Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a356530303a3a2f34302d3438203d3e20323131393035.roa
File:                     326131343a3763303a356530303a3a2f34302d3438203d3e20323131393035.roa (raw, json)
Hash identifier:          SdOWjuwD9X6sHtGzAiFy2w+JEeQ07ca9VYzp0ty4Kxk=
Subject key identifier:   91:3D:E9:1F:67:0E:A2:41:6F:0F:01:FE:C5:27:9D:36:7C:9B:06:5D
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       7427EB880DB6E365A8640837690D14A4BF270B70
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a356530303a3a2f34302d3438203d3e20323131393035.roa
Signing time:             Thu 01 Aug 2024 20:11:36 +0000
ROA not before:           Thu 01 Aug 2024 20:06:36 +0000
ROA not after:            Thu 31 Jul 2025 20:11:36 +0000
asID:                     211905
IP address blocks:        2a14:7c0:5e00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:27:eb:88:0d:b6:e3:65:a8:64:08:37:69:0d:14:a4:bf:27:0b:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Aug  1 20:06:36 2024 GMT
            Not After : Jul 31 20:11:36 2025 GMT
        Subject: CN=913DE91F670EA2416F0F01FEC5279D367C9B065D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:13:c2:48:70:77:ca:31:11:6f:dc:1b:7e:3d:
                    a9:95:b0:ac:3f:7f:ad:db:8c:a6:bf:a7:49:90:de:
                    19:10:7c:14:37:d0:30:18:08:5b:03:6c:9c:45:a2:
                    f3:f1:56:49:4e:b1:a3:9b:fa:2c:f7:94:e9:75:b4:
                    12:0b:df:f7:fb:31:6e:5e:bf:c9:30:f9:07:b3:64:
                    58:d2:b7:70:ce:fb:18:b7:99:cc:52:71:05:4b:b4:
                    d5:4a:64:5e:0e:8e:ac:61:1f:e0:6b:19:e8:61:61:
                    01:4a:0d:29:77:b7:54:13:bf:41:4f:78:c3:2f:91:
                    30:3a:7c:f0:55:e1:80:d7:9a:8b:5c:0a:fa:71:f2:
                    5b:a1:14:3f:3c:c7:8e:c0:53:69:fd:a8:3b:88:c9:
                    14:1f:32:f7:89:0e:03:15:d5:8a:54:52:83:d7:2f:
                    b3:7b:74:d4:f1:0c:5a:3e:af:ba:63:78:5e:f3:3c:
                    cd:c9:73:fe:49:18:e1:6c:4d:5f:7d:d2:39:4c:b3:
                    25:4a:21:58:9b:1e:02:25:7c:b2:52:3e:6b:d9:3d:
                    c8:a9:51:a8:64:27:4e:d8:05:9e:2d:eb:ac:a5:33:
                    6e:da:68:e9:f3:d7:a4:ca:cf:c2:6f:0b:23:8c:85:
                    e5:82:88:84:0f:51:5b:38:be:06:d9:85:38:72:07:
                    6b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:3D:E9:1F:67:0E:A2:41:6F:0F:01:FE:C5:27:9D:36:7C:9B:06:5D
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a356530303a3a2f34302d3438203d3e20323131393035.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:5e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         05:65:07:b9:45:50:6b:3c:bb:0e:f2:55:fa:7b:b1:a1:fc:3c:
         11:7c:0e:d2:6f:8c:d5:d3:96:37:f9:41:e0:2c:9e:69:ab:32:
         5e:b9:51:9e:87:a6:84:15:0c:39:ab:d1:0b:f7:a2:45:4d:1c:
         01:88:3b:b7:f5:9d:64:d9:fa:a9:46:6e:ec:d0:a2:15:78:6b:
         f3:de:65:69:9e:95:a2:eb:8e:1d:ef:71:0f:30:da:0d:1b:7f:
         19:16:b2:46:19:d4:ef:20:cb:e0:51:5f:2b:55:e4:0f:01:63:
         fb:41:a8:fd:18:c0:4a:0d:2f:ed:ae:58:bb:7a:51:c6:72:75:
         d1:6c:c6:10:85:1b:58:53:1b:f0:76:aa:e9:88:ca:ac:77:6b:
         a6:3d:03:ac:fb:b7:1f:60:b0:c5:47:a9:03:f1:28:7c:85:47:
         e0:f0:5a:a6:08:99:81:bc:72:72:0d:20:0a:80:a1:b1:da:c8:
         f5:79:39:c0:91:f9:5c:81:b2:b0:ad:01:1b:27:c4:c1:17:77:
         28:ee:ac:eb:85:6c:04:a7:74:24:ce:f2:6a:84:80:3e:1c:33:
         ab:44:b6:b0:11:38:2e:64:63:64:b9:c5:0f:4f:ae:3c:f3:fc:
         6c:53:fb:54:f1:24:02:10:eb:c3:b5:4b:0a:2f:3c:1a:6e:ee:
         7c:2e:76:58
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUdCfriA2242WoZAg3aQ0UpL8nC3AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA4MDEyMDA2MzZaFw0yNTA3MzEyMDExMzZaMDMxMTAvBgNV
BAMTKDkxM0RFOTFGNjcwRUEyNDE2RjBGMDFGRUM1Mjc5RDM2N0M5QjA2NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqE8JIcHfKMRFv3Bt+PamVsKw/
f63bjKa/p0mQ3hkQfBQ30DAYCFsDbJxFovPxVklOsaOb+iz3lOl1tBIL3/f7MW5e
v8kw+QezZFjSt3DO+xi3mcxScQVLtNVKZF4OjqxhH+BrGehhYQFKDSl3t1QTv0FP
eMMvkTA6fPBV4YDXmotcCvpx8luhFD88x47AU2n9qDuIyRQfMveJDgMV1YpUUoPX
L7N7dNTxDFo+r7pjeF7zPM3Jc/5JGOFsTV990jlMsyVKIVibHgIlfLJSPmvZPcip
UahkJ07YBZ4t66ylM27aaOnz16TKz8JvCyOMheWCiIQPUVs4vgbZhThyB2tRAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUkT3pH2cOokFvDwH+xSedNnybBl0wHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzU2NTMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMxMzEzOTMw
MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfAXjANBgkqhkiG9w0BAQsFAAOCAQEABWUHuUVQazy7
DvJV+nuxofw8EXwO0m+M1dOWN/lB4CyeaasyXrlRnoemhBUMOavRC/eiRU0cAYg7
t/WdZNn6qUZu7NCiFXhr895laZ6VouuOHe9xDzDaDRt/GRayRhnU7yDL4FFfK1Xk
DwFj+0Go/RjASg0v7a5Yu3pRxnJ10WzGEIUbWFMb8Haq6YjKrHdrpj0DrPu3H2Cw
xUepA/EofIVH4PBapgiZgbxycg0gCoChsdrI9Xk5wJH5XIGysK0BGyfEwRd3KO6s
64VsBKd0JM7yaoSAPhwzq0S2sBE4LmRjZLnFD0+uPPP8bFP7VPEkAhDrw7VLCi88
Gm7ufC52WA==
-----END CERTIFICATE-----