhnq66
xrAHwxjpgNZ45HIxpo+MbXl1Fko0LGbhCBizzgzF7YbbWhKmwUSTdj6n1mDuKP/i
yEee++HLX/TkolOpvQChRsJbt2F7KyOf5Luch3/MU9xI44hCn1hjdcnoMxPX7dWg
0jdSe6zjklM4/d+j0WSAHpOMD2pljx7CdyAqlKTR4pKTVrZt2ySH6/qDRzxPXXUc
wfSMiVjbhOsvwIhK/3HJOhdAQSlRcS93aN0EG4OA1xzIlqX2HgDQs2Q5iwpPAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUXID4JX1wryLum2RKiJYBfwYDaYgwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTI4OTUucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
D2KEAA0wDQYJKoZIhvcNAQELBQADggEBAFLbNkD0U2XIv88ZFgzlX+/oAAbfBk5M
orwqzOSHVyojmkH4VK8grez4aWN4trZhF+l0WbV4boZA/nf5QtAV8mdLe8D4Jv7m
fgWQRXZtqp/4v7LBuJr25F+kdMlPW+91UbJreI34J07qLjxaIPVbw/m00IK0EXYp
SwtW1VF28kJbwYGvHCXuZisE4f5h5zgZfIbXIPrc6lKYRnlGIlkfJ3UbkL2qzGCN
HN8wlm6RQvHePvJVbvDrOdE+rrmv9Wp4nGIBMECJMpOWmbs8bJgIeo0KSygU4lEM
/fndaStvDVg93sgzAkWH2ux2oTovN/DwfHIATo1cCiSaSZqMzUMAF78=
-----END CERTIFICATE-----