Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a356330303a3a2f34302d3430203d3e20323134353332.roa
File:                     326131343a3763303a356330303a3a2f34302d3430203d3e20323134353332.roa (raw, json)
Hash identifier:          mDqiNRVTuhj18jBJOit9uMUOBBgbTe5I9Aoex5ww1JI=
Subject key identifier:   FD:19:FA:EB:FE:10:44:0D:C0:66:24:B2:56:09:FC:74:AD:03:40:B1
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       688F46366C77E6C01C2CE157B3CECEF27ADE710D
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a356330303a3a2f34302d3430203d3e20323134353332.roa
Signing time:             Fri 26 Jul 2024 07:56:39 +0000
ROA not before:           Fri 26 Jul 2024 07:51:39 +0000
ROA not after:            Fri 25 Jul 2025 07:56:39 +0000
asID:                     214532
IP address blocks:        2a14:7c0:5c00::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:8f:46:36:6c:77:e6:c0:1c:2c:e1:57:b3:ce:ce:f2:7a:de:71:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Jul 26 07:51:39 2024 GMT
            Not After : Jul 25 07:56:39 2025 GMT
        Subject: CN=FD19FAEBFE10440DC06624B25609FC74AD0340B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:44:29:25:94:60:58:96:2b:17:57:9c:f8:9c:
                    04:e6:10:8c:d6:55:56:20:eb:b8:96:8b:63:2a:29:
                    6b:fe:e2:ff:91:09:1d:bd:fc:bb:5e:7d:da:0a:92:
                    14:9a:a6:24:8c:90:0b:c8:e8:cb:06:ed:21:ff:8d:
                    60:54:cd:84:7d:d3:4b:24:5b:ae:78:88:90:88:e7:
                    f6:63:d7:7b:4f:5a:e5:31:f3:fa:25:6a:8d:df:4e:
                    c1:3a:2f:d5:1b:51:22:13:30:ec:37:42:5d:61:24:
                    ab:d4:06:06:64:12:4f:d8:e4:87:5f:e6:5a:83:63:
                    b0:b1:94:bd:7b:7a:fb:d4:e6:e6:d1:08:b8:f9:88:
                    48:f3:50:3e:5a:7c:47:ff:9d:b1:24:fc:3b:a1:15:
                    2f:b2:a3:8e:5e:81:1d:68:0c:dc:a0:0e:4c:02:27:
                    21:59:31:0d:af:f2:ee:29:f7:2b:a1:02:e3:aa:47:
                    fc:fd:0e:f6:9d:b8:8b:06:d6:aa:d9:06:49:aa:3f:
                    a2:28:36:ed:ba:b2:d9:44:a5:a0:87:1e:a2:74:6c:
                    65:3f:d9:c0:28:e4:bb:94:f9:5f:46:40:3a:42:f2:
                    9f:63:dd:ba:0a:f9:f5:1e:15:bc:f1:63:06:b9:2e:
                    2e:f0:77:45:d8:ea:d1:f1:65:1d:d3:d0:a1:ff:78:
                    45:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:19:FA:EB:FE:10:44:0D:C0:66:24:B2:56:09:FC:74:AD:03:40:B1
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a356330303a3a2f34302d3430203d3e20323134353332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:5c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         8c:d5:1c:e4:70:cf:b0:33:f3:b9:69:34:59:a2:1b:c3:ff:c0:
         69:78:be:b3:40:19:35:58:fe:27:c2:d6:ba:58:9e:73:6a:be:
         f1:13:e0:58:69:d5:63:a2:ea:73:dc:8f:68:60:2e:30:a4:7d:
         3d:a3:6c:16:a0:ca:f5:49:de:b1:0f:6d:3f:c4:67:47:ee:5f:
         c4:66:69:55:a3:da:a8:3f:a8:4e:fe:28:5f:a2:4d:45:43:83:
         9b:be:52:3c:6b:b4:48:8c:a4:92:f3:cb:81:a2:a7:b2:49:2b:
         12:6a:19:40:37:ec:31:c3:00:cb:b9:78:67:06:0b:8e:22:26:
         f3:b4:77:90:ae:78:ef:ea:52:3b:3b:40:52:4b:bb:3c:2b:e5:
         6c:ea:11:d8:c8:0e:a0:54:2f:ed:77:e4:30:d4:37:96:15:30:
         4c:38:1c:a6:48:59:0f:06:70:60:63:b9:a8:7b:2e:2d:20:7f:
         22:ba:3a:97:f6:c5:15:21:96:d4:56:1a:7f:30:64:30:a8:31:
         9d:36:f4:f0:b4:47:54:75:b7:4b:c3:a2:b0:2b:de:91:5e:8e:
         a5:e4:8f:f8:a7:a3:3b:a9:e8:a6:88:2c:ee:62:1f:b3:5f:35:
         d5:5a:4c:ef:28:d2:a9:43:c1:99:1e:2c:f9:46:c5:ad:2c:3b:
         73:30:4c:c9
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUaI9GNmx35sAcLOFXs87O8nrecQ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA3MjYwNzUxMzlaFw0yNTA3MjUwNzU2MzlaMDMxMTAvBgNV
BAMTKEZEMTlGQUVCRkUxMDQ0MERDMDY2MjRCMjU2MDlGQzc0QUQwMzQwQjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8RCkllGBYlisXV5z4nATmEIzW
VVYg67iWi2MqKWv+4v+RCR29/LtefdoKkhSapiSMkAvI6MsG7SH/jWBUzYR900sk
W654iJCI5/Zj13tPWuUx8/olao3fTsE6L9UbUSITMOw3Ql1hJKvUBgZkEk/Y5Idf
5lqDY7CxlL17evvU5ubRCLj5iEjzUD5afEf/nbEk/DuhFS+yo45egR1oDNygDkwC
JyFZMQ2v8u4p9yuhAuOqR/z9DvaduIsG1qrZBkmqP6IoNu26stlEpaCHHqJ0bGU/
2cAo5LuU+V9GQDpC8p9j3boK+fUeFbzxYwa5Li7wd0XY6tHxZR3T0KH/eEVXAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQU/Rn66/4QRA3AZiSyVgn8dK0DQLEwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzU2MzMwMzAzYTNhMmYzNDMwMmQzNDMwMjAzZDNlMjAzMjMxMzQzNTMz
MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfAXDANBgkqhkiG9w0BAQsFAAOCAQEAjNUc5HDPsDPz
uWk0WaIbw//AaXi+s0AZNVj+J8LWuliec2q+8RPgWGnVY6Lqc9yPaGAuMKR9PaNs
FqDK9UnesQ9tP8RnR+5fxGZpVaPaqD+oTv4oX6JNRUODm75SPGu0SIykkvPLgaKn
skkrEmoZQDfsMcMAy7l4ZwYLjiIm87R3kK547+pSOztAUku7PCvlbOoR2MgOoFQv
7XfkMNQ3lhUwTDgcpkhZDwZwYGO5qHsuLSB/Iro6l/bFFSGW1FYafzBkMKgxnTb0
8LRHVHW3S8OisCvekV6OpeSP+KejO6nopogs7mIfs1811VpM7yjSqUPBmR4s+UbF
rSw7czBMyQ==
-----END CERTIFICATE-----