Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a316530303a3a2f34302d3430203d3e20323132323934.roa
File:                     326131343a3763303a316530303a3a2f34302d3430203d3e20323132323934.roa (raw, json)
Hash identifier:          bmKJfnMcVIaH+7az/DCFcUg+NQMj03RfaTwSk8BlDhs=
Subject key identifier:   5D:CE:62:8D:66:B5:42:35:9B:17:C8:97:0D:EB:71:E7:23:3E:96:17
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       68860A044BF0A9E2FD8BF2744EC50C2428E6AF37
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a316530303a3a2f34302d3430203d3e20323132323934.roa
Signing time:             Tue 28 May 2024 14:59:43 +0000
ROA not before:           Tue 28 May 2024 14:54:43 +0000
ROA not after:            Tue 27 May 2025 14:59:43 +0000
asID:                     212294
IP address blocks:        2a14:7c0:1e00::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:86:0a:04:4b:f0:a9:e2:fd:8b:f2:74:4e:c5:0c:24:28:e6:af:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 14:54:43 2024 GMT
            Not After : May 27 14:59:43 2025 GMT
        Subject: CN=5DCE628D66B542359B17C8970DEB71E7233E9617
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:71:36:d8:2a:f1:62:e0:e3:53:b8:30:74:d9:
                    d7:bb:7b:76:52:6b:fb:dd:76:85:52:86:55:5c:1b:
                    d2:d4:2c:50:70:df:e6:54:0b:cd:56:8e:77:69:fa:
                    76:8a:02:6f:50:8c:df:5a:8e:bf:2d:cf:81:40:b3:
                    02:2d:b4:e9:7f:3b:13:6c:2b:1d:79:51:28:97:de:
                    fa:f1:4a:01:a2:fa:76:16:63:d3:24:d3:1a:26:6c:
                    d6:9d:06:d9:fb:0b:16:bb:83:8f:d1:c8:41:97:2f:
                    a2:6c:9a:c9:d7:92:40:5e:c4:81:1c:a7:d9:1a:f1:
                    b8:ef:c7:57:68:02:04:06:29:e3:9c:f5:7d:64:99:
                    05:5d:d9:43:ee:bc:20:fc:03:d0:f6:04:ec:eb:e7:
                    98:76:84:ba:07:29:a7:88:4f:e4:1d:fc:9a:52:b7:
                    21:71:f4:77:de:2f:9e:d3:a6:f1:f7:ea:2b:3a:c8:
                    2d:c0:3a:f2:60:00:39:3d:0c:b5:54:56:53:47:19:
                    e0:ad:1e:02:f3:46:1e:c0:cd:c7:a5:0e:97:0d:e0:
                    66:e1:75:c7:7d:23:c8:11:f7:80:7d:54:62:11:19:
                    06:8e:34:7e:0b:9f:03:56:6a:65:19:dc:c8:2a:74:
                    3e:df:f5:97:01:78:6e:cf:f3:5f:01:38:c6:2a:d1:
                    b2:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:CE:62:8D:66:B5:42:35:9B:17:C8:97:0D:EB:71:E7:23:3E:96:17
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a316530303a3a2f34302d3430203d3e20323132323934.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:1e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         03:1e:e2:92:7b:c0:eb:15:34:14:ca:11:0c:84:54:cb:b4:a6:
         02:06:ac:f7:46:d0:a2:32:ce:5c:d1:94:12:e8:60:89:3f:59:
         69:44:f5:63:10:d2:71:b4:27:56:73:7e:a1:f7:8e:32:f2:85:
         5e:e7:6a:0d:11:61:28:dd:8a:99:5b:31:b7:0c:3a:6d:7a:14:
         95:18:89:81:64:8e:30:22:67:51:19:71:c5:b5:e7:54:75:d5:
         13:02:5d:db:f7:e9:de:ff:d8:53:21:02:3f:95:6a:46:e3:a4:
         13:63:ae:10:26:80:a3:38:3a:73:cb:ac:c1:94:0e:20:20:6a:
         a5:c4:47:c0:b1:10:c7:c0:ae:f7:71:fe:83:b3:7b:7c:58:2c:
         cd:4e:69:9b:a3:87:33:d2:11:c8:67:72:89:d8:04:48:70:ed:
         e9:fd:91:59:83:04:4a:5c:f2:ab:6e:d7:ee:3f:82:42:9e:40:
         6e:06:92:21:8c:e8:b1:d6:1e:79:01:0c:ab:69:a0:c1:2f:bc:
         32:37:a6:98:a0:25:92:b1:7c:38:3b:08:5b:3c:e2:ea:6e:d3:
         a9:42:eb:59:eb:75:30:69:3e:e1:34:c0:8c:b5:78:63:3b:0d:
         28:9a:e6:f9:8e:63:cb:27:ad:9b:1c:8b:20:5a:76:d7:85:de:
         78:e3:15:e0
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUaIYKBEvwqeL9i/J0TsUMJCjmrzcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNDU0NDNaFw0yNTA1MjcxNDU5NDNaMDMxMTAvBgNV
BAMTKDVEQ0U2MjhENjZCNTQyMzU5QjE3Qzg5NzBERUI3MUU3MjMzRTk2MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYcTbYKvFi4ONTuDB02de7e3ZS
a/vddoVShlVcG9LULFBw3+ZUC81Wjndp+naKAm9QjN9ajr8tz4FAswIttOl/OxNs
Kx15USiX3vrxSgGi+nYWY9Mk0xombNadBtn7Cxa7g4/RyEGXL6JsmsnXkkBexIEc
p9ka8bjvx1doAgQGKeOc9X1kmQVd2UPuvCD8A9D2BOzr55h2hLoHKaeIT+Qd/JpS
tyFx9HfeL57TpvH36is6yC3AOvJgADk9DLVUVlNHGeCtHgLzRh7AzcelDpcN4Gbh
dcd9I8gR94B9VGIRGQaONH4LnwNWamUZ3MgqdD7f9ZcBeG7P818BOMYq0bKZAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUXc5ijWa1QjWbF8iXDetx5yM+lhcwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzE2NTMwMzAzYTNhMmYzNDMwMmQzNDMwMjAzZDNlMjAzMjMxMzIzMjM5
MzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfAHjANBgkqhkiG9w0BAQsFAAOCAQEAAx7iknvA6xU0
FMoRDIRUy7SmAgas90bQojLOXNGUEuhgiT9ZaUT1YxDScbQnVnN+ofeOMvKFXudq
DRFhKN2KmVsxtww6bXoUlRiJgWSOMCJnURlxxbXnVHXVEwJd2/fp3v/YUyECP5Vq
RuOkE2OuECaAozg6c8uswZQOICBqpcRHwLEQx8Cu93H+g7N7fFgszU5pm6OHM9IR
yGdyidgESHDt6f2RWYMESlzyq27X7j+CQp5AbgaSIYzosdYeeQEMq2mgwS+8Mjem
mKAlkrF8ODsIWzzi6m7TqULrWet1MGk+4TTAjLV4YzsNKJrm+Y5jyyetmxyLIFp2
14XeeOMV4A==
-----END CERTIFICATE-----