Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          SltqjBLREuELXhH4PgYFJCsEHA1W52+wHgbo7Wn0gxo=
Subject key identifier:   88:4D:CC:D0:7E:C3:B2:46:A9:E5:0A:4F:A2:9E:50:95:99:A7:9E:C4
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       11C414A911FB6F83F3247A90AB30817E7132066C
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS20473.roa
Signing time:             Sat 06 Sep 2025 14:03:49 +0000
ROA not before:           Sat 06 Sep 2025 13:58:49 +0000
ROA not after:            Sat 05 Sep 2026 14:03:49 +0000
asID:                     20473
IP address blocks:        2a0a:6044:ac60::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 03:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:c4:14:a9:11:fb:6f:83:f3:24:7a:90:ab:30:81:7e:71:32:06:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Sep  6 13:58:49 2025 GMT
            Not After : Sep  5 14:03:49 2026 GMT
        Subject: CN=884DCCD07EC3B246A9E50A4FA29E509599A79EC4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:48:04:47:0c:47:24:6f:dc:a8:3d:ca:46:80:
                    a9:bd:b1:90:f9:29:84:a1:34:a9:ba:63:9d:26:76:
                    ae:1f:56:89:35:57:48:a4:6e:45:ab:8e:c2:16:8c:
                    a4:5d:bc:28:df:07:c0:10:95:4b:64:72:dc:6d:f9:
                    78:0b:d6:7e:d5:bc:5d:9a:70:91:22:83:7a:47:00:
                    9e:12:88:25:14:bb:48:8a:17:c1:db:ca:ba:97:af:
                    2b:d7:02:a2:b4:1a:4b:c7:53:4a:3f:fc:18:a5:b4:
                    28:7d:f3:a0:14:2c:a1:a2:f8:8b:0c:51:5c:c7:93:
                    1b:fe:65:5f:00:22:94:44:7a:de:e2:1a:0b:e1:11:
                    f9:23:de:b3:09:94:f4:d2:e3:91:a2:54:08:1a:f8:
                    45:d0:c2:57:5b:eb:86:f5:44:e5:b6:a5:1a:66:ca:
                    1d:1b:96:92:7e:25:f4:19:f5:3d:61:dc:50:3c:80:
                    ad:cc:68:f7:30:d9:7b:bb:56:ea:56:d3:ff:34:10:
                    79:30:11:76:78:f6:90:16:6d:98:ed:1b:20:b3:1b:
                    05:87:6b:b8:ff:d6:84:7d:12:74:9c:65:aa:74:f0:
                    98:d2:74:66:b4:47:33:2e:f9:f1:58:75:0d:bd:4f:
                    ee:7c:f0:76:00:d0:2b:4c:a4:7d:d0:30:7c:b4:f5:
                    d6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:4D:CC:D0:7E:C3:B2:46:A9:E5:0A:4F:A2:9E:50:95:99:A7:9E:C4
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:ac60::/44

    Signature Algorithm: sha256WithRSAEncryption
         3e:fb:02:29:d2:23:8e:bb:53:ac:04:72:14:f1:30:08:b0:67:
         9a:2b:0d:d5:f1:d5:d4:00:a0:fe:5d:52:db:67:e4:13:52:2d:
         95:58:b0:e0:81:6c:1d:94:f8:dd:e2:45:c5:d8:f5:83:10:d8:
         cf:7c:0c:bd:c5:a6:0b:33:91:4a:b2:f7:a6:99:3d:62:09:0e:
         65:54:6b:cf:36:63:c4:05:d7:a4:4c:d1:d3:1a:37:ff:b6:bb:
         db:a4:3c:90:67:8c:2b:f6:2e:f5:4f:f5:0b:2c:95:92:41:90:
         78:db:18:e8:ae:03:fe:d7:7f:97:78:a3:b5:72:24:ba:4c:2d:
         94:03:1d:bb:2b:8c:67:9d:33:7c:a1:52:b9:52:60:25:75:26:
         65:b8:94:50:d7:08:bd:83:83:a3:cc:8d:7a:66:b8:a4:9e:ad:
         49:4f:dc:25:dd:0b:bc:1d:60:fe:83:d8:e4:0a:03:84:50:1a:
         70:a9:0b:e9:39:83:a1:5d:76:88:00:a5:12:44:97:f6:41:66:
         29:ba:af:4c:51:9a:19:7e:2b:4b:0d:f4:27:45:d5:1d:62:a9:
         39:ae:10:d2:2e:ae:d1:45:f5:86:a0:0e:b2:7f:0a:57:54:73:
         49:f0:82:5d:93:fa:a7:cc:e5:55:7f:23:f1:6a:1e:2f:ac:50:
         0d:02:cf:74
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUEcQUqRH7b4PzJHqQqzCBfnEyBmwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA5MDYxMzU4NDlaFw0yNjA5MDUxNDAzNDlaMDMxMTAvBgNV
BAMTKDg4NERDQ0QwN0VDM0IyNDZBOUU1MEE0RkEyOUU1MDk1OTlBNzlFQzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLSARHDEckb9yoPcpGgKm9sZD5
KYShNKm6Y50mdq4fVok1V0ikbkWrjsIWjKRdvCjfB8AQlUtkctxt+XgL1n7VvF2a
cJEig3pHAJ4SiCUUu0iKF8HbyrqXryvXAqK0GkvHU0o//BiltCh986AULKGi+IsM
UVzHkxv+ZV8AIpREet7iGgvhEfkj3rMJlPTS45GiVAga+EXQwldb64b1ROW2pRpm
yh0blpJ+JfQZ9T1h3FA8gK3MaPcw2Xu7VupW0/80EHkwEXZ49pAWbZjtGyCzGwWH
a7j/1oR9EnScZap08JjSdGa0RzMu+fFYdQ29T+588HYA0CtMpH3QMHy09dYvAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUiE3M0H7Dskap5QpPop5QlZmnnsQwHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDQ3My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoK
YESsYDANBgkqhkiG9w0BAQsFAAOCAQEAPvsCKdIjjrtTrARyFPEwCLBnmisN1fHV
1ACg/l1S22fkE1ItlViw4IFsHZT43eJFxdj1gxDYz3wMvcWmCzORSrL3ppk9YgkO
ZVRrzzZjxAXXpEzR0xo3/7a726Q8kGeMK/Yu9U/1CyyVkkGQeNsY6K4D/td/l3ij
tXIkukwtlAMduyuMZ50zfKFSuVJgJXUmZbiUUNcIvYODo8yNema4pJ6tSU/cJd0L
vB1g/oPY5AoDhFAacKkL6TmDoV12iAClEkSX9kFmKbqvTFGaGX4rSw30J0XVHWKp
Oa4Q0i6u0UX1hqAOsn8KV1RzSfCCXZP6p8zlVX8j8WoeL6xQDQLPdA==
-----END CERTIFICATE-----