Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763313a3a2f33322d3438203d3e20323135353331.roa
File:                     326131343a3763313a3a2f33322d3438203d3e20323135353331.roa (raw, json)
Hash identifier:          tm68roAkXVlkPsliW4C5ML6cMv7LE12f8CVoZ91ALeI=
Subject key identifier:   E1:63:41:88:8B:C8:44:08:7C:0D:72:CC:95:A3:A2:36:4D:43:EE:2C
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       7BF666D7EED5E7DB40398820E9456214124ECFD6
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763313a3a2f33322d3438203d3e20323135353331.roa
Signing time:             Tue 28 May 2024 15:07:11 +0000
ROA not before:           Tue 28 May 2024 15:02:11 +0000
ROA not after:            Tue 27 May 2025 15:07:11 +0000
asID:                     215531
IP address blocks:        2a14:7c1::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:f6:66:d7:ee:d5:e7:db:40:39:88:20:e9:45:62:14:12:4e:cf:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 15:02:11 2024 GMT
            Not After : May 27 15:07:11 2025 GMT
        Subject: CN=E16341888BC844087C0D72CC95A3A2364D43EE2C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bc:6b:63:f2:aa:27:6f:96:00:dd:10:5d:f9:
                    e0:d4:ff:24:78:94:78:47:93:23:97:24:30:ea:e3:
                    5c:58:25:45:14:3c:31:fe:c1:8b:9c:aa:8d:bb:b0:
                    37:bc:4a:66:8f:c2:5c:d2:6d:10:06:59:84:4d:07:
                    f8:36:77:84:23:af:1c:bc:49:6a:3c:9d:68:5d:d8:
                    bb:ca:57:d0:d0:21:3e:f2:4a:2c:78:f7:22:e3:17:
                    62:f9:b8:ef:36:ef:ae:0a:7f:60:05:2f:f2:cc:1f:
                    4c:f1:94:a5:72:56:ee:a4:55:59:05:f9:66:17:88:
                    89:65:c2:2b:f8:29:0b:93:a7:71:da:e4:7b:1e:3d:
                    3e:85:97:11:0c:67:19:ca:63:2d:7e:79:3b:36:90:
                    97:6d:72:60:a2:4b:62:8c:6f:c6:74:01:32:b1:ca:
                    16:a1:98:b1:58:d5:a8:6c:2a:07:fb:38:68:b1:54:
                    1d:9a:eb:00:18:7d:90:d0:9e:66:6f:64:8a:b7:0f:
                    a4:eb:0d:ca:c0:a6:8f:d6:98:2c:10:f4:c3:21:f5:
                    42:e3:99:97:29:83:9b:e4:30:14:66:9b:17:4d:1f:
                    d1:ad:2e:c3:98:90:8e:36:72:01:e2:16:e2:94:54:
                    2f:81:56:16:19:84:d9:6f:d3:13:4a:34:4d:c5:29:
                    81:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:63:41:88:8B:C8:44:08:7C:0D:72:CC:95:A3:A2:36:4D:43:EE:2C
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763313a3a2f33322d3438203d3e20323135353331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         63:f1:44:f5:1b:b6:79:12:b2:60:b1:94:c2:f8:3a:94:44:1d:
         79:6d:02:78:dd:ae:bd:47:c0:29:8a:38:8b:3e:e8:25:0c:1b:
         7e:cc:a8:b3:77:98:fe:d8:4d:72:94:be:09:61:ce:81:e4:c5:
         d6:bd:b3:5c:6d:6d:f3:72:73:5b:ff:40:eb:ab:4c:39:48:9a:
         9f:8f:1f:ea:38:45:61:02:79:7a:9a:c0:9d:2c:49:be:08:81:
         44:50:63:f7:cf:d2:85:73:e7:b3:58:ff:20:fb:25:db:c1:ee:
         28:93:8b:80:03:96:b6:7f:05:88:c1:ea:4a:1d:05:8d:d6:39:
         bd:e0:42:b0:81:0e:37:bc:d5:89:da:82:12:8f:eb:03:8e:2b:
         ca:52:ab:50:c5:15:cd:4d:9d:fc:9b:e1:05:d6:da:a8:9c:b1:
         af:d6:6f:c6:a4:79:c5:d9:c4:6e:34:4c:63:76:eb:c3:1b:e9:
         86:0e:9c:2c:8b:a7:98:81:3d:8a:6c:09:bd:9a:b8:47:81:4b:
         08:58:ae:56:c2:f0:8e:15:ee:4f:8b:69:4b:8f:90:f2:6c:bf:
         8b:3d:56:e5:ea:57:d8:60:6c:8a:e0:12:ab:7e:ce:83:b4:ba:
         d6:17:c2:68:a5:91:d4:6b:88:81:23:7c:8c:76:17:c6:8c:80:
         96:bd:1f:a8
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgIUe/Zm1+7V59tAOYgg6UViFBJOz9YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNTAyMTFaFw0yNTA1MjcxNTA3MTFaMDMxMTAvBgNV
BAMTKEUxNjM0MTg4OEJDODQ0MDg3QzBENzJDQzk1QTNBMjM2NEQ0M0VFMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyvGtj8qonb5YA3RBd+eDU/yR4
lHhHkyOXJDDq41xYJUUUPDH+wYucqo27sDe8SmaPwlzSbRAGWYRNB/g2d4Qjrxy8
SWo8nWhd2LvKV9DQIT7ySix49yLjF2L5uO82764Kf2AFL/LMH0zxlKVyVu6kVVkF
+WYXiIllwiv4KQuTp3Ha5HsePT6FlxEMZxnKYy1+eTs2kJdtcmCiS2KMb8Z0ATKx
yhahmLFY1ahsKgf7OGixVB2a6wAYfZDQnmZvZIq3D6TrDcrApo/WmCwQ9MMh9ULj
mZcpg5vkMBRmmxdNH9GtLsOYkI42cgHiFuKUVC+BVhYZhNlv0xNKNE3FKYF5AgMB
AAGjggHhMIIB3TAdBgNVHQ4EFgQU4WNBiIvIRAh8DXLMlaOiNk1D7iwwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjB/BggrBgEFBQcBCwRzMHEwbwYIKwYBBQUHMAuGY3JzeW5jOi8v
cmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5pcm91dGUvMS8zMjYxMzEzNDNhMzc2
MzMxM2EzYTJmMzMzMjJkMzQzODIwM2QzZTIwMzIzMTM1MzUzMzMxLnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKhQHwTANBgkqhkiG9w0BAQsFAAOCAQEAY/FE9Ru2eRKyYLGUwvg6lEQdeW0C
eN2uvUfAKYo4iz7oJQwbfsyos3eY/thNcpS+CWHOgeTF1r2zXG1t83JzW/9A66tM
OUian48f6jhFYQJ5eprAnSxJvgiBRFBj98/ShXPns1j/IPsl28HuKJOLgAOWtn8F
iMHqSh0FjdY5veBCsIEON7zVidqCEo/rA44rylKrUMUVzU2d/JvhBdbaqJyxr9Zv
xqR5xdnEbjRMY3brwxvphg6cLIunmIE9imwJvZq4R4FLCFiuVsLwjhXuT4tpS4+Q
8my/iz1W5epX2GBsiuASq37Og7S61hfCaKWR1GuIgSN8jHYXxoyAlr0fqA==
-----END CERTIFICATE-----