Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333330303a3a2f34302d3430203d3e20323134393637.roa
File:                     326131343a3763303a333330303a3a2f34302d3430203d3e20323134393637.roa (raw, json)
Hash identifier:          TL/lYRU+mSmfAhvl1k8e0qOJ2d5HYaQgoxAKYWhyFhg=
Subject key identifier:   B1:55:ED:14:26:16:B6:10:C5:97:4E:77:44:09:C4:FC:63:EF:07:F5
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       7F206EEDCDDCF9C2B9B7C18E336396EA39244C85
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333330303a3a2f34302d3430203d3e20323134393637.roa
Signing time:             Tue 28 May 2024 15:00:57 +0000
ROA not before:           Tue 28 May 2024 14:55:57 +0000
ROA not after:            Tue 27 May 2025 15:00:57 +0000
asID:                     214967
IP address blocks:        2a14:7c0:3300::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:20:6e:ed:cd:dc:f9:c2:b9:b7:c1:8e:33:63:96:ea:39:24:4c:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 14:55:57 2024 GMT
            Not After : May 27 15:00:57 2025 GMT
        Subject: CN=B155ED142616B610C5974E774409C4FC63EF07F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f5:18:4f:a4:bd:8b:d1:1b:9b:d8:a3:83:b5:
                    32:0e:06:f1:8c:4a:65:f8:5b:4d:4f:37:5b:c6:dc:
                    da:c8:b5:95:65:69:b7:17:02:07:73:a4:ea:6a:b5:
                    7e:ec:e0:8a:10:13:d0:14:cd:37:40:5a:7c:49:40:
                    8d:75:b9:7f:29:bb:37:59:69:5f:c2:fa:cd:ae:73:
                    c5:6b:26:3f:39:60:6d:a2:05:b0:53:ad:9c:ae:9a:
                    64:0c:35:56:a6:76:e2:d2:57:9b:a5:ad:09:87:68:
                    77:f2:43:df:ec:48:93:ef:71:d4:fc:0a:ea:4b:5d:
                    10:d5:f0:04:78:c3:ea:20:cf:3c:61:81:d2:ec:ee:
                    8c:a5:d5:ad:d5:f7:e6:a0:32:70:1f:18:71:0d:82:
                    da:68:71:a3:bb:c5:d3:cd:dc:1f:ed:07:65:44:eb:
                    8e:8b:c0:85:e8:cf:5d:cb:09:d2:3d:3d:08:02:af:
                    6e:6a:0d:5d:58:57:c9:fe:74:e5:4c:ec:82:cf:12:
                    ae:fb:e3:06:a3:cb:f6:38:eb:24:29:38:e1:81:95:
                    e7:12:8f:a3:5c:2e:23:0f:88:c2:8d:6f:a6:9f:fe:
                    87:74:47:26:9a:88:39:f2:7b:d0:68:30:8f:5f:d5:
                    a7:9f:78:7f:fe:d8:04:db:75:6a:a2:60:02:5c:87:
                    9e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:55:ED:14:26:16:B6:10:C5:97:4E:77:44:09:C4:FC:63:EF:07:F5
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333330303a3a2f34302d3430203d3e20323134393637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:3300::/40

    Signature Algorithm: sha256WithRSAEncryption
         15:2e:35:ae:f0:5f:ec:a9:a8:16:2a:5e:f9:ea:30:05:c4:94:
         40:08:35:e0:fc:30:21:99:6b:73:cb:cf:05:43:9b:85:af:b0:
         c3:92:9c:c6:ed:f7:62:09:20:81:b3:7c:d7:3e:2b:83:24:50:
         dd:d4:3a:c8:d3:63:28:4b:31:2d:ae:9c:cb:b9:c0:0d:69:5c:
         76:11:bf:64:12:c0:5f:7c:42:cd:de:e5:c1:b9:44:04:dd:84:
         ed:ea:38:46:9f:b5:b6:1b:1e:dc:6e:a7:d0:d2:c8:05:b9:77:
         ba:b5:ea:18:64:c8:bb:cf:03:3f:2b:97:9d:ba:be:bc:92:a0:
         53:88:49:fc:5b:e7:d1:3e:7c:05:8d:bf:9a:0a:25:57:c3:85:
         5a:d0:9b:aa:f3:81:0b:6f:e9:ca:72:88:8c:12:7e:7b:c6:ce:
         2d:ee:7a:df:ec:bc:fc:00:37:bd:73:a6:03:d5:69:e8:4b:d7:
         9a:ca:2d:cd:a1:21:b8:45:19:12:2c:99:93:66:1e:d2:b6:53:
         d8:c6:63:cb:e3:4b:9e:81:67:5b:3b:a7:05:cb:af:ef:c1:31:
         f9:82:76:5f:08:75:f8:d8:25:72:34:4c:14:9d:14:31:a4:5e:
         22:e0:1f:4d:3a:4e:85:c1:a9:89:d4:44:f1:05:bd:d5:df:25:
         a4:ab:44:f6
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUfyBu7c3c+cK5t8GOM2OW6jkkTIUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNDU1NTdaFw0yNTA1MjcxNTAwNTdaMDMxMTAvBgNV
BAMTKEIxNTVFRDE0MjYxNkI2MTBDNTk3NEU3NzQ0MDlDNEZDNjNFRjA3RjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCS9RhPpL2L0Rub2KODtTIOBvGM
SmX4W01PN1vG3NrItZVlabcXAgdzpOpqtX7s4IoQE9AUzTdAWnxJQI11uX8puzdZ
aV/C+s2uc8VrJj85YG2iBbBTrZyummQMNVamduLSV5ulrQmHaHfyQ9/sSJPvcdT8
CupLXRDV8AR4w+ogzzxhgdLs7oyl1a3V9+agMnAfGHENgtpocaO7xdPN3B/tB2VE
646LwIXoz13LCdI9PQgCr25qDV1YV8n+dOVM7ILPEq774wajy/Y46yQpOOGBlecS
j6NcLiMPiMKNb6af/od0RyaaiDnye9BoMI9f1aefeH/+2ATbdWqiYAJch55nAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUsVXtFCYWthDFl053RAnE/GPvB/UwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzMzMzMwMzAzYTNhMmYzNDMwMmQzNDMwMjAzZDNlMjAzMjMxMzQzOTM2
Mzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfAMzANBgkqhkiG9w0BAQsFAAOCAQEAFS41rvBf7Kmo
Fipe+eowBcSUQAg14PwwIZlrc8vPBUObha+ww5Kcxu33YgkggbN81z4rgyRQ3dQ6
yNNjKEsxLa6cy7nADWlcdhG/ZBLAX3xCzd7lwblEBN2E7eo4Rp+1thse3G6n0NLI
Bbl3urXqGGTIu88DPyuXnbq+vJKgU4hJ/Fvn0T58BY2/mgolV8OFWtCbqvOBC2/p
ynKIjBJ+e8bOLe563+y8/AA3vXOmA9Vp6EvXmsotzaEhuEUZEiyZk2Ye0rZT2MZj
y+NLnoFnWzunBcuv78Ex+YJ2Xwh1+NglcjRMFJ0UMaReIuAfTTpOhcGpidRE8QW9
1d8lpKtE9g==
-----END CERTIFICATE-----