Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS216006.roa
File:                     AS216006.roa (raw, json)
Hash identifier:          +UnRfLvvsZc+mAibWprMS4g2jiX5efaHhnXarTk9X9w=
Subject key identifier:   C8:71:DB:41:CA:6B:BE:A2:7C:DA:AA:3D:0B:CC:D9:55:63:B8:2B:64
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       7DC02E0BAFE15CC076BC77A778723E973D8CB61D
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS216006.roa
Signing time:             Wed 25 Mar 2026 15:13:49 +0000
ROA not before:           Wed 25 Mar 2026 15:08:49 +0000
ROA not after:            Wed 24 Mar 2027 15:13:49 +0000
asID:                     216006
IP address blocks:        2a0f:6284:500::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:c0:2e:0b:af:e1:5c:c0:76:bc:77:a7:78:72:3e:97:3d:8c:b6:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Mar 25 15:08:49 2026 GMT
            Not After : Mar 24 15:13:49 2027 GMT
        Subject: CN=C871DB41CA6BBEA27CDAAA3D0BCCD95563B82B64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:57:26:9d:d5:7f:69:c2:ea:cc:10:60:a2:1a:
                    62:3e:07:60:da:4a:70:41:3f:03:90:75:96:2a:81:
                    fe:50:a3:dc:2f:95:28:66:71:17:b5:00:f8:d0:e4:
                    95:82:96:f8:c7:09:fd:85:e3:9a:22:d7:bb:c1:4e:
                    f0:38:e5:f5:0e:b2:cb:d9:c7:1c:6b:b5:53:f2:03:
                    a0:54:16:1d:d4:62:66:f5:6b:d1:87:37:e2:46:fd:
                    df:53:9d:da:e9:90:10:53:b1:df:37:34:37:35:ce:
                    ae:de:77:d3:3c:b1:ca:1d:22:9f:cd:5a:44:4c:77:
                    50:38:3e:75:c0:be:66:f2:8f:97:5f:54:78:95:be:
                    0b:c8:81:f3:51:25:23:05:50:bc:43:98:2c:9e:58:
                    c4:d6:85:53:ec:de:ca:f0:fd:90:aa:49:c3:00:b5:
                    ef:cb:09:d6:7d:47:b0:6f:79:e0:f5:b8:3b:28:e2:
                    f1:e5:48:68:7c:53:42:e4:bd:c0:b8:7e:0f:51:8a:
                    cd:f6:10:57:69:6a:b1:0f:a2:71:32:66:76:2d:45:
                    59:29:e0:ad:53:d7:a0:17:77:dc:d3:af:3a:34:28:
                    f0:ac:99:0c:97:6d:76:13:ea:93:da:9e:16:f3:8b:
                    ca:6c:bb:d2:b9:ca:a6:88:ad:d7:33:b9:35:d8:65:
                    e1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:71:DB:41:CA:6B:BE:A2:7C:DA:AA:3D:0B:CC:D9:55:63:B8:2B:64
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS216006.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:500::/44

    Signature Algorithm: sha256WithRSAEncryption
         81:0c:50:c1:72:7a:4c:02:12:b3:cf:af:8e:ed:8e:d9:36:b5:
         33:d3:17:69:fe:6b:4d:23:df:e2:a7:02:67:42:6c:40:ef:b6:
         59:82:57:fa:c4:35:e6:bc:a3:b0:3d:35:0c:dd:a9:41:ff:f9:
         8a:6f:7b:4d:ff:b4:5f:be:7d:f5:44:66:8f:88:d6:e2:c4:61:
         fd:fe:5f:c5:3f:97:bc:1e:12:58:73:43:58:3a:42:cb:b0:3e:
         08:cb:7f:b3:82:75:01:51:d1:c3:28:76:10:d6:1d:e9:eb:e3:
         ae:71:79:b2:0a:2c:f8:b1:7a:ec:b9:fa:18:8e:8a:82:43:57:
         54:39:ef:11:58:b4:f3:ce:6e:56:e4:63:dc:f4:0b:30:46:b9:
         85:76:a3:54:20:63:2d:14:b2:ac:4e:99:2a:c1:8a:4f:1b:16:
         03:3b:37:9b:41:5d:13:cb:9a:6a:3f:e0:8a:87:64:b0:3d:e1:
         c0:a9:f9:d6:7c:34:50:e4:b5:29:c4:14:73:42:04:25:d7:63:
         31:0d:00:68:0c:31:9e:55:47:f2:e3:e2:40:11:c6:e5:1b:a0:
         41:47:cf:e0:36:fd:89:20:31:42:47:41:8a:4d:f3:5f:73:3a:
         8f:df:45:fe:94:77:f0:9b:66:e5:1e:da:b7:1d:a6:5a:3c:ad:
         b5:31:e0:7c
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUfcAuC6/hXMB2vHeneHI+lz2Mth0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNjAzMjUxNTA4NDlaFw0yNzAzMjQxNTEzNDlaMDMxMTAvBgNV
BAMTKEM4NzFEQjQxQ0E2QkJFQTI3Q0RBQUEzRDBCQ0NEOTU1NjNCODJCNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Vyad1X9pwurMEGCiGmI+B2Da
SnBBPwOQdZYqgf5Qo9wvlShmcRe1APjQ5JWClvjHCf2F45oi17vBTvA45fUOssvZ
xxxrtVPyA6BUFh3UYmb1a9GHN+JG/d9TndrpkBBTsd83NDc1zq7ed9M8scodIp/N
WkRMd1A4PnXAvmbyj5dfVHiVvgvIgfNRJSMFULxDmCyeWMTWhVPs3srw/ZCqScMA
te/LCdZ9R7BveeD1uDso4vHlSGh8U0LkvcC4fg9Ris32EFdparEPonEyZnYtRVkp
4K1T16AXd9zTrzo0KPCsmQyXbXYT6pPanhbzi8psu9K5yqaIrdczuTXYZeHvAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUyHHbQcprvqJ82qo9C8zZVWO4K2QwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTYwMDYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQq
D2KEBQAwDQYJKoZIhvcNAQELBQADggEBAIEMUMFyekwCErPPr47tjtk2tTPTF2n+
a00j3+KnAmdCbEDvtlmCV/rENea8o7A9NQzdqUH/+Ypve03/tF++ffVEZo+I1uLE
Yf3+X8U/l7weElhzQ1g6QsuwPgjLf7OCdQFR0cModhDWHenr465xebIKLPixeuy5
+hiOioJDV1Q57xFYtPPOblbkY9z0CzBGuYV2o1QgYy0UsqxOmSrBik8bFgM7N5tB
XRPLmmo/4IqHZLA94cCp+dZ8NFDktSnEFHNCBCXXYzENAGgMMZ5VR/Lj4kARxuUb
oEFHz+A2/YkgMUJHQYpN819zOo/fRf6Ud/CbZuUe2rcdplo8rbUx4Hw=
-----END CERTIFICATE-----