Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763313a3a2f33322d3438203d3e203531333936.roa
File:                     326131343a3763313a3a2f33322d3438203d3e203531333936.roa (raw, json)
Hash identifier:          CH17i3anM2u20AmtVAkSKYhOwyDTKJSj+IOeIw68rag=
Subject key identifier:   4E:CD:B4:36:72:FE:A1:45:5B:14:F4:4E:BA:9E:B1:1C:15:B3:31:F3
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       6E86B44EBBE37D4758FE7C1279522F0EEB89630C
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763313a3a2f33322d3438203d3e203531333936.roa
Signing time:             Sun 22 Sep 2024 09:24:38 +0000
ROA not before:           Sun 22 Sep 2024 09:19:38 +0000
ROA not after:            Sun 21 Sep 2025 09:24:38 +0000
asID:                     51396
IP address blocks:        2a14:7c1::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:86:b4:4e:bb:e3:7d:47:58:fe:7c:12:79:52:2f:0e:eb:89:63:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Sep 22 09:19:38 2024 GMT
            Not After : Sep 21 09:24:38 2025 GMT
        Subject: CN=4ECDB43672FEA1455B14F44EBA9EB11C15B331F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:47:ea:00:4f:3d:cb:60:cd:69:87:2e:3d:9d:
                    02:a9:9c:23:18:4a:26:10:35:3f:db:80:c2:6b:b8:
                    2d:e8:be:33:9a:33:a2:c5:52:7f:2a:cd:1c:b1:36:
                    af:5a:5d:55:51:bf:1c:66:10:bc:87:dc:70:f6:aa:
                    46:a5:33:d6:71:3b:25:1c:f9:37:92:bd:f3:c7:2f:
                    c0:40:1b:50:7a:ba:eb:83:7b:81:09:03:37:d6:90:
                    9b:55:b0:ad:c8:73:df:35:9c:44:8c:ed:f0:a1:90:
                    99:6a:00:75:b3:0e:f6:88:42:23:28:0b:f7:9d:55:
                    34:d9:51:68:c0:d3:f9:3b:af:d8:77:e8:14:c9:c7:
                    d9:9f:29:b4:09:db:06:8b:92:7f:a4:f7:7a:24:73:
                    e3:7f:9d:5c:e1:15:2a:3c:be:f1:a3:3c:fc:18:32:
                    55:e1:3c:d3:c8:3e:97:66:f3:0f:e0:51:9b:f5:21:
                    b4:16:b1:8e:bb:d7:1e:9d:00:37:f9:17:ed:02:25:
                    f2:63:18:4c:5a:fc:38:cb:60:92:46:53:5a:07:f7:
                    c9:64:41:89:ba:7f:07:08:d6:08:8c:bc:4a:83:7a:
                    f0:3a:8c:ec:18:15:79:c7:35:5d:17:ed:98:48:73:
                    1d:e7:ad:ae:d9:b7:3d:01:ae:da:b0:55:79:af:4e:
                    09:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:CD:B4:36:72:FE:A1:45:5B:14:F4:4E:BA:9E:B1:1C:15:B3:31:F3
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763313a3a2f33322d3438203d3e203531333936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:7c:92:57:3e:e0:53:c3:6b:a5:7e:47:29:25:13:17:dc:56:
         50:f7:0a:d8:de:e6:a7:b6:8a:47:b5:14:e3:71:5f:d9:d9:f9:
         aa:a7:10:e1:67:39:69:2d:ee:b4:12:f8:43:0a:bb:c8:98:c1:
         37:ea:e8:ae:53:90:ea:b2:67:ac:d4:f4:a1:65:0e:c0:1c:c4:
         2c:30:ed:4e:1c:36:2b:e9:26:e5:76:11:7d:f2:db:93:6b:a1:
         99:12:89:73:81:3f:2b:b3:e2:ac:eb:d3:8d:a3:bc:de:24:42:
         dd:8b:d8:46:2b:d9:58:0e:70:cf:cb:02:26:8f:9f:4d:98:78:
         e3:99:8f:c6:98:79:2d:96:0f:fa:e0:d7:63:c0:dc:36:ae:6c:
         f8:37:58:e0:6d:e5:dc:61:6f:a7:dd:d7:b7:34:98:bb:d1:d9:
         f4:0d:e6:d3:43:2a:f7:07:09:c0:16:c9:a7:fe:ba:39:2a:72:
         13:05:d4:04:24:30:81:23:ce:a8:72:7d:11:ab:7c:df:68:2c:
         7f:84:4e:de:d5:0a:69:b6:aa:b1:e6:57:12:49:04:44:a9:a3:
         46:2b:67:d6:09:90:70:b7:61:f2:bf:0c:25:5c:84:65:8f:c4:
         f5:49:62:e2:9e:21:38:fd:a2:0c:be:c7:63:0f:ee:98:b0:9e:
         7d:5c:a9:45
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUboa0TrvjfUdY/nwSeVIvDuuJYwwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA5MjIwOTE5MzhaFw0yNTA5MjEwOTI0MzhaMDMxMTAvBgNV
BAMTKDRFQ0RCNDM2NzJGRUExNDU1QjE0RjQ0RUJBOUVCMTFDMTVCMzMxRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwR+oATz3LYM1phy49nQKpnCMY
SiYQNT/bgMJruC3ovjOaM6LFUn8qzRyxNq9aXVVRvxxmELyH3HD2qkalM9ZxOyUc
+TeSvfPHL8BAG1B6uuuDe4EJAzfWkJtVsK3Ic981nESM7fChkJlqAHWzDvaIQiMo
C/edVTTZUWjA0/k7r9h36BTJx9mfKbQJ2waLkn+k93okc+N/nVzhFSo8vvGjPPwY
MlXhPNPIPpdm8w/gUZv1IbQWsY671x6dADf5F+0CJfJjGExa/DjLYJJGU1oH98lk
QYm6fwcI1giMvEqDevA6jOwYFXnHNV0X7ZhIcx3nra7Ztz0BrtqwVXmvTglNAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUTs20NnL+oUVbFPROup6xHBWzMfMwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjB9BggrBgEFBQcBCwRxMG8wbQYIKwYBBQUHMAuGYXJzeW5jOi8v
cmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5pcm91dGUvMS8zMjYxMzEzNDNhMzc2
MzMxM2EzYTJmMzMzMjJkMzQzODIwM2QzZTIwMzUzMTMzMzkzNi5yb2EwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMF
ACoUB8EwDQYJKoZIhvcNAQELBQADggEBAFF8klc+4FPDa6V+RyklExfcVlD3Ctje
5qe2ike1FONxX9nZ+aqnEOFnOWkt7rQS+EMKu8iYwTfq6K5TkOqyZ6zU9KFlDsAc
xCww7U4cNivpJuV2EX3y25NroZkSiXOBPyuz4qzr042jvN4kQt2L2EYr2VgOcM/L
AiaPn02YeOOZj8aYeS2WD/rg12PA3DaubPg3WOBt5dxhb6fd17c0mLvR2fQN5tND
KvcHCcAWyaf+ujkqchMF1AQkMIEjzqhyfRGrfN9oLH+ETt7VCmm2qrHmVxJJBESp
o0YrZ9YJkHC3YfK/DCVchGWPxPVJYuKeITj9ogy+x2MP7piwnn1cqUU=
-----END CERTIFICATE-----