Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a323430303a3a2f33382d3438203d3e20323135313538.roa
File:                     326131343a3763303a323430303a3a2f33382d3438203d3e20323135313538.roa (raw, json)
Hash identifier:          GtKfNQjgsLt0CWWUVsopMiSc2Np0GJCxb/PE9X8IUK8=
Subject key identifier:   22:78:6F:FF:81:E1:D3:07:5E:E2:76:22:3F:48:67:11:9E:E1:35:75
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       3E95A5308B478BF6B34E54B67400833FB606659B
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a323430303a3a2f33382d3438203d3e20323135313538.roa
Signing time:             Tue 28 May 2024 15:01:54 +0000
ROA not before:           Tue 28 May 2024 14:56:54 +0000
ROA not after:            Tue 27 May 2025 15:01:54 +0000
asID:                     215158
IP address blocks:        2a14:7c0:2400::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:95:a5:30:8b:47:8b:f6:b3:4e:54:b6:74:00:83:3f:b6:06:65:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 14:56:54 2024 GMT
            Not After : May 27 15:01:54 2025 GMT
        Subject: CN=22786FFF81E1D3075EE276223F4867119EE13575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fc:5d:07:ce:20:76:b6:4b:d2:d6:44:a9:c1:
                    da:e5:58:43:db:87:38:00:cc:e2:40:58:47:56:d7:
                    0f:fb:1a:ab:c8:98:71:8a:59:c8:75:a0:70:9d:b3:
                    b3:93:75:7d:8c:65:13:50:0a:95:2f:1b:89:c0:d3:
                    c8:1b:95:5b:35:9a:4b:3e:dd:5b:5b:ac:d3:87:18:
                    c8:be:47:a7:56:b0:cb:20:18:bf:f0:e3:65:78:d8:
                    78:ba:fd:a4:c3:23:39:4b:c0:a2:9e:70:f3:42:9b:
                    8e:b9:14:59:f0:0b:be:f7:86:d7:c3:82:6f:09:3d:
                    04:fe:a8:bc:3e:2c:98:8b:66:ab:db:96:37:37:9e:
                    9e:79:bf:e7:9e:27:31:cc:ae:fe:47:09:8c:d7:66:
                    53:3f:e0:7d:12:50:d5:9c:27:9e:90:4f:ba:0f:e4:
                    6e:f1:73:09:4d:a4:91:97:8e:b3:7f:29:3d:64:ed:
                    e2:76:22:d4:c4:d2:86:00:27:8d:6c:85:42:b9:53:
                    a7:1c:a9:f3:15:8b:da:60:cb:6b:f5:f7:e9:9f:18:
                    92:49:58:61:de:b9:78:cc:11:7c:fe:3e:ad:a4:46:
                    1a:31:76:b9:10:bb:d8:cc:f0:5d:af:7c:1b:79:ee:
                    d4:ab:10:b5:9b:cd:1d:a5:3d:5b:f4:e3:ca:b0:f9:
                    25:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:78:6F:FF:81:E1:D3:07:5E:E2:76:22:3F:48:67:11:9E:E1:35:75
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a323430303a3a2f33382d3438203d3e20323135313538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:2400::/38

    Signature Algorithm: sha256WithRSAEncryption
         15:d2:17:b2:01:84:c2:b2:01:89:e9:34:5c:68:21:0b:c7:18:
         e7:ff:04:c8:72:2e:54:4e:0c:8a:28:76:eb:7a:e7:4b:8e:29:
         f5:31:e7:e7:2f:7e:0d:a1:83:be:e8:81:17:79:0c:ca:41:16:
         a9:99:a5:fa:0c:22:40:e9:d8:6f:7f:3b:07:fc:a0:53:4f:aa:
         98:30:8c:94:36:ab:6d:9d:34:9c:84:c4:ad:fd:f0:18:3e:33:
         4c:11:f2:67:24:d4:e8:f1:f9:94:6f:65:48:00:d7:51:59:b9:
         4c:0a:45:7d:29:5c:4a:4b:b2:50:57:42:c5:9e:b1:fa:93:12:
         4f:c9:d2:a9:92:c7:7c:83:c4:82:9a:d5:1c:08:5a:d1:91:ca:
         30:35:fb:6c:dc:5e:07:a2:a4:b3:85:fb:0a:cb:d2:83:fa:2e:
         7c:2c:26:89:ac:15:fa:09:58:4c:d6:ca:5a:77:19:23:a8:db:
         9e:40:ea:9c:ee:ea:49:9e:54:7b:bb:e2:67:1d:f9:4e:b3:de:
         3e:a5:fe:ff:84:14:55:3b:1c:62:f0:0f:25:bf:1b:fd:29:24:
         bc:78:38:e3:60:be:6e:a7:a1:72:10:5d:f9:c5:21:0c:8f:67:
         ea:f4:a0:60:ef:8f:d5:b8:0e:ff:e8:32:a5:8f:ef:c7:73:84:
         45:06:a4:6f
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUPpWlMItHi/azTlS2dACDP7YGZZswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNDU2NTRaFw0yNTA1MjcxNTAxNTRaMDMxMTAvBgNV
BAMTKDIyNzg2RkZGODFFMUQzMDc1RUUyNzYyMjNGNDg2NzExOUVFMTM1NzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8/F0HziB2tkvS1kSpwdrlWEPb
hzgAzOJAWEdW1w/7GqvImHGKWch1oHCds7OTdX2MZRNQCpUvG4nA08gblVs1mks+
3VtbrNOHGMi+R6dWsMsgGL/w42V42Hi6/aTDIzlLwKKecPNCm465FFnwC773htfD
gm8JPQT+qLw+LJiLZqvbljc3np55v+eeJzHMrv5HCYzXZlM/4H0SUNWcJ56QT7oP
5G7xcwlNpJGXjrN/KT1k7eJ2ItTE0oYAJ41shUK5U6ccqfMVi9pgy2v19+mfGJJJ
WGHeuXjMEXz+Pq2kRhoxdrkQu9jM8F2vfBt57tSrELWbzR2lPVv048qw+SVHAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUInhv/4Hh0wde4nYiP0hnEZ7hNXUwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzIzNDMwMzAzYTNhMmYzMzM4MmQzNDM4MjAzZDNlMjAzMjMxMzUzMTM1
Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgIqFAfAJDANBgkqhkiG9w0BAQsFAAOCAQEAFdIXsgGEwrIB
iek0XGghC8cY5/8EyHIuVE4Miih263rnS44p9THn5y9+DaGDvuiBF3kMykEWqZml
+gwiQOnYb387B/ygU0+qmDCMlDarbZ00nITErf3wGD4zTBHyZyTU6PH5lG9lSADX
UVm5TApFfSlcSkuyUFdCxZ6x+pMST8nSqZLHfIPEgprVHAha0ZHKMDX7bNxeB6Kk
s4X7CsvSg/oufCwmiawV+glYTNbKWncZI6jbnkDqnO7qSZ5Ue7viZx35TrPePqX+
/4QUVTscYvAPJb8b/SkkvHg442C+bqehchBd+cUhDI9n6vSgYO+P1bgO/+gypY/v
x3OERQakbw==
-----END CERTIFICATE-----