Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a3330303a3a2f34302d3438203d3e20323136303631.roa
File:                     326131343a3763303a3330303a3a2f34302d3438203d3e20323136303631.roa (raw, json)
Hash identifier:          YYbWDP5WaSToaaMiwgdy3ZZrY6SkhBBGBCmBggPh4mg=
Subject key identifier:   24:92:3F:A8:CE:B7:6F:E3:21:C5:57:95:EA:88:5D:BB:A5:24:50:C7
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       0B3701DA3A22BD090278E42F05F21B1D4D340764
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a3330303a3a2f34302d3438203d3e20323136303631.roa
Signing time:             Tue 28 May 2024 15:08:56 +0000
ROA not before:           Tue 28 May 2024 15:03:56 +0000
ROA not after:            Tue 27 May 2025 15:08:56 +0000
asID:                     216061
IP address blocks:        2a14:7c0:300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:37:01:da:3a:22:bd:09:02:78:e4:2f:05:f2:1b:1d:4d:34:07:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 15:03:56 2024 GMT
            Not After : May 27 15:08:56 2025 GMT
        Subject: CN=24923FA8CEB76FE321C55795EA885DBBA52450C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:4f:88:54:75:58:6c:4e:b6:c8:50:54:ca:63:
                    a5:09:a5:91:17:64:54:35:d3:ab:66:4b:d3:34:db:
                    0d:c9:be:fb:02:b6:9b:26:b9:ef:ea:0b:c3:4e:b9:
                    d6:c2:8f:cb:f6:2a:36:3a:f2:95:c0:56:3f:6c:66:
                    57:bc:fd:01:24:0c:2d:77:19:ca:d9:3f:25:18:47:
                    94:f4:af:a1:e0:cb:e6:88:ba:d3:9e:7e:45:de:e9:
                    aa:87:55:45:d6:af:15:88:ec:3d:f5:d8:37:d7:5d:
                    90:33:38:28:5d:8b:73:e5:aa:c4:f2:12:0b:82:91:
                    e0:0c:35:b5:da:cb:67:92:22:54:a5:d5:33:85:e8:
                    98:c0:70:f4:af:94:ae:57:b6:9f:80:a8:ba:71:97:
                    32:f0:35:b3:72:30:3d:82:05:e6:5a:70:73:fb:13:
                    06:db:9b:52:9d:8b:aa:d7:da:27:7b:8a:8c:9f:88:
                    a8:c1:27:0a:6f:bc:0d:1b:95:4c:6d:77:10:3d:ea:
                    93:4d:4d:ae:e9:e4:34:91:2b:ac:f2:e2:d1:b9:50:
                    f2:88:b2:2b:17:a5:69:4e:1e:46:32:1b:fb:00:2a:
                    e3:31:9a:9f:6c:17:68:c8:79:e2:a1:77:df:02:fe:
                    07:20:c1:a2:b1:80:ab:dd:1a:9b:8a:cc:3c:8d:84:
                    e0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:92:3F:A8:CE:B7:6F:E3:21:C5:57:95:EA:88:5D:BB:A5:24:50:C7
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a3330303a3a2f34302d3438203d3e20323136303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         43:69:1f:33:e5:17:cc:e0:80:a9:d9:a5:db:b9:36:3b:b3:93:
         90:50:a1:ff:21:e0:18:a9:a1:b6:f7:47:fa:cf:69:df:00:06:
         ef:1d:25:05:a7:1e:a8:7f:b9:93:fc:53:7b:bf:62:2f:79:ce:
         74:5d:ec:0c:52:24:d0:4f:9e:cb:04:41:3a:53:ca:72:7c:18:
         71:a9:8e:ef:07:c9:9d:cd:9d:48:13:81:69:e7:66:1a:05:7c:
         3e:2a:fa:02:3a:b7:5b:d3:39:55:85:cb:5a:90:76:de:57:23:
         c2:64:93:68:69:00:de:27:36:cc:1c:d6:ab:6e:17:78:e2:59:
         f1:90:aa:3e:f1:fc:78:e5:21:92:33:5a:90:ff:82:e2:55:d6:
         5f:00:e7:eb:0d:5a:13:85:3c:0f:a8:fa:79:9d:04:71:8b:18:
         35:3b:36:8c:54:f9:a3:56:10:b5:11:04:68:01:b0:24:8e:c2:
         17:29:5a:6a:c2:83:6c:78:17:ae:cf:40:2e:64:29:cd:2d:13:
         03:c2:6f:63:32:27:06:3e:a8:d4:a4:ff:1c:30:ce:e4:28:88:
         cc:9e:ee:67:95:8f:38:e4:a6:43:7b:e2:61:e1:5a:fd:b8:2d:
         47:88:d9:50:11:8d:7e:c9:5e:da:f8:47:3e:b9:e0:8e:68:25:
         40:89:4d:08
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUCzcB2joivQkCeOQvBfIbHU00B2QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNTAzNTZaFw0yNTA1MjcxNTA4NTZaMDMxMTAvBgNV
BAMTKDI0OTIzRkE4Q0VCNzZGRTMyMUM1NTc5NUVBODg1REJCQTUyNDUwQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDST4hUdVhsTrbIUFTKY6UJpZEX
ZFQ106tmS9M02w3JvvsCtpsmue/qC8NOudbCj8v2KjY68pXAVj9sZle8/QEkDC13
GcrZPyUYR5T0r6Hgy+aIutOefkXe6aqHVUXWrxWI7D312DfXXZAzOChdi3PlqsTy
EguCkeAMNbXay2eSIlSl1TOF6JjAcPSvlK5Xtp+AqLpxlzLwNbNyMD2CBeZacHP7
Ewbbm1Kdi6rX2id7ioyfiKjBJwpvvA0blUxtdxA96pNNTa7p5DSRK6zy4tG5UPKI
sisXpWlOHkYyG/sAKuMxmp9sF2jIeeKhd98C/gcgwaKxgKvdGpuKzDyNhOCFAgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQUJJI/qM63b+MhxVeV6ohdu6UkUMcwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBhwYIKwYBBQUHAQsEezB5MHcGCCsGAQUFBzALhmtyc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzMzMDMwM2EzYTJmMzQzMDJkMzQzODIwM2QzZTIwMzIzMTM2MzAzNjMx
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIw
EDAOBAIAAjAIAwYAKhQHwAMwDQYJKoZIhvcNAQELBQADggEBAENpHzPlF8zggKnZ
pdu5Njuzk5BQof8h4Bipobb3R/rPad8ABu8dJQWnHqh/uZP8U3u/Yi95znRd7AxS
JNBPnssEQTpTynJ8GHGpju8HyZ3NnUgTgWnnZhoFfD4q+gI6t1vTOVWFy1qQdt5X
I8Jkk2hpAN4nNswc1qtuF3jiWfGQqj7x/HjlIZIzWpD/guJV1l8A5+sNWhOFPA+o
+nmdBHGLGDU7NoxU+aNWELURBGgBsCSOwhcpWmrCg2x4F67PQC5kKc0tEwPCb2My
JwY+qNSk/xwwzuQoiMye7meVjzjkpkN74mHhWv24LUeI2VARjX7JXtr4Rz654I5o
JUCJTQg=
-----END CERTIFICATE-----