Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a3430303a3a2f33382d3438203d3e20323135353331.roa
File:                     326131343a3763303a3430303a3a2f33382d3438203d3e20323135353331.roa (raw, json)
Hash identifier:          uBzyNU+ZyaxQVjkXlGceK2aX3zbIzmVSXP3lIWqdxLw=
Subject key identifier:   98:5D:7B:A3:C8:D5:58:B2:9E:8B:7B:E1:83:2A:19:E8:4B:F7:86:55
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       14BA17C54E61AF25A8068977CCE07F76A62CCD34
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a3430303a3a2f33382d3438203d3e20323135353331.roa
Signing time:             Tue 28 May 2024 15:06:35 +0000
ROA not before:           Tue 28 May 2024 15:01:35 +0000
ROA not after:            Tue 27 May 2025 15:06:35 +0000
asID:                     215531
IP address blocks:        2a14:7c0:400::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:ba:17:c5:4e:61:af:25:a8:06:89:77:cc:e0:7f:76:a6:2c:cd:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 15:01:35 2024 GMT
            Not After : May 27 15:06:35 2025 GMT
        Subject: CN=985D7BA3C8D558B29E8B7BE1832A19E84BF78655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a5:4f:4e:f6:b5:e2:79:b0:57:91:fa:0a:d4:
                    9b:c9:fe:aa:d5:f0:d4:ea:f0:fe:8e:0f:85:d5:9b:
                    24:19:59:a1:e5:f4:b6:e5:f4:b8:f1:23:4f:2f:09:
                    cc:1c:07:91:20:77:30:80:5d:f3:0c:a2:01:33:f3:
                    44:b5:c6:ed:9e:c9:24:66:02:ee:e3:cf:63:bb:b2:
                    40:59:41:6b:34:e6:65:d0:ac:4a:6a:25:d4:ff:10:
                    b7:07:f8:6f:b9:10:b5:2b:a5:91:1d:96:bb:c5:9f:
                    79:63:d6:42:c0:32:b7:21:6b:61:17:35:fd:5e:91:
                    46:f5:61:1f:02:17:95:6d:1e:8c:27:b4:cc:72:cf:
                    65:d0:f8:76:03:8e:6b:e5:59:7f:b3:8f:f6:87:bd:
                    df:1b:8b:c9:e4:76:bb:32:99:a4:d5:7e:2b:bc:7a:
                    45:79:71:5b:18:d4:5e:35:81:af:82:ba:8e:cf:37:
                    39:50:31:45:88:1c:8c:71:ba:1b:8d:27:64:d3:c7:
                    55:ee:ea:e5:c4:1e:ce:2b:44:6b:36:39:05:48:8c:
                    20:d4:f8:5a:e4:88:66:48:98:72:ad:c3:43:c4:6e:
                    67:a3:31:75:2e:7c:f7:8e:24:64:9a:a0:f7:99:73:
                    6f:54:db:0d:92:f5:ac:50:77:f1:a2:6d:2f:a9:34:
                    85:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5D:7B:A3:C8:D5:58:B2:9E:8B:7B:E1:83:2A:19:E8:4B:F7:86:55
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a3430303a3a2f33382d3438203d3e20323135353331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         73:9c:cb:fc:8a:a1:a8:31:26:05:9f:ad:7b:b6:5e:87:1a:2e:
         c6:87:46:02:4d:37:2c:07:7e:b0:57:98:b7:6e:75:82:ca:96:
         df:b9:28:93:c8:ab:fe:21:8a:eb:bb:1c:70:4d:0e:77:a7:18:
         81:31:2f:76:7a:3e:42:29:67:bb:d7:cb:4f:cb:8b:00:5a:35:
         95:6a:1c:12:72:b1:00:db:fe:c1:4f:c6:99:a8:4e:61:3b:63:
         88:23:9f:aa:82:fd:13:91:f2:d2:3d:a0:9c:00:99:36:c9:da:
         69:31:2a:72:c7:4e:7c:23:50:d6:70:1e:f0:f4:9c:0e:fc:f7:
         93:19:4f:5c:a6:5c:0d:2d:5a:99:de:82:e4:3f:c4:e3:7e:db:
         6c:1b:ff:06:0d:f5:05:da:2b:d8:73:54:3c:d6:f9:fb:cd:59:
         66:a5:ef:da:70:04:fe:07:26:e5:dc:53:15:49:28:7b:78:ae:
         7b:a0:27:72:f2:05:66:09:78:0d:66:62:ab:2b:5d:6a:3c:2e:
         e3:44:51:1d:16:88:17:45:2e:46:01:48:14:20:28:4e:3c:7d:
         20:13:bf:54:f9:8e:75:0e:fe:fa:6b:59:bf:61:c8:c6:6c:ee:
         05:fc:b6:5b:b6:1b:55:e9:51:f2:83:a6:17:5b:ca:66:84:90:
         9b:6c:a1:5a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUFLoXxU5hryWoBol3zOB/dqYszTQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNTAxMzVaFw0yNTA1MjcxNTA2MzVaMDMxMTAvBgNV
BAMTKDk4NUQ3QkEzQzhENTU4QjI5RThCN0JFMTgzMkExOUU4NEJGNzg2NTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCppU9O9rXiebBXkfoK1JvJ/qrV
8NTq8P6OD4XVmyQZWaHl9Lbl9LjxI08vCcwcB5EgdzCAXfMMogEz80S1xu2eySRm
Au7jz2O7skBZQWs05mXQrEpqJdT/ELcH+G+5ELUrpZEdlrvFn3lj1kLAMrcha2EX
Nf1ekUb1YR8CF5VtHowntMxyz2XQ+HYDjmvlWX+zj/aHvd8bi8nkdrsymaTVfiu8
ekV5cVsY1F41ga+Cuo7PNzlQMUWIHIxxuhuNJ2TTx1Xu6uXEHs4rRGs2OQVIjCDU
+FrkiGZImHKtw0PEbmejMXUufPeOJGSaoPeZc29U2w2S9axQd/GibS+pNIWzAgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQUmF17o8jVWLKei3vhgyoZ6Ev3hlUwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBhwYIKwYBBQUHAQsEezB5MHcGCCsGAQUFBzALhmtyc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzQzMDMwM2EzYTJmMzMzODJkMzQzODIwM2QzZTIwMzIzMTM1MzUzMzMx
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIw
EDAOBAIAAjAIAwYCKhQHwAQwDQYJKoZIhvcNAQELBQADggEBAHOcy/yKoagxJgWf
rXu2XocaLsaHRgJNNywHfrBXmLdudYLKlt+5KJPIq/4hiuu7HHBNDnenGIExL3Z6
PkIpZ7vXy0/LiwBaNZVqHBJysQDb/sFPxpmoTmE7Y4gjn6qC/ROR8tI9oJwAmTbJ
2mkxKnLHTnwjUNZwHvD0nA7895MZT1ymXA0tWpneguQ/xON+22wb/wYN9QXaK9hz
VDzW+fvNWWal79pwBP4HJuXcUxVJKHt4rnugJ3LyBWYJeA1mYqsrXWo8LuNEUR0W
iBdFLkYBSBQgKE48fSATv1T5jnUO/vprWb9hyMZs7gX8tlu2G1XpUfKDphdbymaE
kJtsoVo=
-----END CERTIFICATE-----