Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a633030303a3a2f33352d3438203d3e20323134373831.roa
File:                     326131343a3763303a633030303a3a2f33352d3438203d3e20323134373831.roa (raw, json)
Hash identifier:          ZFkbYSzOMc3prdLoyQK5t1We4rco+4126OgVfPNP+xY=
Subject key identifier:   D1:3B:28:FF:31:E5:29:D8:56:27:B1:9C:77:B6:D7:80:DF:84:43:EA
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       04394557E7DD47B18E6DF1CB3FFA3543567039E7
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a633030303a3a2f33352d3438203d3e20323134373831.roa
Signing time:             Sat 29 Jun 2024 15:33:16 +0000
ROA not before:           Sat 29 Jun 2024 15:28:16 +0000
ROA not after:            Sat 28 Jun 2025 15:33:16 +0000
asID:                     214781
IP address blocks:        2a14:7c0:c000::/35 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:39:45:57:e7:dd:47:b1:8e:6d:f1:cb:3f:fa:35:43:56:70:39:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Jun 29 15:28:16 2024 GMT
            Not After : Jun 28 15:33:16 2025 GMT
        Subject: CN=D13B28FF31E529D85627B19C77B6D780DF8443EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:15:06:24:67:31:a8:4c:05:8e:5a:3d:3f:10:
                    b0:3e:82:b4:02:cf:0c:24:73:6b:d5:5f:12:72:e0:
                    9a:9e:f1:f8:46:0e:2f:e4:f4:65:3d:5b:f0:7a:ed:
                    54:91:8c:f4:55:08:35:4b:68:24:76:09:5f:d0:dd:
                    a0:93:9f:88:41:ee:ce:2c:73:ec:6f:d8:fd:69:3b:
                    0c:eb:52:b4:5e:56:c0:5e:10:71:6f:95:c9:d3:61:
                    8f:0a:21:6c:cb:4f:bc:c6:ad:ec:a3:20:20:fb:20:
                    17:c0:69:1c:75:94:32:95:cd:9a:c9:df:e9:4e:18:
                    c9:ca:c4:05:cc:4b:85:34:68:b1:aa:e6:64:80:87:
                    de:3b:31:7b:5c:8c:c7:1d:d3:d8:cc:5e:ff:be:c3:
                    48:28:04:8e:a4:35:69:a6:14:94:5b:24:70:9c:01:
                    3d:31:60:5f:35:78:82:ba:53:09:76:10:b6:90:1e:
                    73:38:74:3a:db:b3:56:90:c1:62:37:9e:34:7f:e3:
                    02:fa:8e:9c:68:c9:1b:47:82:bf:9a:e2:36:99:51:
                    2d:36:d6:1f:3d:ef:4b:3f:9c:7d:3d:96:41:e7:14:
                    2f:f7:ec:59:9d:1b:ea:5e:c6:e3:60:5a:16:ea:32:
                    cb:5c:d1:ff:76:16:20:63:5b:8c:66:c6:24:66:e8:
                    60:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:3B:28:FF:31:E5:29:D8:56:27:B1:9C:77:B6:D7:80:DF:84:43:EA
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a633030303a3a2f33352d3438203d3e20323134373831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:c000::/35

    Signature Algorithm: sha256WithRSAEncryption
         46:aa:5b:1d:76:81:96:6a:bd:f0:4a:e3:2e:b4:48:71:48:66:
         5c:65:1a:5c:85:6c:9c:60:30:5a:79:70:c0:99:5e:19:7b:6c:
         32:86:b0:0f:6f:f5:23:39:e1:af:f1:27:d6:83:b6:e0:cc:d3:
         a8:7d:ae:eb:19:48:ba:13:99:be:47:69:83:c8:6e:87:f2:67:
         a7:10:6d:b0:ea:1c:03:1a:2d:4a:88:72:e3:83:aa:12:4f:ef:
         5b:9e:16:48:e8:14:40:2d:24:bb:c8:bc:9b:7b:d0:77:a6:6c:
         df:da:38:ea:18:f0:81:38:42:43:5a:23:70:91:2e:6d:0f:5c:
         5a:2c:45:5c:d8:63:1e:04:4f:37:1c:c0:84:9a:97:36:d3:73:
         be:d8:a7:00:de:94:4a:a1:f1:08:c5:d6:d0:40:bb:c1:a0:cc:
         90:d5:21:0d:8b:6b:36:35:d6:c2:57:58:17:80:69:fe:a3:b8:
         aa:4a:4f:fb:e4:f8:cf:f7:d8:ce:dd:61:88:8d:b4:0f:08:f8:
         a9:5c:fc:62:a6:1d:be:01:82:ad:6a:a8:57:bb:56:f0:6f:ec:
         b5:1a:92:9c:e3:c0:2d:31:d5:c6:ed:8e:4a:36:a6:01:77:48:
         98:97:ca:60:d5:e5:00:9e:50:6c:3f:20:f2:d6:5a:10:a6:a2:
         58:72:41:47
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUBDlFV+fdR7GObfHLP/o1Q1ZwOecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA2MjkxNTI4MTZaFw0yNTA2MjgxNTMzMTZaMDMxMTAvBgNV
BAMTKEQxM0IyOEZGMzFFNTI5RDg1NjI3QjE5Qzc3QjZENzgwREY4NDQzRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnFQYkZzGoTAWOWj0/ELA+grQC
zwwkc2vVXxJy4Jqe8fhGDi/k9GU9W/B67VSRjPRVCDVLaCR2CV/Q3aCTn4hB7s4s
c+xv2P1pOwzrUrReVsBeEHFvlcnTYY8KIWzLT7zGreyjICD7IBfAaRx1lDKVzZrJ
3+lOGMnKxAXMS4U0aLGq5mSAh947MXtcjMcd09jMXv++w0goBI6kNWmmFJRbJHCc
AT0xYF81eIK6Uwl2ELaQHnM4dDrbs1aQwWI3njR/4wL6jpxoyRtHgr+a4jaZUS02
1h8970s/nH09lkHnFC/37FmdG+pexuNgWhbqMstc0f92FiBjW4xmxiRm6GDBAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQU0Tso/zHlKdhWJ7Gcd7bXgN+EQ+owHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhNjMzMDMwMzAzYTNhMmYzMzM1MmQzNDM4MjAzZDNlMjAzMjMxMzQzNzM4
MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgUqFAfAwDANBgkqhkiG9w0BAQsFAAOCAQEARqpbHXaBlmq9
8ErjLrRIcUhmXGUaXIVsnGAwWnlwwJleGXtsMoawD2/1Iznhr/En1oO24MzTqH2u
6xlIuhOZvkdpg8huh/JnpxBtsOocAxotSohy44OqEk/vW54WSOgUQC0ku8i8m3vQ
d6Zs39o46hjwgThCQ1ojcJEubQ9cWixFXNhjHgRPNxzAhJqXNtNzvtinAN6USqHx
CMXW0EC7waDMkNUhDYtrNjXWwldYF4Bp/qO4qkpP++T4z/fYzt1hiI20Dwj4qVz8
YqYdvgGCrWqoV7tW8G/stRqSnOPALTHVxu2OSjamAXdImJfKYNXlAJ5QbD8g8tZa
EKaiWHJBRw==
-----END CERTIFICATE-----