Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a363330303a3a2f34302d3438203d3e20323134363936.roa
File:                     326131343a3763303a363330303a3a2f34302d3438203d3e20323134363936.roa (raw, json)
Hash identifier:          xpDK5zUkbCUOPQPsaa51hwsEANdLYk/edhmJ1LDPL9c=
Subject key identifier:   95:50:55:E8:BB:B5:31:32:FD:D5:67:EF:1A:7D:C5:86:B0:25:E1:56
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       1B650A93B5F9707BD456D1030906B76F1AAF6BDA
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a363330303a3a2f34302d3438203d3e20323134363936.roa
Signing time:             Sat 15 Jun 2024 11:47:47 +0000
ROA not before:           Sat 15 Jun 2024 11:42:47 +0000
ROA not after:            Sat 14 Jun 2025 11:47:47 +0000
asID:                     214696
IP address blocks:        2a14:7c0:6300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:65:0a:93:b5:f9:70:7b:d4:56:d1:03:09:06:b7:6f:1a:af:6b:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Jun 15 11:42:47 2024 GMT
            Not After : Jun 14 11:47:47 2025 GMT
        Subject: CN=955055E8BBB53132FDD567EF1A7DC586B025E156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0b:c7:f3:65:00:32:a3:53:94:df:ca:bb:17:
                    98:58:d3:54:a6:ab:46:26:5b:27:20:97:56:25:53:
                    bb:66:a3:46:90:d9:8f:e4:bc:9d:1c:bd:4e:40:a1:
                    b4:66:f4:85:a4:2d:e6:41:fc:6d:03:85:d9:62:bc:
                    d1:af:2a:46:40:d9:dc:90:5b:9b:c0:dc:66:8b:9c:
                    31:49:87:42:f7:15:6f:3c:bf:d8:d1:42:05:7a:10:
                    35:4f:cb:ea:76:1c:cf:f8:c5:53:82:c9:34:05:3e:
                    7d:31:7d:51:04:73:10:52:e7:c8:1f:91:3f:9d:19:
                    c5:10:57:37:4a:39:f3:d1:3a:c0:1b:88:c1:b1:90:
                    dc:ba:0f:f2:91:df:a8:2a:29:bd:95:91:86:86:74:
                    c5:f8:95:77:bd:cf:5b:80:ac:8d:37:19:6e:ae:73:
                    e7:7a:e1:6e:77:44:0d:b8:48:41:52:4a:d1:c7:2e:
                    ce:45:b8:9b:ee:dc:71:30:fd:71:3b:fb:8e:5b:a5:
                    e1:92:1b:c7:34:10:53:63:db:38:34:93:a1:7f:28:
                    12:76:24:cd:ed:e6:57:69:d3:01:98:bc:3d:1f:1b:
                    de:2f:fd:20:e7:50:ec:20:ca:28:22:bd:e8:80:5b:
                    a9:d1:a1:10:36:3d:68:67:4c:d5:54:24:56:ee:4c:
                    f9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:50:55:E8:BB:B5:31:32:FD:D5:67:EF:1A:7D:C5:86:B0:25:E1:56
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a363330303a3a2f34302d3438203d3e20323134363936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:6300::/40

    Signature Algorithm: sha256WithRSAEncryption
         5a:45:4c:a7:83:07:1a:4c:e2:a0:03:24:5a:51:af:bd:89:21:
         68:ca:d9:86:8f:9c:a8:7f:9d:87:c9:57:24:4d:f8:ae:f2:78:
         5f:07:58:07:40:f1:d2:a7:8c:09:00:0c:b0:d6:9c:df:f8:b4:
         30:17:0a:01:1d:83:ac:eb:db:82:37:ad:35:f7:a8:31:f9:a6:
         a3:87:5b:ab:d8:59:1e:3a:16:7c:0e:9b:61:81:47:89:6d:f6:
         3b:ee:fd:14:36:cb:e9:97:b7:e9:1f:37:95:e5:41:0e:cf:40:
         d0:32:ad:f9:00:e7:dc:d0:4b:9a:bb:ac:90:5e:d1:bb:8e:2d:
         ab:8a:45:4b:e2:aa:03:7d:12:81:02:3b:0e:8d:6f:48:b0:ab:
         02:01:b4:b9:54:3d:3c:77:32:58:be:d7:98:36:c2:70:26:6c:
         a6:07:d1:fc:58:fc:81:10:58:34:3b:98:c8:d2:19:a7:f2:5c:
         1d:12:44:af:09:f6:cb:3a:01:15:6e:f2:88:94:53:29:12:76:
         0e:c5:80:5c:6d:52:57:d4:39:3f:2d:93:9b:00:da:3d:68:8f:
         2c:6c:c4:65:3f:c3:23:35:5d:dd:36:cc:bb:c6:ab:31:d4:30:
         ec:62:8b:7a:07:a5:0b:af:9d:d0:73:48:dd:d3:57:0b:80:3d:
         ef:2b:fb:69
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUG2UKk7X5cHvUVtEDCQa3bxqva9owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA2MTUxMTQyNDdaFw0yNTA2MTQxMTQ3NDdaMDMxMTAvBgNV
BAMTKDk1NTA1NUU4QkJCNTMxMzJGREQ1NjdFRjFBN0RDNTg2QjAyNUUxNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/C8fzZQAyo1OU38q7F5hY01Sm
q0YmWycgl1YlU7tmo0aQ2Y/kvJ0cvU5AobRm9IWkLeZB/G0DhdlivNGvKkZA2dyQ
W5vA3GaLnDFJh0L3FW88v9jRQgV6EDVPy+p2HM/4xVOCyTQFPn0xfVEEcxBS58gf
kT+dGcUQVzdKOfPROsAbiMGxkNy6D/KR36gqKb2VkYaGdMX4lXe9z1uArI03GW6u
c+d64W53RA24SEFSStHHLs5FuJvu3HEw/XE7+45bpeGSG8c0EFNj2zg0k6F/KBJ2
JM3t5ldp0wGYvD0fG94v/SDnUOwgyigiveiAW6nRoRA2PWhnTNVUJFbuTPmLAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUlVBV6Lu1MTL91WfvGn3FhrAl4VYwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzYzMzMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMxMzQzNjM5
MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfAYzANBgkqhkiG9w0BAQsFAAOCAQEAWkVMp4MHGkzi
oAMkWlGvvYkhaMrZho+cqH+dh8lXJE34rvJ4XwdYB0Dx0qeMCQAMsNac3/i0MBcK
AR2DrOvbgjetNfeoMfmmo4dbq9hZHjoWfA6bYYFHiW32O+79FDbL6Ze36R83leVB
Ds9A0DKt+QDn3NBLmruskF7Ru44tq4pFS+KqA30SgQI7Do1vSLCrAgG0uVQ9PHcy
WL7XmDbCcCZspgfR/Fj8gRBYNDuYyNIZp/JcHRJErwn2yzoBFW7yiJRTKRJ2DsWA
XG1SV9Q5Py2TmwDaPWiPLGzEZT/DIzVd3TbMu8arMdQw7GKLegelC6+d0HNI3dNX
C4A97yv7aQ==
-----END CERTIFICATE-----