Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313734313a3a2f34382d3438203d3e20323134383139.roa
File:                     326131343a3763303a313734313a3a2f34382d3438203d3e20323134383139.roa (raw, json)
Hash identifier:          CfP/oEHDse02uMgiq66xXWSaZbIslbu2MfzBVHdWFIs=
Subject key identifier:   59:8E:5D:97:B3:27:4C:D3:5D:24:78:1B:10:73:12:06:0E:4B:EF:F8
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       7107A2D6733B5CA1216C51B466AC03C8A05AFFCE
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313734313a3a2f34382d3438203d3e20323134383139.roa
Signing time:             Sun 07 Jul 2024 10:13:53 +0000
ROA not before:           Sun 07 Jul 2024 10:08:53 +0000
ROA not after:            Sun 06 Jul 2025 10:13:53 +0000
asID:                     214819
IP address blocks:        2a14:7c0:1741::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:07:a2:d6:73:3b:5c:a1:21:6c:51:b4:66:ac:03:c8:a0:5a:ff:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Jul  7 10:08:53 2024 GMT
            Not After : Jul  6 10:13:53 2025 GMT
        Subject: CN=598E5D97B3274CD35D24781B107312060E4BEFF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:50:cd:f8:48:5e:82:17:65:ef:dd:b5:50:f3:
                    f2:f8:a8:8b:e4:4e:8e:50:2e:16:db:f3:4f:ab:8d:
                    ae:bf:92:c0:78:9f:6c:17:43:51:86:48:cd:a5:cf:
                    c6:db:8f:d6:2f:8b:d4:3f:ba:e9:6b:ed:93:11:42:
                    20:82:2d:83:c3:48:c4:f8:e5:fb:de:37:ea:8f:69:
                    b2:54:fd:a5:9a:f9:4c:60:d7:74:db:41:34:60:9b:
                    e8:e0:5f:5c:49:48:83:09:31:77:58:c1:cb:18:34:
                    94:a1:05:89:e7:55:4f:c5:78:af:fd:e0:65:c0:48:
                    a4:18:c9:40:1b:49:1d:3f:b9:33:69:46:4f:b2:bd:
                    1f:ff:1c:b5:0c:f2:a7:5a:c1:cc:55:d9:f5:f3:63:
                    16:71:bd:23:8e:af:6f:b5:98:3e:ea:cb:bc:a7:20:
                    2d:57:ed:55:55:83:fb:6e:48:c5:0c:78:18:82:c9:
                    fd:00:ed:e6:0c:b5:eb:c9:61:93:dd:06:4d:d5:1a:
                    53:0e:0d:80:3b:29:83:19:3e:d2:61:8d:1b:04:01:
                    b2:66:8f:4e:75:e7:6d:f4:a3:01:8d:91:2f:aa:8c:
                    c5:90:a9:4a:28:42:78:ac:8d:06:5b:11:8a:35:de:
                    9d:2e:93:5b:5c:cd:57:6e:93:ce:dc:b9:81:fd:db:
                    48:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:8E:5D:97:B3:27:4C:D3:5D:24:78:1B:10:73:12:06:0E:4B:EF:F8
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313734313a3a2f34382d3438203d3e20323134383139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:1741::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:76:70:f2:62:98:07:31:69:12:49:de:7b:63:2a:96:16:c6:
         c8:35:f5:22:88:75:88:e9:92:a6:42:57:fc:68:43:bc:16:72:
         f2:ba:36:ab:84:a5:5e:47:19:c0:5b:89:2e:6d:e9:10:b1:35:
         d3:0d:f8:fb:8b:c4:5f:5b:b6:5d:55:9c:d3:e3:60:b3:1a:de:
         a3:37:7c:45:1f:95:4b:be:a1:f0:e3:95:45:f7:1e:19:98:3a:
         22:e0:a6:1e:2f:41:c4:08:1c:81:9f:ca:8d:b4:9b:b9:a9:d4:
         fb:dd:65:25:7a:42:e3:4a:59:0f:5a:88:8d:63:32:65:33:3c:
         4e:68:4c:7e:01:53:c0:ea:9c:58:98:42:13:5f:a9:8b:3f:db:
         17:e8:61:20:f8:18:51:f9:8e:eb:b6:ab:0e:53:8a:d6:c5:a1:
         2b:d0:26:ae:32:a8:3f:b2:df:a0:c6:7e:3a:52:41:aa:6c:92:
         a9:6d:ed:8b:33:f6:a3:2c:4f:07:d2:11:1f:cd:26:14:cb:92:
         64:e3:73:b6:37:45:36:1f:83:44:20:63:0d:84:49:22:72:c3:
         c3:ca:0f:06:0a:4b:d2:ab:3d:ad:3c:2f:23:85:bb:ca:30:36:
         24:1e:48:e5:dd:01:3c:e7:1d:0e:de:06:da:36:56:78:da:4c:
         82:f9:f0:16
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUcQei1nM7XKEhbFG0ZqwDyKBa/84wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA3MDcxMDA4NTNaFw0yNTA3MDYxMDEzNTNaMDMxMTAvBgNV
BAMTKDU5OEU1RDk3QjMyNzRDRDM1RDI0NzgxQjEwNzMxMjA2MEU0QkVGRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFUM34SF6CF2Xv3bVQ8/L4qIvk
To5QLhbb80+rja6/ksB4n2wXQ1GGSM2lz8bbj9Yvi9Q/uulr7ZMRQiCCLYPDSMT4
5fveN+qPabJU/aWa+Uxg13TbQTRgm+jgX1xJSIMJMXdYwcsYNJShBYnnVU/FeK/9
4GXASKQYyUAbSR0/uTNpRk+yvR//HLUM8qdawcxV2fXzYxZxvSOOr2+1mD7qy7yn
IC1X7VVVg/tuSMUMeBiCyf0A7eYMtevJYZPdBk3VGlMODYA7KYMZPtJhjRsEAbJm
j0515230owGNkS+qjMWQqUooQnisjQZbEYo13p0uk1tczVduk87cuYH920g/AgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUWY5dl7MnTNNdJHgbEHMSBg5L7/gwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzEzNzM0MzEzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMjMxMzQzODMx
Mzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAqFAfAF0EwDQYJKoZIhvcNAQELBQADggEBAA92cPJimAcx
aRJJ3ntjKpYWxsg19SKIdYjpkqZCV/xoQ7wWcvK6NquEpV5HGcBbiS5t6RCxNdMN
+PuLxF9btl1VnNPjYLMa3qM3fEUflUu+ofDjlUX3HhmYOiLgph4vQcQIHIGfyo20
m7mp1PvdZSV6QuNKWQ9aiI1jMmUzPE5oTH4BU8DqnFiYQhNfqYs/2xfoYSD4GFH5
juu2qw5TitbFoSvQJq4yqD+y36DGfjpSQapskqlt7Ysz9qMsTwfSER/NJhTLkmTj
c7Y3RTYfg0QgYw2ESSJyw8PKDwYKS9KrPa08LyOFu8owNiQeSOXdATznHQ7eBto2
VnjaTIL58BY=
-----END CERTIFICATE-----