Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a353430303a3a2f34302d3438203d3e20323134383334.roa
File:                     326131343a3763303a353430303a3a2f34302d3438203d3e20323134383334.roa (raw, json)
Hash identifier:          0ETDMh0giFGG24tj3i7iYO26cx2UCmRTDMTJRazaqlA=
Subject key identifier:   CA:16:16:DB:DD:D8:57:D4:7E:91:9B:26:46:6B:3B:64:64:25:83:93
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       6712EEDD8BB23A1CCA3A9B200D27301270E9D431
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a353430303a3a2f34302d3438203d3e20323134383334.roa
Signing time:             Sat 03 Aug 2024 20:16:10 +0000
ROA not before:           Sat 03 Aug 2024 20:11:10 +0000
ROA not after:            Sat 02 Aug 2025 20:16:10 +0000
asID:                     214834
IP address blocks:        2a14:7c0:5400::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:12:ee:dd:8b:b2:3a:1c:ca:3a:9b:20:0d:27:30:12:70:e9:d4:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Aug  3 20:11:10 2024 GMT
            Not After : Aug  2 20:16:10 2025 GMT
        Subject: CN=CA1616DBDDD857D47E919B26466B3B6464258393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b7:72:62:07:b5:93:34:98:7b:9d:03:21:0d:
                    2f:19:fb:6e:6f:57:1c:c9:97:b0:08:19:bd:07:cc:
                    04:61:99:7d:d1:37:51:49:fa:12:b2:30:6b:97:c3:
                    de:09:6d:ea:10:3a:d3:1e:b9:31:8c:8c:77:ad:4b:
                    d8:66:c0:5e:bc:5a:63:d6:d3:2b:53:c8:38:f8:18:
                    2c:d9:73:10:15:00:23:ef:50:c3:e6:d9:37:c9:f9:
                    f2:f5:db:ab:25:fa:02:e0:77:f3:e1:d4:bc:47:b6:
                    2c:60:22:79:4d:7f:0b:3f:cd:99:87:49:bc:07:03:
                    be:62:58:fe:4b:35:60:2a:7a:8e:f3:7a:a9:81:0a:
                    ef:bb:82:2a:2c:e7:19:bb:fa:c5:a3:fd:a7:14:66:
                    2a:42:e1:dd:00:21:1d:40:44:5b:ca:3d:78:87:0e:
                    fb:da:b8:88:64:7b:a7:2f:e0:6a:75:40:7c:fd:b9:
                    a7:99:e3:8a:ae:ed:1f:c2:51:96:ab:b2:e6:a6:d0:
                    49:f8:2c:e5:6a:38:47:a5:e8:d4:b8:3e:80:ea:1d:
                    84:ed:a3:77:14:38:28:3b:c8:5b:60:e7:2e:42:35:
                    77:bf:1e:24:20:01:9a:1d:21:16:2e:cb:5b:ba:cc:
                    b1:ed:dc:f7:a0:ad:85:5d:e1:0d:57:fe:95:32:d4:
                    f1:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:16:16:DB:DD:D8:57:D4:7E:91:9B:26:46:6B:3B:64:64:25:83:93
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a353430303a3a2f34302d3438203d3e20323134383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:5400::/40

    Signature Algorithm: sha256WithRSAEncryption
         90:61:b9:69:ae:b3:fc:26:d4:f1:39:8b:66:57:86:7b:88:26:
         6b:2d:e0:1d:b1:47:d3:95:67:56:2c:e2:a3:65:4b:2d:89:b9:
         a2:39:bb:cf:28:ca:a6:ee:d0:95:8f:b7:6e:da:6b:f1:2d:c2:
         c7:30:b5:fa:3a:40:2e:99:b6:d6:85:23:e4:af:bd:89:d5:fd:
         be:0e:62:3c:fa:0d:26:0b:12:79:13:5b:d6:34:df:10:64:30:
         b5:c1:da:c7:f7:cd:87:bf:20:65:fa:b9:2e:6c:a6:55:46:79:
         63:c2:a7:0a:5c:ef:91:42:48:a3:38:c9:41:21:ab:44:fe:38:
         73:4c:d4:12:47:62:60:6d:c1:2f:62:76:f7:b7:ce:df:6c:18:
         99:c4:1c:b4:b4:80:b0:c7:9d:42:b1:3a:d8:6f:65:df:ed:b1:
         4f:e0:99:6b:dd:22:43:30:6f:cc:da:c8:de:99:04:03:d7:42:
         01:30:94:43:e6:ca:26:9b:50:5e:bf:eb:30:23:f6:02:b9:fe:
         58:24:c1:22:18:71:87:10:f8:58:52:47:cc:bf:45:66:01:ac:
         1d:fa:8d:58:65:dc:5a:77:a4:7d:11:25:05:fa:bb:60:7c:a6:
         51:6f:ea:73:d0:98:5e:1f:a6:a7:9f:52:b3:4a:53:bc:ba:36:
         4d:71:e3:81
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUZxLu3YuyOhzKOpsgDScwEnDp1DEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA4MDMyMDExMTBaFw0yNTA4MDIyMDE2MTBaMDMxMTAvBgNV
BAMTKENBMTYxNkRCREREODU3RDQ3RTkxOUIyNjQ2NkIzQjY0NjQyNTgzOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkt3JiB7WTNJh7nQMhDS8Z+25v
VxzJl7AIGb0HzARhmX3RN1FJ+hKyMGuXw94JbeoQOtMeuTGMjHetS9hmwF68WmPW
0ytTyDj4GCzZcxAVACPvUMPm2TfJ+fL126sl+gLgd/Ph1LxHtixgInlNfws/zZmH
SbwHA75iWP5LNWAqeo7zeqmBCu+7gios5xm7+sWj/acUZipC4d0AIR1ARFvKPXiH
DvvauIhke6cv4Gp1QHz9uaeZ44qu7R/CUZarsuam0En4LOVqOEel6NS4PoDqHYTt
o3cUOCg7yFtg5y5CNXe/HiQgAZodIRYuy1u6zLHt3PegrYVd4Q1X/pUy1PG5AgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUyhYW293YV9R+kZsmRms7ZGQlg5MwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzUzNDMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMxMzQzODMz
MzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfAVDANBgkqhkiG9w0BAQsFAAOCAQEAkGG5aa6z/CbU
8TmLZleGe4gmay3gHbFH05VnVizio2VLLYm5ojm7zyjKpu7QlY+3btpr8S3CxzC1
+jpALpm21oUj5K+9idX9vg5iPPoNJgsSeRNb1jTfEGQwtcHax/fNh78gZfq5Lmym
VUZ5Y8KnClzvkUJIozjJQSGrRP44c0zUEkdiYG3BL2J297fO32wYmcQctLSAsMed
QrE62G9l3+2xT+CZa90iQzBvzNrI3pkEA9dCATCUQ+bKJptQXr/rMCP2Arn+WCTB
IhhxhxD4WFJHzL9FZgGsHfqNWGXcWnekfRElBfq7YHymUW/qc9CYXh+mp59Ss0pT
vLo2TXHjgQ==
-----END CERTIFICATE-----