Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a323830303a3a2f33382d3338203d3e203531333936.roa
File:                     326131343a3763303a323830303a3a2f33382d3338203d3e203531333936.roa (raw, json)
Hash identifier:          wX1/PWhlah92JM+EzWI0K82cpjnbe/aWYfGOUziojaM=
Subject key identifier:   D5:A5:EC:8F:D9:AE:75:59:36:0B:C1:54:FD:78:36:30:B5:B3:6F:03
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       7D4475CDD26CC812FC4D6F2F64FA4409AEDBE9DD
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a323830303a3a2f33382d3338203d3e203531333936.roa
Signing time:             Tue 28 May 2024 14:56:31 +0000
ROA not before:           Tue 28 May 2024 14:51:31 +0000
ROA not after:            Tue 27 May 2025 14:56:31 +0000
asID:                     51396
IP address blocks:        2a14:7c0:2800::/38 maxlen: 38

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:44:75:cd:d2:6c:c8:12:fc:4d:6f:2f:64:fa:44:09:ae:db:e9:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 14:51:31 2024 GMT
            Not After : May 27 14:56:31 2025 GMT
        Subject: CN=D5A5EC8FD9AE7559360BC154FD783630B5B36F03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e4:1b:e3:96:65:1b:13:3f:80:12:9a:9a:a5:
                    fb:dd:ac:31:25:19:8d:d6:7d:cc:eb:9c:6c:15:c4:
                    d6:1c:d8:2d:8d:d8:d5:95:62:a3:88:20:be:59:98:
                    cf:76:79:47:52:81:2b:ae:dc:68:8d:eb:74:aa:31:
                    4b:5a:5e:6d:92:41:77:9d:af:f7:6e:1d:ff:39:e6:
                    d2:b4:0b:3f:d8:43:5f:4a:ce:14:bd:40:0e:27:0f:
                    28:19:cd:e5:f2:13:ce:43:55:07:37:3d:94:28:d7:
                    50:ce:b0:1b:6f:c4:fc:a7:e2:79:3c:16:49:e4:ce:
                    43:24:09:ec:30:7e:7a:8d:4a:af:85:4d:13:27:8d:
                    f7:60:af:62:2a:08:dd:04:f5:9e:d7:0a:b9:53:17:
                    99:c6:b5:a1:d2:af:aa:6c:e9:ad:be:f6:d2:c2:3a:
                    c1:50:41:5b:89:56:2c:ee:d8:a8:53:b5:6c:d3:1f:
                    45:fb:46:42:ec:84:5f:d2:56:8d:e5:5a:ab:61:88:
                    d0:b5:e3:13:88:3f:fd:6e:7d:cd:99:9a:b0:51:f0:
                    34:a9:16:91:58:f7:78:30:29:9a:8b:42:05:29:fe:
                    05:ec:eb:88:ce:42:b7:7b:59:37:33:76:58:53:e1:
                    af:ed:50:5d:44:0c:6d:db:1a:3f:a5:3c:21:3d:0f:
                    c9:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:A5:EC:8F:D9:AE:75:59:36:0B:C1:54:FD:78:36:30:B5:B3:6F:03
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a323830303a3a2f33382d3338203d3e203531333936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:2800::/38

    Signature Algorithm: sha256WithRSAEncryption
         19:04:59:11:3e:d8:d2:89:97:22:db:9a:5f:7c:d0:b7:96:dd:
         3f:93:57:b2:c8:44:90:ce:f8:f8:db:1d:b4:f0:3b:31:9d:53:
         8d:fe:c3:63:4e:9a:24:37:78:3a:26:ea:cc:c8:60:70:0d:a5:
         c2:2a:c0:c8:d2:1b:85:8f:20:f5:41:80:f7:d7:da:e7:42:30:
         cb:e4:80:78:65:24:f3:e5:65:c7:73:d4:32:3a:c4:2a:95:11:
         3b:d1:e7:56:f4:5c:87:07:8d:be:9e:1b:b6:76:79:4b:90:ae:
         9a:90:4f:10:43:a6:69:c8:9b:f4:42:49:03:e0:89:03:11:6d:
         75:5b:bc:27:3c:2d:2b:d9:61:35:15:1c:2e:0d:9b:8b:54:67:
         f1:53:cd:ac:40:6a:dc:cb:52:b4:97:2e:bb:cd:7e:72:d7:a8:
         71:0e:53:88:a3:f8:af:59:01:eb:31:61:08:e9:45:c5:d4:76:
         98:ba:b5:f0:12:dc:ff:34:d3:f9:60:dc:ef:4c:dc:fd:e5:eb:
         e2:0d:1c:7c:c6:52:45:9c:25:ba:4f:10:ec:53:4e:a3:6d:27:
         32:43:78:36:01:84:9d:4c:31:bb:9c:c7:ab:d5:bc:e7:f9:d9:
         a5:82:1c:6c:28:62:31:b3:a6:28:0c:0e:da:3a:f8:8d:38:df:
         08:93:96:fe
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUfUR1zdJsyBL8TW8vZPpECa7b6d0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNDUxMzFaFw0yNTA1MjcxNDU2MzFaMDMxMTAvBgNV
BAMTKEQ1QTVFQzhGRDlBRTc1NTkzNjBCQzE1NEZENzgzNjMwQjVCMzZGMDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj5BvjlmUbEz+AEpqapfvdrDEl
GY3WfczrnGwVxNYc2C2N2NWVYqOIIL5ZmM92eUdSgSuu3GiN63SqMUtaXm2SQXed
r/duHf855tK0Cz/YQ19KzhS9QA4nDygZzeXyE85DVQc3PZQo11DOsBtvxPyn4nk8
FknkzkMkCewwfnqNSq+FTRMnjfdgr2IqCN0E9Z7XCrlTF5nGtaHSr6ps6a2+9tLC
OsFQQVuJVizu2KhTtWzTH0X7RkLshF/SVo3lWqthiNC14xOIP/1ufc2ZmrBR8DSp
FpFY93gwKZqLQgUp/gXs64jOQrd7WTczdlhT4a/tUF1EDG3bGj+lPCE9D8krAgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQU1aXsj9mudVk2C8FU/Xg2MLWzbwMwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBhwYIKwYBBQUHAQsEezB5MHcGCCsGAQUFBzALhmtyc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzIzODMwMzAzYTNhMmYzMzM4MmQzMzM4MjAzZDNlMjAzNTMxMzMzOTM2
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIw
EDAOBAIAAjAIAwYCKhQHwCgwDQYJKoZIhvcNAQELBQADggEBABkEWRE+2NKJlyLb
ml980LeW3T+TV7LIRJDO+PjbHbTwOzGdU43+w2NOmiQ3eDom6szIYHANpcIqwMjS
G4WPIPVBgPfX2udCMMvkgHhlJPPlZcdz1DI6xCqVETvR51b0XIcHjb6eG7Z2eUuQ
rpqQTxBDpmnIm/RCSQPgiQMRbXVbvCc8LSvZYTUVHC4Nm4tUZ/FTzaxAatzLUrSX
LrvNfnLXqHEOU4ij+K9ZAesxYQjpRcXUdpi6tfAS3P800/lg3O9M3P3l6+INHHzG
UkWcJbpPEOxTTqNtJzJDeDYBhJ1MMbucx6vVvOf52aWCHGwoYjGzpigMDto6+I04
3wiTlv4=
-----END CERTIFICATE-----