Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a356330303a3a2f34302d3430203d3e20323134353332.roa
File:                     326131343a3763303a356330303a3a2f34302d3430203d3e20323134353332.roa (raw, json)
Hash identifier:          H9IVyMoNT0MlMsOZloe9Ldzb11cnAKTws1lZKMokHho=
Subject key identifier:   C4:56:55:A9:B1:28:57:85:8F:0E:98:01:7C:1C:29:85:23:BC:25:88
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       3BAB5C18DED86740CC8CB245825158D1F9E14747
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a356330303a3a2f34302d3430203d3e20323134353332.roa
Signing time:             Mon 25 Aug 2025 07:38:20 +0000
ROA not before:           Mon 25 Aug 2025 07:33:20 +0000
ROA not after:            Mon 24 Aug 2026 07:38:20 +0000
asID:                     214532
IP address blocks:        2a14:7c0:5c00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 23:04:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:ab:5c:18:de:d8:67:40:cc:8c:b2:45:82:51:58:d1:f9:e1:47:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Aug 25 07:33:20 2025 GMT
            Not After : Aug 24 07:38:20 2026 GMT
        Subject: CN=C45655A9B12857858F0E98017C1C298523BC2588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2a:4f:b1:ee:17:e9:ef:31:e1:70:0d:fa:08:
                    ea:c2:f8:90:c4:c1:19:c9:f7:6f:32:b7:0f:c6:6d:
                    4a:e4:e6:af:4b:a4:ec:90:2a:17:69:9f:fa:d4:06:
                    98:0b:5a:9b:f7:87:c1:22:9b:30:ae:82:49:a9:d7:
                    52:ed:b7:ca:69:fe:bb:79:e5:9d:63:52:ba:a7:79:
                    e0:d5:61:c8:de:b3:72:d5:30:aa:55:82:c1:41:9a:
                    d2:2f:9e:02:ee:cd:10:23:8f:09:b9:98:a7:6a:3b:
                    ff:a0:a7:7a:94:7b:9b:5f:8d:81:3b:37:25:17:60:
                    23:58:05:99:19:8c:e9:62:24:e3:5e:59:17:4e:f9:
                    e5:52:d3:50:d9:1f:a0:47:39:4d:91:d3:0e:3f:fb:
                    0c:05:c1:ad:07:3e:be:87:99:05:cd:c8:6c:b9:6a:
                    a7:99:e3:8e:bc:ac:45:e9:6c:ed:7d:47:67:a5:24:
                    70:dc:9a:7b:97:5c:7c:86:05:8f:14:2c:74:53:9b:
                    09:fb:4f:9f:5d:57:2d:2f:30:27:f3:c0:fd:36:32:
                    5c:24:d8:fe:b7:6b:7c:d8:34:65:cc:c0:ac:a2:54:
                    f2:f9:19:1b:ae:02:f3:02:5c:71:31:c6:8b:37:02:
                    d0:f4:9b:be:ee:63:8e:8a:3f:19:12:72:27:53:a9:
                    92:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:56:55:A9:B1:28:57:85:8F:0E:98:01:7C:1C:29:85:23:BC:25:88
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a356330303a3a2f34302d3430203d3e20323134353332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:5c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         9a:f8:cd:21:4a:a2:7a:51:b3:b1:e7:b1:91:f2:19:1a:47:86:
         52:41:27:8c:44:a2:67:82:38:23:29:f3:86:5c:21:62:14:97:
         93:25:f2:c3:e1:6d:2a:f5:c8:53:09:d3:e7:e3:e3:83:23:0a:
         c2:69:a5:ad:72:46:f7:32:4e:09:12:c6:fe:ad:e4:e2:4a:31:
         99:9d:5a:89:a7:19:c5:d7:1d:be:db:b1:b8:87:84:e0:29:18:
         0e:4a:37:8f:2f:78:9b:20:fd:07:1a:23:2e:c2:49:e4:19:fb:
         22:d1:fc:d8:eb:02:f6:35:af:ed:ac:3e:ef:01:eb:1b:49:aa:
         90:2f:bd:9e:cc:e2:c6:60:75:1a:3b:fb:ac:57:be:14:45:83:
         aa:ad:c8:26:55:f2:5a:c2:85:a7:71:74:3a:cb:cd:5c:79:3c:
         bd:e0:fb:d8:bd:1e:11:b3:70:60:4e:2f:02:e7:5c:56:6a:66:
         5b:ba:07:17:8c:48:ec:93:31:06:8b:a4:e1:29:64:93:58:08:
         10:1c:d4:9d:ee:7b:04:cf:cd:19:b5:2d:55:fc:c1:64:ea:8a:
         ed:f6:f8:ae:a6:53:ac:00:a2:a7:b7:be:17:80:33:fa:1a:80:
         fc:6b:40:f3:1d:b7:f3:0a:94:cd:c3:2a:70:e2:9c:2b:3b:dd:
         a7:22:69:c8
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUO6tcGN7YZ0DMjLJFglFY0fnhR0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNTA4MjUwNzMzMjBaFw0yNjA4MjQwNzM4MjBaMDMxMTAvBgNV
BAMTKEM0NTY1NUE5QjEyODU3ODU4RjBFOTgwMTdDMUMyOTg1MjNCQzI1ODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpKk+x7hfp7zHhcA36COrC+JDE
wRnJ928ytw/GbUrk5q9LpOyQKhdpn/rUBpgLWpv3h8EimzCugkmp11Ltt8pp/rt5
5Z1jUrqneeDVYcjes3LVMKpVgsFBmtIvngLuzRAjjwm5mKdqO/+gp3qUe5tfjYE7
NyUXYCNYBZkZjOliJONeWRdO+eVS01DZH6BHOU2R0w4/+wwFwa0HPr6HmQXNyGy5
aqeZ4468rEXpbO19R2elJHDcmnuXXHyGBY8ULHRTmwn7T59dVy0vMCfzwP02Mlwk
2P63a3zYNGXMwKyiVPL5GRuuAvMCXHExxos3AtD0m77uY46KPxkScidTqZIpAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUxFZVqbEoV4WPDpgBfBwphSO8JYgwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzU2MzMwMzAzYTNhMmYzNDMwMmQzNDMwMjAzZDNlMjAzMjMxMzQzNTMz
MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfAXDANBgkqhkiG9w0BAQsFAAOCAQEAmvjNIUqielGz
seexkfIZGkeGUkEnjESiZ4I4IynzhlwhYhSXkyXyw+FtKvXIUwnT5+PjgyMKwmml
rXJG9zJOCRLG/q3k4koxmZ1aiacZxdcdvtuxuIeE4CkYDko3jy94myD9BxojLsJJ
5Bn7ItH82OsC9jWv7aw+7wHrG0mqkC+9nszixmB1Gjv7rFe+FEWDqq3IJlXyWsKF
p3F0OsvNXHk8veD72L0eEbNwYE4vAudcVmpmW7oHF4xI7JMxBouk4Slkk1gIEBzU
ne57BM/NGbUtVfzBZOqK7fb4rqZTrACip7e+F4Az+hqA/GtA8x238wqUzcMqcOKc
KzvdpyJpyA==
-----END CERTIFICATE-----