Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a346230303a3a2f34302d3438203d3e203434333534.roa
File:                     326131343a3763303a346230303a3a2f34302d3438203d3e203434333534.roa (raw, json)
Hash identifier:          SO8w2ECdibayR1GDDXQFkRM/UH2bjemsVpp5EC7quFI=
Subject key identifier:   9A:AF:3D:9D:FA:19:F8:46:0A:3A:E4:11:74:94:4F:BF:1B:85:F1:D7
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       3CA219EAFA0DBBD688FCCC3C88D94200CA7EFECB
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a346230303a3a2f34302d3438203d3e203434333534.roa
Signing time:             Tue 28 May 2024 14:55:05 +0000
ROA not before:           Tue 28 May 2024 14:50:05 +0000
ROA not after:            Tue 27 May 2025 14:55:05 +0000
asID:                     44354
IP address blocks:        2a14:7c0:4b00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:a2:19:ea:fa:0d:bb:d6:88:fc:cc:3c:88:d9:42:00:ca:7e:fe:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 14:50:05 2024 GMT
            Not After : May 27 14:55:05 2025 GMT
        Subject: CN=9AAF3D9DFA19F8460A3AE41174944FBF1B85F1D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:81:19:17:86:18:0f:cf:13:21:70:ec:94:f5:
                    c3:65:29:84:b7:64:02:36:27:7a:91:89:6d:0c:56:
                    b6:0c:3b:67:ba:9d:3d:85:ee:2f:4b:e6:aa:44:d8:
                    fe:d6:9a:43:8b:1f:96:99:73:52:0a:50:bd:d4:20:
                    07:65:24:1a:00:f8:c3:a6:34:c4:8d:f2:5f:38:12:
                    03:21:32:e8:4a:17:6c:d8:00:ca:ae:57:20:44:7f:
                    80:47:27:cd:53:55:08:51:3b:4f:c3:77:d3:d0:1e:
                    cd:21:27:fd:4f:de:b2:7c:88:83:fb:a0:68:14:95:
                    30:91:50:0b:e2:06:01:f3:b4:53:f8:1b:a6:bd:0e:
                    69:4f:51:2f:fc:4d:c8:6a:ba:a2:11:15:18:4f:dd:
                    e8:46:9d:44:75:7a:f6:d3:ee:9e:6f:5a:4c:d4:92:
                    69:e1:1a:95:03:c5:6c:25:80:fe:88:50:74:4c:18:
                    14:94:b3:7d:84:2c:ef:e8:fc:17:87:8e:67:ed:c0:
                    67:c8:0a:82:db:02:7a:e1:eb:48:7d:dd:e2:d9:1a:
                    0f:44:32:0b:bf:d7:97:c2:3a:ef:e9:c2:53:1e:01:
                    65:30:bc:4a:ef:54:87:05:d1:77:fb:b4:0e:48:98:
                    33:84:74:71:dc:85:14:80:34:f1:5f:53:1b:4a:14:
                    2d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:AF:3D:9D:FA:19:F8:46:0A:3A:E4:11:74:94:4F:BF:1B:85:F1:D7
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a346230303a3a2f34302d3438203d3e203434333534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:4b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         15:49:bf:3f:78:eb:c3:f7:f4:6f:22:ae:35:da:17:a7:32:0e:
         8e:9c:fd:7b:b1:1a:da:9b:4f:2f:f5:cb:bf:9b:23:fe:10:df:
         ba:4f:59:ab:55:2a:61:15:27:2d:04:40:ca:03:48:5c:5f:8b:
         f1:c2:05:99:25:a4:f6:be:74:d1:52:a3:36:6b:6f:2e:1f:7f:
         5f:b9:5b:0a:0a:c5:37:ae:48:6a:7c:9c:48:88:83:9a:d5:8f:
         4e:22:4a:dc:08:7a:c5:6a:72:60:79:90:be:42:6d:47:3c:4b:
         c7:3a:a4:f9:bb:a9:91:7a:70:28:7f:87:b7:33:e9:d5:8d:c4:
         31:2f:11:32:55:de:4f:54:cc:80:b0:86:80:7b:45:f0:07:9c:
         c1:60:6c:e9:38:ae:64:fa:eb:e4:79:e6:ba:9a:ed:41:ba:14:
         bf:91:97:e9:75:f4:5a:c3:00:82:01:38:b8:40:8a:e1:c5:bd:
         6a:6c:31:a5:77:6a:31:e2:b3:3d:56:1a:e5:bd:1b:23:8a:b5:
         bd:87:c7:13:1f:b6:a9:0a:ce:f2:31:aa:c0:c3:dc:9d:36:e7:
         ec:5f:9f:19:d5:00:23:c7:40:94:d4:a4:e8:e8:29:3d:48:96:
         1b:d1:21:97:28:a2:f4:e0:24:c8:c4:29:7c:30:46:4f:df:4f:
         00:1f:57:a2
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUPKIZ6voNu9aI/Mw8iNlCAMp+/sswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNDUwMDVaFw0yNTA1MjcxNDU1MDVaMDMxMTAvBgNV
BAMTKDlBQUYzRDlERkExOUY4NDYwQTNBRTQxMTc0OTQ0RkJGMUI4NUYxRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4gRkXhhgPzxMhcOyU9cNlKYS3
ZAI2J3qRiW0MVrYMO2e6nT2F7i9L5qpE2P7WmkOLH5aZc1IKUL3UIAdlJBoA+MOm
NMSN8l84EgMhMuhKF2zYAMquVyBEf4BHJ81TVQhRO0/Dd9PQHs0hJ/1P3rJ8iIP7
oGgUlTCRUAviBgHztFP4G6a9DmlPUS/8TchquqIRFRhP3ehGnUR1evbT7p5vWkzU
kmnhGpUDxWwlgP6IUHRMGBSUs32ELO/o/BeHjmftwGfICoLbAnrh60h93eLZGg9E
Mgu/15fCOu/pwlMeAWUwvErvVIcF0Xf7tA5ImDOEdHHchRSANPFfUxtKFC3dAgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQUmq89nfoZ+EYKOuQRdJRPvxuF8dcwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBhwYIKwYBBQUHAQsEezB5MHcGCCsGAQUFBzALhmtyc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzQ2MjMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzNDM0MzMzNTM0
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIw
EDAOBAIAAjAIAwYAKhQHwEswDQYJKoZIhvcNAQELBQADggEBABVJvz9468P39G8i
rjXaF6cyDo6c/XuxGtqbTy/1y7+bI/4Q37pPWatVKmEVJy0EQMoDSFxfi/HCBZkl
pPa+dNFSozZrby4ff1+5WwoKxTeuSGp8nEiIg5rVj04iStwIesVqcmB5kL5CbUc8
S8c6pPm7qZF6cCh/h7cz6dWNxDEvETJV3k9UzICwhoB7RfAHnMFgbOk4rmT66+R5
5rqa7UG6FL+Rl+l19FrDAIIBOLhAiuHFvWpsMaV3ajHisz1WGuW9GyOKtb2HxxMf
tqkKzvIxqsDD3J025+xfnxnVACPHQJTUpOjoKT1IlhvRIZcoovTgJMjEKXwwRk/f
TwAfV6I=
-----END CERTIFICATE-----