Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS215685.roa
File:                     AS215685.roa (raw, json)
Hash identifier:          b+rYCD9xJT9bKf6yI3abUGTDU4XtngqYwlNp80SryvU=
Subject key identifier:   93:CD:1A:6E:C4:4B:E1:6C:18:B3:F4:B5:4D:83:7C:8C:88:FB:34:CC
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       0EFFA25C09AA9EE4E296BF8920277F09928423CF
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS215685.roa
Signing time:             Sat 11 Oct 2025 21:01:42 +0000
ROA not before:           Sat 11 Oct 2025 20:56:42 +0000
ROA not after:            Sat 10 Oct 2026 21:01:42 +0000
asID:                     215685
IP address blocks:        2a0f:6283:f000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:ff:a2:5c:09:aa:9e:e4:e2:96:bf:89:20:27:7f:09:92:84:23:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Oct 11 20:56:42 2025 GMT
            Not After : Oct 10 21:01:42 2026 GMT
        Subject: CN=93CD1A6EC44BE16C18B3F4B54D837C8C88FB34CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:be:0b:6d:c9:59:b9:e6:98:98:af:ba:a1:91:
                    22:17:4e:a3:16:1e:99:10:ac:5b:38:f3:5b:4e:04:
                    02:c8:a0:78:2f:ad:43:a2:6d:63:70:b2:70:8a:95:
                    5c:6d:9c:d0:4d:6c:35:cb:bc:15:e4:f9:e2:b1:cc:
                    95:cb:28:e8:dc:f5:97:2c:91:78:c0:cf:1c:10:13:
                    f0:d5:e4:ef:8d:f7:90:f7:2b:c1:f5:4f:57:ec:2c:
                    32:fc:e8:50:2d:65:8a:2e:a7:25:69:9d:f9:fb:a5:
                    8b:af:a7:26:db:9d:13:14:a4:ac:e8:ab:d2:5b:e2:
                    16:a8:7e:73:bb:93:7b:22:4b:c1:56:cf:1a:81:34:
                    8f:45:f4:9d:05:07:51:b6:86:01:b5:fe:d3:5f:57:
                    99:e2:69:5b:bc:99:bb:55:ff:1a:3d:84:e5:b5:00:
                    8f:00:06:19:23:d7:04:93:0f:a4:5f:e1:f8:e5:3a:
                    81:99:d1:f3:c5:b5:20:cb:6f:8a:89:c3:58:88:1f:
                    2e:dd:37:b7:dd:fc:0d:8e:9a:0a:85:bf:ed:a7:95:
                    7a:6f:fc:10:1f:39:6b:0c:7c:46:4f:a6:7a:3e:9c:
                    01:98:75:e0:36:71:77:74:e3:a4:9a:da:78:a4:fd:
                    f2:19:53:f6:7d:cc:6b:06:1d:95:78:72:13:c7:bf:
                    63:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:CD:1A:6E:C4:4B:E1:6C:18:B3:F4:B5:4D:83:7C:8C:88:FB:34:CC
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS215685.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6283:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7a:a7:c7:82:cb:e7:ed:1c:07:11:02:c6:7b:3e:34:59:ad:52:
         65:7b:64:12:9f:87:69:3c:e0:d5:13:1b:72:06:8c:80:c5:f3:
         5f:97:7a:1c:0f:be:d5:81:47:4d:5e:e0:44:a1:86:d3:38:4d:
         ea:0b:79:f1:d7:b6:6c:c4:46:68:4b:ac:e5:33:e4:3e:1b:23:
         13:21:c6:3e:df:27:5b:94:70:70:f6:f9:64:6d:71:31:71:c3:
         80:40:27:07:94:89:e0:13:7f:67:86:23:aa:55:c5:c8:5e:c8:
         80:d0:65:c5:e9:50:7c:09:90:45:38:89:7f:06:0b:4f:fa:97:
         86:10:cd:1c:be:b8:b0:c4:28:7c:b0:64:9c:4b:41:00:a4:d2:
         a7:13:31:43:c8:33:52:0e:d3:20:a5:45:fd:28:99:50:84:05:
         e9:2e:52:be:9b:55:45:2a:73:ed:9b:62:8a:c7:7e:41:b8:20:
         54:f7:29:1c:34:16:3b:e6:b6:53:f4:2c:f8:8f:59:4e:f3:bf:
         b7:76:68:12:a7:c5:b9:b3:dc:7c:5c:9b:1c:50:26:dc:64:e2:
         0b:18:25:77:04:1a:ad:07:51:4e:d3:fd:5b:c0:7e:d0:5d:4c:
         f7:63:86:de:51:5d:96:43:b9:15:90:e8:a9:ef:a2:bf:c8:32:
         9d:67:74:9c
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUDv+iXAmqnuTilr+JICd/CZKEI88wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTEwMTEyMDU2NDJaFw0yNjEwMTAyMTAxNDJaMDMxMTAvBgNV
BAMTKDkzQ0QxQTZFQzQ0QkUxNkMxOEIzRjRCNTREODM3QzhDODhGQjM0Q0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4vgttyVm55piYr7qhkSIXTqMW
HpkQrFs481tOBALIoHgvrUOibWNwsnCKlVxtnNBNbDXLvBXk+eKxzJXLKOjc9Zcs
kXjAzxwQE/DV5O+N95D3K8H1T1fsLDL86FAtZYoupyVpnfn7pYuvpybbnRMUpKzo
q9Jb4haofnO7k3siS8FWzxqBNI9F9J0FB1G2hgG1/tNfV5niaVu8mbtV/xo9hOW1
AI8ABhkj1wSTD6Rf4fjlOoGZ0fPFtSDLb4qJw1iIHy7dN7fd/A2OmgqFv+2nlXpv
/BAfOWsMfEZPpno+nAGYdeA2cXd046Sa2nik/fIZU/Z9zGsGHZV4chPHv2N7AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUk80absRL4WwYs/S1TYN8jIj7NMwwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTU2ODUucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQq
D2KD8DANBgkqhkiG9w0BAQsFAAOCAQEAeqfHgsvn7RwHEQLGez40Wa1SZXtkEp+H
aTzg1RMbcgaMgMXzX5d6HA++1YFHTV7gRKGG0zhN6gt58de2bMRGaEus5TPkPhsj
EyHGPt8nW5RwcPb5ZG1xMXHDgEAnB5SJ4BN/Z4YjqlXFyF7IgNBlxelQfAmQRTiJ
fwYLT/qXhhDNHL64sMQofLBknEtBAKTSpxMxQ8gzUg7TIKVF/SiZUIQF6S5SvptV
RSpz7Ztiisd+QbggVPcpHDQWO+a2U/Qs+I9ZTvO/t3ZoEqfFubPcfFybHFAm3GTi
CxgldwQarQdRTtP9W8B+0F1M92OG3lFdlkO5FZDoqe+iv8gynWd0nA==
-----END CERTIFICATE-----