Route Origin Authorization

$ rpki-client -vvf krill.47272.net/repo/HYEHOST/5/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          NmjMaZ+Awjz4i7+817IMiY9DGOjXoFy1bwWcMv6aBvQ=
Subject key identifier:   E3:12:3A:C7:F4:96:31:E9:85:2A:29:F7:08:8E:BE:C4:37:5B:8D:1E
Certificate issuer:       /CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
Certificate serial:       45FD8F633379FA58C3C8FA091586147A90A3E1D2
Authority key identifier: C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
Subject info access:      rsync://krill.47272.net/repo/HYEHOST/5/AS20473.roa
Signing time:             Thu 03 Jul 2025 15:53:09 +0000
ROA not before:           Thu 03 Jul 2025 15:48:09 +0000
ROA not after:            Thu 02 Jul 2026 15:53:09 +0000
asID:                     20473
IP address blocks:        2a0a:6044:ac60::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl
                          rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.mft
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:fd:8f:63:33:79:fa:58:c3:c8:fa:09:15:86:14:7a:90:a3:e1:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3CF41898936CB9C573DB1EAAB94C6E669951FD7
        Validity
            Not Before: Jul  3 15:48:09 2025 GMT
            Not After : Jul  2 15:53:09 2026 GMT
        Subject: CN=E3123AC7F49631E9852A29F7088EBEC4375B8D1E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5b:9e:ec:90:30:2d:fa:ce:3e:a5:39:4f:32:
                    fc:a2:08:b5:06:97:3b:10:3d:69:33:11:cc:1c:40:
                    1a:fd:46:09:6f:36:50:47:4a:e1:a4:5c:15:34:c2:
                    c2:a4:e3:83:aa:d0:71:47:dd:bf:b8:d5:50:01:7e:
                    f6:bb:fa:36:cd:5c:30:c4:a2:44:d1:07:3e:6a:d5:
                    0f:de:9a:a3:4f:e5:d2:f2:27:2a:5a:23:23:32:29:
                    49:71:36:4f:3a:a4:e9:89:b1:fc:65:bf:18:03:1c:
                    dc:7e:6f:fb:72:e5:11:be:c3:11:4e:37:e2:63:b0:
                    ba:3b:e8:70:80:e2:eb:01:7e:ae:df:62:87:19:9e:
                    47:63:16:c8:15:e3:d6:82:81:82:18:fd:0c:16:49:
                    1a:c5:8a:32:e4:53:78:7c:b0:c1:ad:08:98:43:34:
                    ff:0a:75:99:d4:88:be:80:f8:73:e8:d9:c2:1c:34:
                    a7:84:4a:e0:19:90:7f:78:eb:70:b5:dd:3d:b4:f7:
                    75:01:31:40:5e:e3:25:a9:c8:e5:c7:8b:d3:3a:97:
                    c1:8c:d7:f7:7e:de:94:70:3d:0d:5a:5d:c7:7f:82:
                    05:d0:b8:74:54:c3:4f:fa:42:cc:52:14:72:16:6c:
                    86:ed:17:9b:78:bc:6a:c1:b4:1f:4b:02:71:09:37:
                    7e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:12:3A:C7:F4:96:31:E9:85:2A:29:F7:08:8E:BE:C4:37:5B:8D:1E
            X509v3 Authority Key Identifier:
                keyid:C3:CF:41:89:89:36:CB:9C:57:3D:B1:EA:AB:94:C6:E6:69:95:1F:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://krill.47272.net/repo/HYEHOST/5/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/C3CF41898936CB9C573DB1EAAB94C6E669951FD7.cer

            Subject Information Access:
                Signed Object - URI:rsync://krill.47272.net/repo/HYEHOST/5/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:ac60::/44

    Signature Algorithm: sha256WithRSAEncryption
         34:43:cd:bd:60:4d:2a:31:e4:83:e8:dc:9e:8f:79:c5:7e:eb:
         d4:7d:fa:15:70:d4:4b:65:5a:4b:f4:72:5b:85:77:fb:c6:cf:
         3f:76:c8:bb:59:f5:20:70:56:4d:10:82:b1:f5:c2:ed:df:c8:
         8f:dc:7e:95:15:b7:c5:3d:1a:39:02:98:05:cf:82:dc:6d:99:
         64:d7:80:7e:f5:cb:3f:9b:2e:f6:63:4d:02:7d:29:da:b4:82:
         32:06:a9:90:ec:42:68:7a:f7:fc:7a:46:ba:68:c5:b7:d5:4a:
         6a:64:61:dc:e7:09:d0:6c:22:7f:38:18:e4:21:85:e2:82:c9:
         6b:0b:58:77:2b:a0:01:3a:9e:be:42:74:ab:46:db:41:54:4e:
         d4:08:63:fb:38:3c:09:b3:12:e7:b3:37:d5:38:9d:b5:ae:3e:
         b6:da:ee:20:22:1b:7c:e6:31:6f:68:b1:fe:30:fb:79:47:85:
         86:40:2d:61:fe:91:dd:43:42:07:96:99:d9:0f:67:ac:4f:cd:
         fb:b1:6e:8e:64:0b:d8:c2:30:69:c3:5d:20:87:79:cb:a8:35:
         a0:4d:6b:44:a5:8b:d9:3c:8a:4a:5b:1a:33:46:b1:b2:fa:c6:
         9d:0e:89:0e:c0:9d:db:88:d3:ea:10:46:57:b5:49:29:e8:11:
         91:13:23:2e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIURf2PYzN5+ljDyPoJFYYUepCj4dIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNDRjQxODk4OTM2Q0I5QzU3M0RCMUVBQUI5NEM2RTY2
OTk1MUZENzAeFw0yNTA3MDMxNTQ4MDlaFw0yNjA3MDIxNTUzMDlaMDMxMTAvBgNV
BAMTKEUzMTIzQUM3RjQ5NjMxRTk4NTJBMjlGNzA4OEVCRUM0Mzc1QjhEMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSW57skDAt+s4+pTlPMvyiCLUG
lzsQPWkzEcwcQBr9RglvNlBHSuGkXBU0wsKk44Oq0HFH3b+41VABfva7+jbNXDDE
okTRBz5q1Q/emqNP5dLyJypaIyMyKUlxNk86pOmJsfxlvxgDHNx+b/ty5RG+wxFO
N+JjsLo76HCA4usBfq7fYocZnkdjFsgV49aCgYIY/QwWSRrFijLkU3h8sMGtCJhD
NP8KdZnUiL6A+HPo2cIcNKeESuAZkH9463C13T2093UBMUBe4yWpyOXHi9M6l8GM
1/d+3pRwPQ1aXcd/ggXQuHRUw0/6QsxSFHIWbIbtF5t4vGrBtB9LAnEJN371AgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQU4xI6x/SWMemFKin3CI6+xDdbjR4wHwYDVR0j
BBgwFoAUw89BiYk2y5xXPbHqq5TG5mmVH9cwDgYDVR0PAQH/BAQDAgeAMGQGA1Ud
HwRdMFswWaBXoFWGU3JzeW5jOi8va3JpbGwuNDcyNzIubmV0L3JlcG8vSFlFSE9T
VC81L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFGRDcuY3Js
MIGTBggrBgEFBQcBAQSBhjCBgzCBgAYIKwYBBQUHMAKGdHJzeW5jOi8vcnBraS1y
cHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5
MWJlM2Y5ZC83L0MzQ0Y0MTg5ODkzNkNCOUM1NzNEQjFFQUFCOTRDNkU2Njk5NTFG
RDcuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9rcmls
bC40NzI3Mi5uZXQvcmVwby9IWUVIT1NULzUvQVMyMDQ3My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoK
YESsYDANBgkqhkiG9w0BAQsFAAOCAQEANEPNvWBNKjHkg+jcno95xX7r1H36FXDU
S2VaS/RyW4V3+8bPP3bIu1n1IHBWTRCCsfXC7d/Ij9x+lRW3xT0aOQKYBc+C3G2Z
ZNeAfvXLP5su9mNNAn0p2rSCMgapkOxCaHr3/HpGumjFt9VKamRh3OcJ0GwifzgY
5CGF4oLJawtYdyugATqevkJ0q0bbQVRO1Ahj+zg8CbMS57M31Tidta4+ttruICIb
fOYxb2ix/jD7eUeFhkAtYf6R3UNCB5aZ2Q9nrE/N+7FujmQL2MIwacNdIId5y6g1
oE1rRKWL2TyKSlsaM0axsvrGnQ6JDsCd24jT6hBGV7VJKegRkRMjLg==
-----END CERTIFICATE-----