Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a33303a3a2f34342d3438203d3e20323135343230.roa
File:                     326131343a3763303a33303a3a2f34342d3438203d3e20323135343230.roa (raw, json)
Hash identifier:          s9ZaEAD8OFcTT7p/CD9280LXGRqWOIPhD87sgFos4yM=
Subject key identifier:   36:CD:BC:6C:28:50:29:16:5B:CF:1B:B4:AA:1F:9C:56:8D:35:5D:7F
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       1534DD857C71F051422FE273A359F15B08F0609F
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a33303a3a2f34342d3438203d3e20323135343230.roa
Signing time:             Sat 08 Jun 2024 16:24:55 +0000
ROA not before:           Sat 08 Jun 2024 16:19:55 +0000
ROA not after:            Sat 07 Jun 2025 16:24:55 +0000
asID:                     215420
IP address blocks:        2a14:7c0:30::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:34:dd:85:7c:71:f0:51:42:2f:e2:73:a3:59:f1:5b:08:f0:60:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Jun  8 16:19:55 2024 GMT
            Not After : Jun  7 16:24:55 2025 GMT
        Subject: CN=36CDBC6C285029165BCF1BB4AA1F9C568D355D7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:02:5d:1d:26:0e:7c:62:d5:95:de:1d:f3:04:
                    86:42:f2:f6:b1:81:30:fb:64:1f:d7:00:98:cb:62:
                    55:c6:25:9d:7b:d4:ad:fd:12:69:05:69:2b:3b:92:
                    06:a0:a3:09:69:73:84:1e:0b:e5:9b:d5:ac:45:25:
                    3c:a6:03:14:59:cd:20:0b:48:b5:9e:d7:8c:8b:df:
                    78:f2:aa:bd:6b:36:3d:9f:24:58:0a:3d:39:d2:85:
                    ef:37:48:ed:73:d2:35:75:8c:e7:03:6a:f1:8b:df:
                    c0:4b:85:25:c0:a8:26:1c:88:37:62:87:bd:ea:89:
                    76:ab:15:04:e0:12:70:dd:7c:a4:5b:87:76:da:46:
                    a3:d2:8e:79:b2:22:d2:a1:0a:ae:79:c7:40:dc:10:
                    2f:cc:e3:43:3c:82:35:e4:77:13:bd:42:e0:c6:06:
                    8c:fa:00:17:d1:44:74:0e:cc:3d:cc:57:dc:3d:85:
                    2c:37:44:b7:e4:44:41:ec:2e:86:93:d0:82:fb:e3:
                    40:c1:43:71:c9:da:30:3e:ab:2d:f3:89:ab:d8:d1:
                    f8:60:95:c9:9a:ea:19:32:2a:64:19:94:74:4e:2e:
                    e3:52:d6:56:5b:1c:88:ef:65:a0:70:dc:82:d3:54:
                    82:e4:54:96:64:8c:9d:5b:de:99:0a:ab:2e:8a:cc:
                    67:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:CD:BC:6C:28:50:29:16:5B:CF:1B:B4:AA:1F:9C:56:8D:35:5D:7F
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a33303a3a2f34342d3438203d3e20323135343230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:30::/44

    Signature Algorithm: sha256WithRSAEncryption
         46:f5:13:80:90:a9:59:5f:e7:21:d4:01:4b:24:45:1c:26:0a:
         b9:6b:9c:92:72:70:69:20:15:3e:bb:21:42:25:0a:0e:ab:43:
         d1:d9:d6:01:a6:ea:f8:85:67:6c:e3:bd:67:79:62:cd:29:66:
         e5:cf:6f:54:2b:a5:3e:62:50:f0:c7:e4:3a:e4:a7:ad:df:28:
         b8:98:78:67:5d:67:ad:2c:15:92:4f:e6:ad:bd:44:1c:c2:c0:
         80:8c:04:fb:e5:b9:03:88:58:1f:fb:f7:13:f5:39:e9:7a:11:
         22:8c:87:b4:38:f2:72:4a:42:e1:48:bf:b4:ba:85:9e:94:dc:
         7d:1a:b7:47:70:3a:75:ba:39:b3:6c:f4:31:56:d5:27:03:64:
         0a:90:56:bf:d6:6c:27:66:e3:76:83:9b:87:b1:30:75:b1:c4:
         15:ec:5b:dd:8f:ea:82:0f:b3:e7:19:b7:10:9f:01:8c:ec:0f:
         8c:5e:0d:13:71:6c:6e:16:49:04:12:8e:e8:db:71:e4:ba:03:
         95:c3:05:4c:cb:57:7e:68:84:c9:95:d9:b4:ff:08:e0:a3:d8:
         3e:ec:40:30:b5:bb:45:96:b0:d2:51:9b:1f:25:6d:3d:f5:74:
         39:a2:c4:7f:90:3a:46:cd:9e:5e:6d:3d:24:bc:58:1d:23:a5:
         c2:3f:9c:f4
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUFTTdhXxx8FFCL+Jzo1nxWwjwYJ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA2MDgxNjE5NTVaFw0yNTA2MDcxNjI0NTVaMDMxMTAvBgNV
BAMTKDM2Q0RCQzZDMjg1MDI5MTY1QkNGMUJCNEFBMUY5QzU2OEQzNTVEN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUAl0dJg58YtWV3h3zBIZC8vax
gTD7ZB/XAJjLYlXGJZ171K39EmkFaSs7kgagowlpc4QeC+Wb1axFJTymAxRZzSAL
SLWe14yL33jyqr1rNj2fJFgKPTnShe83SO1z0jV1jOcDavGL38BLhSXAqCYciDdi
h73qiXarFQTgEnDdfKRbh3baRqPSjnmyItKhCq55x0DcEC/M40M8gjXkdxO9QuDG
Boz6ABfRRHQOzD3MV9w9hSw3RLfkREHsLoaT0IL740DBQ3HJ2jA+qy3ziavY0fhg
lcma6hkyKmQZlHROLuNS1lZbHIjvZaBw3ILTVILkVJZkjJ1b3pkKqy6KzGe1AgMB
AAGjggHqMIIB5jAdBgNVHQ4EFgQUNs28bChQKRZbzxu0qh+cVo01XX8wHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBhQYIKwYBBQUHAQsEeTB3MHUGCCsGAQUFBzALhmlyc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzMzMDNhM2EyZjM0MzQyZDM0MzgyMDNkM2UyMDMyMzEzNTM0MzIzMC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHBCoUB8AAMDANBgkqhkiG9w0BAQsFAAOCAQEARvUTgJCpWV/nIdQB
SyRFHCYKuWucknJwaSAVPrshQiUKDqtD0dnWAabq+IVnbOO9Z3lizSlm5c9vVCul
PmJQ8MfkOuSnrd8ouJh4Z11nrSwVkk/mrb1EHMLAgIwE++W5A4hYH/v3E/U56XoR
IoyHtDjyckpC4Ui/tLqFnpTcfRq3R3A6dbo5s2z0MVbVJwNkCpBWv9ZsJ2bjdoOb
h7EwdbHEFexb3Y/qgg+z5xm3EJ8BjOwPjF4NE3FsbhZJBBKO6Ntx5LoDlcMFTMtX
fmiEyZXZtP8I4KPYPuxAMLW7RZaw0lGbHyVtPfV0OaLEf5A6Rs2eXm09JLxYHSOl
wj+c9A==
-----END CERTIFICATE-----