Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS216256.roa
File:                     AS216256.roa (raw, json)
Hash identifier:          ++XGI0DhNNSv6Q7k+W2AVEPbSPd0E57pOLXBBu2tTKc=
Subject key identifier:   24:88:11:E7:09:6C:05:E2:5E:23:01:73:D2:DF:0F:39:B8:3F:AC:B3
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       287C340034CACDB56EAF525E1972C57E705DFA59
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS216256.roa
Signing time:             Sun 19 Oct 2025 10:39:17 +0000
ROA not before:           Sun 19 Oct 2025 10:34:17 +0000
ROA not after:            Sun 18 Oct 2026 10:39:17 +0000
asID:                     216256
IP address blocks:        2a0f:6284:4b00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:44:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:7c:34:00:34:ca:cd:b5:6e:af:52:5e:19:72:c5:7e:70:5d:fa:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Oct 19 10:34:17 2025 GMT
            Not After : Oct 18 10:39:17 2026 GMT
        Subject: CN=248811E7096C05E25E230173D2DF0F39B83FACB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:37:8c:09:38:64:d2:ec:67:51:4c:0e:a4:9c:
                    c6:c8:2a:0a:88:37:3b:43:95:cd:22:0f:98:80:05:
                    47:8b:25:dc:45:25:21:aa:6f:a5:f3:2f:a9:40:66:
                    59:aa:76:d2:66:b5:f0:0a:dd:a1:dc:e6:0d:56:56:
                    da:bd:75:2c:07:7b:98:a7:09:97:dc:67:0c:b0:2c:
                    99:eb:98:c7:fa:5d:87:16:76:f3:b0:36:67:b5:bd:
                    2c:fd:75:52:f0:d1:9f:25:da:fc:62:fa:aa:98:bc:
                    fc:af:e7:1b:05:3e:1f:72:11:f7:cf:5e:29:59:da:
                    23:72:57:85:11:d9:0f:fa:78:2c:ed:b6:75:a4:34:
                    fd:6b:a3:11:ce:9c:f8:1d:5f:a3:dd:f3:0a:54:57:
                    41:bd:9b:50:57:39:76:56:e0:55:41:62:46:55:6d:
                    d9:39:e6:c5:75:fd:c7:21:bf:e7:27:c6:29:3b:97:
                    69:54:b3:a4:60:bc:35:a0:af:3c:86:00:1a:fe:a6:
                    cf:44:da:2b:fd:ac:97:f4:09:af:db:4e:40:d3:d8:
                    be:28:a1:52:10:5b:ef:8d:b4:8d:91:50:13:4b:4c:
                    be:cc:ab:21:25:28:97:1f:7c:23:df:7c:0d:d2:f3:
                    59:ec:2b:21:20:16:1d:b5:fb:0b:c7:02:1b:f3:57:
                    70:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:88:11:E7:09:6C:05:E2:5E:23:01:73:D2:DF:0F:39:B8:3F:AC:B3
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS216256.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6284:4b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         66:47:cd:ba:31:30:78:2f:17:82:5e:b6:e5:fd:d1:aa:41:43:
         33:7c:31:b1:33:03:3d:3b:30:47:78:cd:b2:64:a1:3e:e1:1b:
         b7:1c:0f:81:4f:03:c0:18:b5:42:7b:79:30:22:ed:15:42:2a:
         95:22:71:bd:19:e5:9d:6d:77:18:6a:6f:d7:4b:b7:48:9c:bb:
         d3:84:53:c6:4b:c4:a1:3e:aa:4b:b8:14:e3:0b:23:93:0c:94:
         06:0f:88:25:d2:c4:19:0c:62:f1:c5:45:f3:09:ad:90:9f:89:
         69:68:e0:ba:2a:35:af:96:d5:fa:69:d6:6a:8c:38:53:0d:2e:
         f0:be:57:ee:3d:d3:56:9e:be:d6:93:d9:13:19:57:63:2e:f0:
         95:18:12:b2:02:bb:34:a4:a7:b7:65:48:7a:9f:a3:bd:fa:74:
         48:bd:2a:39:5b:ee:50:75:d1:fa:c1:fb:3a:54:81:9c:9b:a1:
         71:a1:32:6b:95:8f:2c:20:01:f5:3f:df:2d:9c:65:f8:75:89:
         44:48:cf:03:24:4c:19:fa:a6:39:fc:62:9b:f2:e5:23:87:a9:
         7f:d0:e5:ee:c7:3e:89:ce:af:ed:41:54:22:cb:68:06:42:35:
         fa:f0:80:b1:1a:7e:b4:fb:84:ae:d3:76:cb:b5:f1:58:65:c4:
         75:07:0e:71
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUKHw0ADTKzbVur1JeGXLFfnBd+lkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTEwMTkxMDM0MTdaFw0yNjEwMTgxMDM5MTdaMDMxMTAvBgNV
BAMTKDI0ODgxMUU3MDk2QzA1RTI1RTIzMDE3M0QyREYwRjM5QjgzRkFDQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDN4wJOGTS7GdRTA6knMbIKgqI
NztDlc0iD5iABUeLJdxFJSGqb6XzL6lAZlmqdtJmtfAK3aHc5g1WVtq9dSwHe5in
CZfcZwywLJnrmMf6XYcWdvOwNme1vSz9dVLw0Z8l2vxi+qqYvPyv5xsFPh9yEffP
XilZ2iNyV4UR2Q/6eCzttnWkNP1roxHOnPgdX6Pd8wpUV0G9m1BXOXZW4FVBYkZV
bdk55sV1/cchv+cnxik7l2lUs6RgvDWgrzyGABr+ps9E2iv9rJf0Ca/bTkDT2L4o
oVIQW++NtI2RUBNLTL7MqyElKJcffCPffA3S81nsKyEgFh21+wvHAhvzV3APAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUJIgR5wlsBeJeIwFz0t8PObg/rLMwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwC4YzcnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMTYyNTYucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAq
D2KESzANBgkqhkiG9w0BAQsFAAOCAQEAZkfNujEweC8Xgl625f3RqkFDM3wxsTMD
PTswR3jNsmShPuEbtxwPgU8DwBi1Qnt5MCLtFUIqlSJxvRnlnW13GGpv10u3SJy7
04RTxkvEoT6qS7gU4wsjkwyUBg+IJdLEGQxi8cVF8wmtkJ+JaWjguio1r5bV+mnW
aow4Uw0u8L5X7j3TVp6+1pPZExlXYy7wlRgSsgK7NKSnt2VIep+jvfp0SL0qOVvu
UHXR+sH7OlSBnJuhcaEya5WPLCAB9T/fLZxl+HWJREjPAyRMGfqmOfxim/LlI4ep
f9Dl7sc+ic6v7UFUIstoBkI1+vCAsRp+tPuErtN2y7XxWGXEdQcOcQ==
-----END CERTIFICATE-----