Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763363a3a2f33322d3332203d3e203439353831.roa
File:                     326131343a3763363a3a2f33322d3332203d3e203439353831.roa (raw, json)
Hash identifier:          4WutKBA9cjJyIG9Ft0BMyd/uHZABjEQinf4TL5TaJe8=
Subject key identifier:   12:2E:A4:EA:61:9A:2F:AE:DA:7E:F8:A8:78:ED:AB:7A:F1:D9:FB:20
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       34825D8C35BA5818F89DC884E744EF3DD1C8EF0B
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763363a3a2f33322d3332203d3e203439353831.roa
Signing time:             Tue 28 May 2024 14:55:47 +0000
ROA not before:           Tue 28 May 2024 14:50:47 +0000
ROA not after:            Tue 27 May 2025 14:55:47 +0000
asID:                     49581
IP address blocks:        2a14:7c6::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:82:5d:8c:35:ba:58:18:f8:9d:c8:84:e7:44:ef:3d:d1:c8:ef:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 14:50:47 2024 GMT
            Not After : May 27 14:55:47 2025 GMT
        Subject: CN=122EA4EA619A2FAEDA7EF8A878EDAB7AF1D9FB20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c3:45:b2:48:da:bb:e4:8a:64:5a:14:eb:60:
                    d3:5c:04:8a:f2:8e:ce:64:d3:18:ba:20:f3:2d:13:
                    fd:4b:18:bc:fa:f7:38:fc:36:92:23:27:88:ec:48:
                    b9:8b:27:66:ba:ed:72:70:0f:55:bb:0f:0b:f0:d9:
                    99:8d:fe:a4:b9:0b:cb:55:67:06:a8:47:f8:84:c1:
                    c7:c3:29:0d:a4:74:80:3f:2c:bc:fd:41:f8:62:8b:
                    68:37:c9:25:c2:18:b5:8b:6a:d7:50:7b:64:77:45:
                    09:5a:95:a8:85:26:e0:8f:ab:79:cf:50:4c:e7:69:
                    f8:c8:4a:64:b6:c2:71:3c:e7:fb:80:2a:8f:df:48:
                    d0:67:8f:d4:65:51:76:07:d6:5a:86:cc:70:2d:b9:
                    d3:c8:56:3f:07:fa:05:4c:d6:88:50:83:c0:95:42:
                    7b:45:d8:cd:c3:52:14:d5:cd:06:d7:5f:64:9f:80:
                    36:af:71:47:f7:41:94:3f:17:96:4b:8e:60:18:d7:
                    93:df:33:8b:53:c7:8d:40:2d:d6:8f:fd:37:e7:1d:
                    9c:62:31:64:88:7d:98:5f:78:27:ff:88:37:cf:31:
                    62:99:86:4a:33:10:d8:59:91:89:7c:a9:84:b0:88:
                    32:a7:ba:21:e4:12:e7:93:02:9e:18:0c:fc:2d:01:
                    ac:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:2E:A4:EA:61:9A:2F:AE:DA:7E:F8:A8:78:ED:AB:7A:F1:D9:FB:20
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763363a3a2f33322d3332203d3e203439353831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:1e:ac:e0:4c:8f:d2:de:c8:17:a2:40:c6:76:f2:88:9a:e2:
         84:88:4f:27:75:14:0b:8d:83:6b:d4:ef:36:81:8e:79:bc:57:
         09:b4:2a:d7:52:58:2a:8a:a5:78:a3:5a:fd:1d:0a:b4:fa:8e:
         28:68:66:7c:c7:84:4b:20:30:b8:b2:b3:49:78:fe:d1:d3:4d:
         23:7d:b8:42:20:80:41:c8:27:6c:86:bf:cb:b4:a7:a6:ff:a7:
         6c:3d:39:f7:c1:0e:1d:f5:f4:a4:ac:bb:15:31:d6:46:f3:54:
         2c:58:e1:93:16:52:39:03:48:b2:69:ae:55:30:8d:85:cb:de:
         b5:d2:8a:79:66:90:7a:82:88:12:ee:e5:e5:a7:cd:15:f1:04:
         a8:33:67:63:c7:48:07:01:31:9d:d1:1c:ee:71:ac:df:d0:3f:
         80:fa:20:e7:21:53:0a:64:c0:ef:7e:77:a5:a4:07:ee:2c:ff:
         80:12:b7:d7:7c:b8:d5:60:5e:1d:2b:c8:f7:5c:71:06:eb:79:
         0a:03:fb:58:31:8d:63:ee:f0:c3:77:c0:0c:15:d4:19:a6:43:
         e4:c8:83:b1:c0:22:62:8c:e0:57:e1:ab:ae:ac:45:fd:63:54:
         18:97:e0:67:e5:4a:b3:0e:fb:92:6f:5b:34:ab:25:39:25:bb:
         3d:8a:df:06
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUNIJdjDW6WBj4nciE50TvPdHI7wswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNDUwNDdaFw0yNTA1MjcxNDU1NDdaMDMxMTAvBgNV
BAMTKDEyMkVBNEVBNjE5QTJGQUVEQTdFRjhBODc4RURBQjdBRjFEOUZCMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrw0WySNq75IpkWhTrYNNcBIry
js5k0xi6IPMtE/1LGLz69zj8NpIjJ4jsSLmLJ2a67XJwD1W7Dwvw2ZmN/qS5C8tV
ZwaoR/iEwcfDKQ2kdIA/LLz9Qfhii2g3ySXCGLWLatdQe2R3RQlalaiFJuCPq3nP
UEznafjISmS2wnE85/uAKo/fSNBnj9RlUXYH1lqGzHAtudPIVj8H+gVM1ohQg8CV
QntF2M3DUhTVzQbXX2SfgDavcUf3QZQ/F5ZLjmAY15PfM4tTx41ALdaP/TfnHZxi
MWSIfZhfeCf/iDfPMWKZhkozENhZkYl8qYSwiDKnuiHkEueTAp4YDPwtAax5AgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUEi6k6mGaL67afvioeO2revHZ+yAwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjB9BggrBgEFBQcBCwRxMG8wbQYIKwYBBQUHMAuGYXJzeW5jOi8v
cmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5pcm91dGUvMS8zMjYxMzEzNDNhMzc2
MzM2M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzQzOTM1MzgzMS5yb2EwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMF
ACoUB8YwDQYJKoZIhvcNAQELBQADggEBAGUerOBMj9LeyBeiQMZ28oia4oSITyd1
FAuNg2vU7zaBjnm8Vwm0KtdSWCqKpXijWv0dCrT6jihoZnzHhEsgMLiys0l4/tHT
TSN9uEIggEHIJ2yGv8u0p6b/p2w9OffBDh319KSsuxUx1kbzVCxY4ZMWUjkDSLJp
rlUwjYXL3rXSinlmkHqCiBLu5eWnzRXxBKgzZ2PHSAcBMZ3RHO5xrN/QP4D6IOch
UwpkwO9+d6WkB+4s/4ASt9d8uNVgXh0ryPdccQbreQoD+1gxjWPu8MN3wAwV1Bmm
Q+TIg7HAImKM4Ffhq66sRf1jVBiX4GflSrMO+5JvWzSrJTkluz2K3wY=
-----END CERTIFICATE-----