Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333430303a3a2f33382d3438203d3e20323135313237.roa
File:                     326131343a3763303a333430303a3a2f33382d3438203d3e20323135313237.roa (raw, json)
Hash identifier:          k6EsW+LYRGi83e5cKXKhNJoxYXegy8Z2ud4ci8CeOBc=
Subject key identifier:   88:92:55:84:B5:DA:0D:73:69:92:36:5C:57:22:FB:1D:0C:85:99:C2
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       4884FE7329CAC2C1602E04F7FCF327BCBAC8BE07
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333430303a3a2f33382d3438203d3e20323135313237.roa
Signing time:             Tue 28 May 2024 15:01:24 +0000
ROA not before:           Tue 28 May 2024 14:56:24 +0000
ROA not after:            Tue 27 May 2025 15:01:24 +0000
asID:                     215127
IP address blocks:        2a14:7c0:3400::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:84:fe:73:29:ca:c2:c1:60:2e:04:f7:fc:f3:27:bc:ba:c8:be:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 14:56:24 2024 GMT
            Not After : May 27 15:01:24 2025 GMT
        Subject: CN=88925584B5DA0D736992365C5722FB1D0C8599C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2d:d5:45:fc:aa:f9:d2:30:8c:b9:53:b4:da:
                    67:7a:06:e9:c9:b4:8b:ad:a9:df:45:49:2a:e9:05:
                    9a:bc:fd:eb:ef:c6:88:e5:44:25:7e:4c:24:4c:54:
                    70:ea:79:03:f8:11:62:37:4e:d9:c0:75:d3:8b:2f:
                    43:b0:d2:96:bd:4e:63:49:44:c1:d2:04:b1:15:3a:
                    2b:28:bb:34:4a:4b:ae:8b:2d:b8:6b:d2:8f:92:10:
                    16:95:29:a1:fa:fb:31:6a:cd:fd:e5:14:65:11:d9:
                    a3:32:39:6c:e5:cb:bf:02:47:9f:6f:0b:68:ad:f1:
                    b7:e0:b3:82:1e:45:84:21:d3:ad:88:9b:97:cd:23:
                    18:e5:b5:fd:3c:3d:ed:43:09:a7:de:ae:c3:b2:82:
                    cd:c0:ba:c0:3c:6d:00:45:a5:7d:ac:bf:90:af:23:
                    c1:a7:06:1b:c0:35:3d:68:95:f6:93:0b:e0:87:ac:
                    d1:fd:65:cd:8f:e0:5b:c6:e3:38:d9:2d:1f:98:5e:
                    89:51:01:d7:93:c1:1a:29:34:96:cd:f8:0b:89:38:
                    7f:30:68:5e:32:a1:fb:2c:29:ab:eb:ee:6b:ae:27:
                    e2:dd:88:bd:21:5b:2f:0d:58:13:7b:e5:41:11:09:
                    29:cd:93:9a:1f:db:ec:55:ac:cf:50:4b:84:b0:7a:
                    24:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:92:55:84:B5:DA:0D:73:69:92:36:5C:57:22:FB:1D:0C:85:99:C2
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333430303a3a2f33382d3438203d3e20323135313237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:3400::/38

    Signature Algorithm: sha256WithRSAEncryption
         3f:68:5f:49:9b:88:04:d0:36:7e:19:1b:7d:b2:6d:b3:ee:20:
         d6:e7:ce:cd:a2:b4:01:9f:06:2d:87:27:9e:3c:58:16:73:4c:
         da:8e:bd:55:1c:84:10:79:8f:bc:ef:87:3f:d5:f6:74:be:a4:
         48:0b:d2:e0:7c:ef:4f:57:0f:c4:1c:bd:15:e0:28:14:46:e7:
         b1:91:7b:5f:ae:f3:74:8b:f7:ce:04:7b:b5:d3:15:b5:5b:f5:
         09:d4:1f:be:7a:51:17:a7:4a:7f:54:91:0c:d8:02:2b:86:d1:
         6a:00:d7:ea:40:58:71:67:64:6a:ad:cf:dc:14:5c:9d:64:8d:
         77:e4:84:df:90:23:a7:0a:06:8b:d9:a7:b6:b1:5f:d9:55:b6:
         27:11:c4:d1:9f:c4:80:c9:95:6d:3c:be:b0:0d:0c:34:13:5b:
         8d:37:f8:15:f5:85:04:1c:da:99:a6:f7:76:ba:23:5e:27:17:
         f2:fb:96:38:ee:62:f5:b6:be:a6:92:64:44:35:8f:61:38:98:
         ba:0c:b0:7c:5b:ef:22:54:66:a6:cc:e9:54:ac:d1:0b:54:4c:
         f7:2b:c8:91:93:3d:a9:ed:67:dc:5e:0d:41:ea:01:0c:00:70:
         45:2d:89:09:4d:e9:3d:60:08:39:ac:e6:85:84:88:2c:7f:34:
         2b:30:20:0d
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUSIT+cynKwsFgLgT3/PMnvLrIvgcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNDU2MjRaFw0yNTA1MjcxNTAxMjRaMDMxMTAvBgNV
BAMTKDg4OTI1NTg0QjVEQTBENzM2OTkyMzY1QzU3MjJGQjFEMEM4NTk5QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChLdVF/Kr50jCMuVO02md6BunJ
tIutqd9FSSrpBZq8/evvxojlRCV+TCRMVHDqeQP4EWI3TtnAddOLL0Ow0pa9TmNJ
RMHSBLEVOisouzRKS66LLbhr0o+SEBaVKaH6+zFqzf3lFGUR2aMyOWzly78CR59v
C2it8bfgs4IeRYQh062Im5fNIxjltf08Pe1DCafersOygs3AusA8bQBFpX2sv5Cv
I8GnBhvANT1olfaTC+CHrNH9Zc2P4FvG4zjZLR+YXolRAdeTwRopNJbN+AuJOH8w
aF4yofssKavr7muuJ+LdiL0hWy8NWBN75UERCSnNk5of2+xVrM9QS4SweiQ7AgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUiJJVhLXaDXNpkjZcVyL7HQyFmcIwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzMzNDMwMzAzYTNhMmYzMzM4MmQzNDM4MjAzZDNlMjAzMjMxMzUzMTMy
Mzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgIqFAfANDANBgkqhkiG9w0BAQsFAAOCAQEAP2hfSZuIBNA2
fhkbfbJts+4g1ufOzaK0AZ8GLYcnnjxYFnNM2o69VRyEEHmPvO+HP9X2dL6kSAvS
4HzvT1cPxBy9FeAoFEbnsZF7X67zdIv3zgR7tdMVtVv1CdQfvnpRF6dKf1SRDNgC
K4bRagDX6kBYcWdkaq3P3BRcnWSNd+SE35AjpwoGi9mntrFf2VW2JxHE0Z/EgMmV
bTy+sA0MNBNbjTf4FfWFBBzamab3drojXicX8vuWOO5i9ba+ppJkRDWPYTiYugyw
fFvvIlRmpszpVKzRC1RM9yvIkZM9qe1n3F4NQeoBDABwRS2JCU3pPWAIOazmhYSI
LH80KzAgDQ==
-----END CERTIFICATE-----