Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a363230303a3a2f33392d3438203d3e20313939303532.roa
File:                     326131343a3763303a363230303a3a2f33392d3438203d3e20313939303532.roa (raw, json)
Hash identifier:          6kBLxaEw7M7WyIp2Ie/PklBTzujhzrY5FnlFJNC7YRo=
Subject key identifier:   8B:63:9F:F9:51:B0:21:96:E6:CA:D4:AF:C0:24:DE:C4:39:FB:D7:41
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       37A2604AB259F0736754D4CFA74D54FFE287EE1D
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a363230303a3a2f33392d3438203d3e20313939303532.roa
Signing time:             Wed 28 Aug 2024 10:59:15 +0000
ROA not before:           Wed 28 Aug 2024 10:54:15 +0000
ROA not after:            Wed 27 Aug 2025 10:59:15 +0000
asID:                     199052
IP address blocks:        2a14:7c0:6200::/39 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:a2:60:4a:b2:59:f0:73:67:54:d4:cf:a7:4d:54:ff:e2:87:ee:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Aug 28 10:54:15 2024 GMT
            Not After : Aug 27 10:59:15 2025 GMT
        Subject: CN=8B639FF951B02196E6CAD4AFC024DEC439FBD741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:6f:fa:fc:36:3a:c1:47:e6:da:c3:4f:68:a3:
                    78:21:de:4a:f5:39:b2:9a:fd:69:93:30:fc:2d:f0:
                    1b:59:a3:41:2e:3e:e7:06:76:fc:79:4e:84:58:11:
                    50:a2:92:a9:1a:9c:7d:0b:b0:c3:a8:8e:1d:70:03:
                    c2:dc:1e:17:55:73:5c:05:20:2e:02:65:ac:ef:03:
                    5b:3d:a0:45:b2:80:33:e2:f1:bb:96:df:13:97:fc:
                    8f:75:83:b7:51:d9:64:30:ef:ee:dc:d0:40:cd:84:
                    40:6e:2c:81:cf:25:ed:a2:84:20:49:4b:e8:98:c4:
                    06:73:63:cd:50:89:75:c8:b9:dd:f1:02:f4:cd:58:
                    ff:84:be:e5:71:6a:7d:07:12:38:f8:f0:69:f2:82:
                    44:99:11:8d:ac:be:e6:c6:b3:93:49:16:42:cf:54:
                    3b:bb:63:2c:65:6c:93:ba:9f:0b:a1:87:03:44:29:
                    85:60:05:28:ac:70:7f:bb:a3:e5:b8:78:48:9d:69:
                    84:1e:cd:33:68:06:73:d0:ca:76:07:cf:ef:53:13:
                    0a:8d:e1:e6:dc:2d:36:1c:ea:4e:0b:83:1d:f4:3d:
                    6e:bb:cb:02:d6:5d:52:85:0e:34:06:d8:cf:9e:90:
                    fa:d8:6b:e1:d2:62:1b:90:da:63:ca:6c:e9:a0:4a:
                    40:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:63:9F:F9:51:B0:21:96:E6:CA:D4:AF:C0:24:DE:C4:39:FB:D7:41
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a363230303a3a2f33392d3438203d3e20313939303532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:6200::/39

    Signature Algorithm: sha256WithRSAEncryption
         25:14:dd:49:84:c6:e6:96:54:2e:93:d6:21:c0:c4:52:23:a8:
         c5:d8:e7:04:eb:51:d0:39:af:bb:13:68:01:38:e4:16:a5:f3:
         45:bb:7c:96:79:81:37:8d:54:09:92:68:1b:ef:dc:f1:ec:8c:
         ff:55:0b:23:7e:c1:53:bd:8e:4e:19:ca:7e:1b:6f:36:42:59:
         2e:79:24:c2:b1:7a:5b:52:2e:53:b3:1c:74:f5:be:4f:15:b0:
         03:51:18:63:aa:17:a0:f6:76:5d:ad:ff:52:73:e8:65:09:5f:
         40:a9:71:42:eb:f7:23:9e:9e:12:f5:77:7a:dd:62:bf:27:35:
         83:53:19:3e:38:b1:bf:4e:cd:24:4d:86:06:cd:7a:1a:3b:f9:
         9e:16:da:e5:00:3a:78:1e:d8:d5:ae:a4:94:23:24:ee:60:4d:
         73:35:7a:6e:2f:47:df:41:9b:1b:67:84:a3:98:8f:a4:5a:12:
         a9:2d:db:6a:cd:2e:f5:cb:c9:ff:99:1a:2a:9b:e5:c3:2b:4d:
         ae:c5:fe:40:11:26:52:6b:e3:7b:ec:01:c8:a3:70:9d:9c:ca:
         48:3e:5f:af:59:49:3f:0e:ac:94:b9:b0:4e:da:c6:53:7c:91:
         19:2c:3e:85:9e:9b:44:fe:19:84:41:52:9c:b8:50:de:71:06:
         28:94:11:70
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUN6JgSrJZ8HNnVNTPp01U/+KH7h0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA4MjgxMDU0MTVaFw0yNTA4MjcxMDU5MTVaMDMxMTAvBgNV
BAMTKDhCNjM5RkY5NTFCMDIxOTZFNkNBRDRBRkMwMjRERUM0MzlGQkQ3NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSb/r8NjrBR+baw09oo3gh3kr1
ObKa/WmTMPwt8BtZo0EuPucGdvx5ToRYEVCikqkanH0LsMOojh1wA8LcHhdVc1wF
IC4CZazvA1s9oEWygDPi8buW3xOX/I91g7dR2WQw7+7c0EDNhEBuLIHPJe2ihCBJ
S+iYxAZzY81QiXXIud3xAvTNWP+EvuVxan0HEjj48GnygkSZEY2svubGs5NJFkLP
VDu7YyxlbJO6nwuhhwNEKYVgBSiscH+7o+W4eEidaYQezTNoBnPQynYHz+9TEwqN
4ebcLTYc6k4Lgx30PW67ywLWXVKFDjQG2M+ekPrYa+HSYhuQ2mPKbOmgSkBFAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUi2Of+VGwIZbmytSvwCTexDn710EwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzYzMjMwMzAzYTNhMmYzMzM5MmQzNDM4MjAzZDNlMjAzMTM5MzkzMDM1
MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgEqFAfAYjANBgkqhkiG9w0BAQsFAAOCAQEAJRTdSYTG5pZU
LpPWIcDEUiOoxdjnBOtR0DmvuxNoATjkFqXzRbt8lnmBN41UCZJoG+/c8eyM/1UL
I37BU72OThnKfhtvNkJZLnkkwrF6W1IuU7McdPW+TxWwA1EYY6oXoPZ2Xa3/UnPo
ZQlfQKlxQuv3I56eEvV3et1ivyc1g1MZPjixv07NJE2GBs16Gjv5nhba5QA6eB7Y
1a6klCMk7mBNczV6bi9H30GbG2eEo5iPpFoSqS3bas0u9cvJ/5kaKpvlwytNrsX+
QBEmUmvje+wByKNwnZzKSD5fr1lJPw6slLmwTtrGU3yRGSw+hZ6bRP4ZhEFSnLhQ
3nEGKJQRcA==
-----END CERTIFICATE-----