Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333030303a3a2f34302d3430203d3e20313937343634.roa
File:                     326131343a3763303a333030303a3a2f34302d3430203d3e20313937343634.roa (raw, json)
Hash identifier:          TBKDxTNUMmRtvy3+sXQ9+DWicUT5tqXMJtG6FZ8+Mjc=
Subject key identifier:   B2:D9:C6:3A:65:98:8F:97:CE:78:CD:07:B4:36:83:DF:51:65:7E:C9
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       640087BB98FD1D7AD01B41DD2963808860E80D21
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333030303a3a2f34302d3430203d3e20313937343634.roa
Signing time:             Tue 28 May 2024 14:58:48 +0000
ROA not before:           Tue 28 May 2024 14:53:48 +0000
ROA not after:            Tue 27 May 2025 14:58:48 +0000
asID:                     197464
IP address blocks:        2a14:7c0:3000::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:00:87:bb:98:fd:1d:7a:d0:1b:41:dd:29:63:80:88:60:e8:0d:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 14:53:48 2024 GMT
            Not After : May 27 14:58:48 2025 GMT
        Subject: CN=B2D9C63A65988F97CE78CD07B43683DF51657EC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:14:ed:82:a5:d9:fc:3f:b6:e8:a4:f4:40:f4:
                    c9:26:54:7b:71:e8:0b:e3:22:bc:44:10:94:bb:c8:
                    31:17:04:64:45:9f:27:b7:14:00:a8:ea:3f:97:9d:
                    ec:50:72:1c:46:fa:a2:8b:75:dd:f7:82:e5:1c:9d:
                    e1:5a:a2:a6:88:e6:ef:7d:99:fc:6e:65:69:69:f1:
                    69:e7:6b:61:63:94:c4:ba:1c:b4:8e:d7:e9:b5:26:
                    0f:57:77:33:a4:d9:4d:88:a9:54:34:54:45:c5:88:
                    d7:b7:92:77:72:b3:e7:e4:15:a1:9a:ad:be:47:0a:
                    8f:30:2a:d7:df:41:37:62:a6:85:92:03:5e:f4:e0:
                    de:2a:aa:64:93:74:94:62:0f:06:6e:57:49:7c:44:
                    18:86:92:f6:a1:11:e4:02:07:4c:55:e2:e0:b5:66:
                    d7:c6:42:e3:4b:4a:8a:2d:55:25:e3:82:63:39:9e:
                    f5:13:4b:47:85:3f:23:de:70:a6:20:a1:7c:80:bb:
                    e1:62:1b:9a:ac:1e:ff:44:c0:60:44:76:47:1b:96:
                    87:32:bd:9b:c2:71:00:cb:a3:b9:89:6c:dc:d1:1f:
                    a4:88:f8:27:35:56:ac:25:c6:f0:11:c4:2d:ae:3f:
                    37:a1:ff:55:cf:13:3c:44:de:74:88:00:c2:30:0a:
                    54:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:D9:C6:3A:65:98:8F:97:CE:78:CD:07:B4:36:83:DF:51:65:7E:C9
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333030303a3a2f34302d3430203d3e20313937343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:3000::/40

    Signature Algorithm: sha256WithRSAEncryption
         77:97:57:00:88:84:3b:08:42:6f:23:3e:63:b0:83:e8:a6:61:
         ff:1e:57:39:47:49:76:e4:ea:e3:ac:19:c5:9c:4d:7c:e7:cb:
         b0:1d:4a:33:96:1f:16:ce:63:0d:40:d8:07:cf:bb:d6:a3:fe:
         a8:56:39:1b:3b:44:38:70:4e:52:de:c7:90:eb:49:7f:72:75:
         84:72:79:9a:65:b5:bc:e7:e8:ee:bc:9f:e2:89:87:01:6b:59:
         91:5f:5c:0b:67:2f:f3:2d:95:75:85:95:39:18:d0:28:1c:e7:
         4c:8f:1a:72:24:26:00:f7:b2:33:65:5c:c4:0f:8d:72:f1:c5:
         68:47:0a:d4:a4:36:5f:74:00:5c:79:f2:3a:b7:df:4c:f5:c2:
         32:91:ba:21:3a:b2:9d:3a:83:09:41:00:67:73:0a:c4:a3:5e:
         72:fb:5f:bb:c9:86:97:3e:fc:a7:b2:c7:71:b5:f1:29:f9:3d:
         95:47:2e:a0:4a:8e:f5:a2:38:df:38:a8:28:73:66:41:42:34:
         ab:23:ad:bb:78:cb:a2:be:f5:2e:05:42:15:01:ee:ef:05:f7:
         ee:b8:6d:8a:7b:cd:74:14:34:c0:ad:47:14:4c:6f:f9:b4:f5:
         f7:eb:21:5b:a0:f6:85:16:1c:16:f3:b3:dd:79:2e:09:e0:1a:
         76:33:51:0f
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUZACHu5j9HXrQG0HdKWOAiGDoDSEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNDUzNDhaFw0yNTA1MjcxNDU4NDhaMDMxMTAvBgNV
BAMTKEIyRDlDNjNBNjU5ODhGOTdDRTc4Q0QwN0I0MzY4M0RGNTE2NTdFQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnFO2Cpdn8P7bopPRA9MkmVHtx
6AvjIrxEEJS7yDEXBGRFnye3FACo6j+XnexQchxG+qKLdd33guUcneFaoqaI5u99
mfxuZWlp8Wnna2FjlMS6HLSO1+m1Jg9XdzOk2U2IqVQ0VEXFiNe3kndys+fkFaGa
rb5HCo8wKtffQTdipoWSA1704N4qqmSTdJRiDwZuV0l8RBiGkvahEeQCB0xV4uC1
ZtfGQuNLSootVSXjgmM5nvUTS0eFPyPecKYgoXyAu+FiG5qsHv9EwGBEdkcblocy
vZvCcQDLo7mJbNzRH6SI+Cc1VqwlxvARxC2uPzeh/1XPEzxE3nSIAMIwClSdAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUstnGOmWYj5fOeM0HtDaD31FlfskwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzMzMDMwMzAzYTNhMmYzNDMwMmQzNDMwMjAzZDNlMjAzMTM5MzczNDM2
MzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfAMDANBgkqhkiG9w0BAQsFAAOCAQEAd5dXAIiEOwhC
byM+Y7CD6KZh/x5XOUdJduTq46wZxZxNfOfLsB1KM5YfFs5jDUDYB8+71qP+qFY5
GztEOHBOUt7HkOtJf3J1hHJ5mmW1vOfo7ryf4omHAWtZkV9cC2cv8y2VdYWVORjQ
KBznTI8aciQmAPeyM2VcxA+NcvHFaEcK1KQ2X3QAXHnyOrffTPXCMpG6ITqynTqD
CUEAZ3MKxKNecvtfu8mGlz78p7LHcbXxKfk9lUcuoEqO9aI43zioKHNmQUI0qyOt
u3jLor71LgVCFQHu7wX37rhtinvNdBQ0wK1HFExv+bT19+shW6D2hRYcFvOz3Xku
CeAadjNRDw==
-----END CERTIFICATE-----