Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313530303a3a2f34302d3438203d3e20323135333235.roa
File:                     326131343a3763303a313530303a3a2f34302d3438203d3e20323135333235.roa (raw, json)
Hash identifier:          MxFz/aYqrBAJItyRXx3frKYsQnOZQIm9gcNF89EC6Xo=
Subject key identifier:   AE:D9:24:17:89:CA:E8:96:11:64:42:03:27:17:CF:C2:65:32:B0:CB
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       24629C455C7C2BB6E70A119D63AE9B24DF6602A9
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313530303a3a2f34302d3438203d3e20323135333235.roa
Signing time:             Tue 28 May 2024 15:04:04 +0000
ROA not before:           Tue 28 May 2024 14:59:04 +0000
ROA not after:            Tue 27 May 2025 15:04:04 +0000
asID:                     215325
IP address blocks:        2a14:7c0:1500::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:62:9c:45:5c:7c:2b:b6:e7:0a:11:9d:63:ae:9b:24:df:66:02:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 14:59:04 2024 GMT
            Not After : May 27 15:04:04 2025 GMT
        Subject: CN=AED9241789CAE896116442032717CFC26532B0CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:16:23:8c:85:9f:42:ce:cd:cf:ad:ee:1f:d9:
                    fc:08:fb:dd:d8:97:81:5e:21:ed:a4:3f:a9:b7:ec:
                    54:a8:af:10:d6:d1:37:a9:b4:88:26:4f:f2:53:a8:
                    a9:31:ac:70:65:6b:c5:69:6c:bc:ca:84:c7:90:b6:
                    4b:4f:ca:cb:a8:ed:6d:02:9d:51:0b:90:70:d7:f6:
                    41:77:1e:d6:11:0e:45:f2:87:22:ee:97:d6:13:e8:
                    b4:94:76:c6:15:3f:2b:c0:70:c6:b7:e5:b5:bf:1e:
                    f9:39:3a:65:f0:7f:1b:a5:91:44:d2:9a:23:59:ac:
                    5c:76:ce:7e:1c:a1:ff:bc:dc:c4:93:54:31:ef:8e:
                    78:b9:9a:87:1b:51:95:e5:48:07:4d:df:ce:5b:ea:
                    cb:f8:11:0b:01:f1:b2:86:0d:e1:9f:00:c2:c0:b7:
                    e3:d5:bf:d2:4f:f9:42:90:b7:52:b2:80:c8:9d:81:
                    3b:a8:67:c0:25:9b:ae:97:01:f1:ab:3c:d0:4b:c1:
                    b8:bb:c5:bb:3a:0f:e6:c9:74:f8:7f:29:24:4f:d9:
                    57:83:66:1a:89:fe:e8:81:b2:91:ed:49:39:47:b4:
                    91:52:a5:c7:0e:dc:a0:7b:ed:5f:58:e1:34:e1:c2:
                    be:95:fe:8c:6f:e6:0a:d6:bb:a4:20:5e:2d:0b:c8:
                    c1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D9:24:17:89:CA:E8:96:11:64:42:03:27:17:CF:C2:65:32:B0:CB
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313530303a3a2f34302d3438203d3e20323135333235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:1500::/40

    Signature Algorithm: sha256WithRSAEncryption
         68:31:cb:68:a6:94:a4:bf:71:f7:0e:b2:c3:63:0b:71:6c:fd:
         d6:e7:aa:95:0f:60:ad:67:9d:74:e3:6a:8f:67:3f:41:a2:16:
         e8:c5:12:cb:5b:c8:e7:8b:3b:20:de:18:db:da:c8:3e:4d:bf:
         df:0e:de:a7:78:45:90:a5:07:b7:eb:f4:4b:2e:c0:43:da:94:
         6a:6a:4e:17:f1:8a:8d:df:ee:f8:e4:2c:9c:ea:e7:32:37:1e:
         cc:19:95:0a:31:89:b0:9c:a6:62:1e:76:05:ad:9a:45:91:0d:
         e4:74:42:7d:79:8e:01:41:6c:c3:6b:f9:00:e0:bb:2a:85:d7:
         9c:13:15:f7:f8:cd:61:85:69:59:09:ed:06:ee:a8:7e:94:5d:
         19:16:49:45:8d:8b:d0:3b:3e:e6:8d:74:f1:b1:bd:ac:1a:44:
         93:b8:dd:fd:e9:31:78:62:18:b3:95:d2:ba:bd:c3:66:74:cb:
         90:12:60:eb:1a:7a:a1:4a:e2:5f:9e:15:70:da:07:ad:4f:e1:
         72:3c:21:e7:54:0a:ef:f4:d1:4d:3a:a6:29:7e:b7:cc:f7:dd:
         8c:02:33:dc:b8:f1:9a:75:4d:86:aa:09:8d:3c:2b:f8:68:eb:
         92:d7:ca:3e:4d:08:a7:d4:4d:b8:0c:fd:8c:4f:52:86:ee:33:
         ec:b1:92:1c
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUJGKcRVx8K7bnChGdY66bJN9mAqkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNDU5MDRaFw0yNTA1MjcxNTA0MDRaMDMxMTAvBgNV
BAMTKEFFRDkyNDE3ODlDQUU4OTYxMTY0NDIwMzI3MTdDRkMyNjUzMkIwQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1FiOMhZ9Czs3Pre4f2fwI+93Y
l4FeIe2kP6m37FSorxDW0TeptIgmT/JTqKkxrHBla8VpbLzKhMeQtktPysuo7W0C
nVELkHDX9kF3HtYRDkXyhyLul9YT6LSUdsYVPyvAcMa35bW/Hvk5OmXwfxulkUTS
miNZrFx2zn4cof+83MSTVDHvjni5mocbUZXlSAdN385b6sv4EQsB8bKGDeGfAMLA
t+PVv9JP+UKQt1KygMidgTuoZ8Alm66XAfGrPNBLwbi7xbs6D+bJdPh/KSRP2VeD
ZhqJ/uiBspHtSTlHtJFSpccO3KB77V9Y4TThwr6V/oxv5grWu6QgXi0LyMFtAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUrtkkF4nK6JYRZEIDJxfPwmUysMswHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzEzNTMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMxMzUzMzMy
MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfAFTANBgkqhkiG9w0BAQsFAAOCAQEAaDHLaKaUpL9x
9w6yw2MLcWz91ueqlQ9grWeddONqj2c/QaIW6MUSy1vI54s7IN4Y29rIPk2/3w7e
p3hFkKUHt+v0Sy7AQ9qUampOF/GKjd/u+OQsnOrnMjcezBmVCjGJsJymYh52Ba2a
RZEN5HRCfXmOAUFsw2v5AOC7KoXXnBMV9/jNYYVpWQntBu6ofpRdGRZJRY2L0Ds+
5o108bG9rBpEk7jd/ekxeGIYs5XSur3DZnTLkBJg6xp6oUriX54VcNoHrU/hcjwh
51QK7/TRTTqmKX63zPfdjAIz3LjxmnVNhqoJjTwr+GjrktfKPk0Ip9RNuAz9jE9S
hu4z7LGSHA==
-----END CERTIFICATE-----