Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a363130303a3a2f34302d3430203d3e203231373338.roa
File:                     326131343a3763303a363130303a3a2f34302d3430203d3e203231373338.roa (raw, json)
Hash identifier:          CPz/ECvVLyVQEvKytJUyW+CAW9cYLyDtlDvlKU++RWs=
Subject key identifier:   85:9E:DA:AE:83:A7:D0:E3:E0:9C:7A:2D:2E:CF:47:95:AE:5F:5A:99
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       3B1E1C6D1FAADFDAC179A45DDAA28373EFC029CB
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a363130303a3a2f34302d3430203d3e203231373338.roa
Signing time:             Thu 19 Sep 2024 20:37:30 +0000
ROA not before:           Thu 19 Sep 2024 20:32:30 +0000
ROA not after:            Thu 18 Sep 2025 20:37:30 +0000
asID:                     21738
IP address blocks:        2a14:7c0:6100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:1e:1c:6d:1f:aa:df:da:c1:79:a4:5d:da:a2:83:73:ef:c0:29:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Sep 19 20:32:30 2024 GMT
            Not After : Sep 18 20:37:30 2025 GMT
        Subject: CN=859EDAAE83A7D0E3E09C7A2D2ECF4795AE5F5A99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:38:cb:7b:09:e5:39:fb:5d:c7:83:dd:ca:7e:
                    2c:86:b1:01:3c:7b:b6:a3:0a:7a:9e:3d:a4:8d:a2:
                    23:ed:2b:eb:b7:40:b8:8c:8c:57:9e:75:a8:ed:1c:
                    d8:00:80:9a:04:04:ad:85:d4:e9:5a:09:6e:42:ab:
                    fb:96:78:df:00:93:a6:27:fd:e3:24:27:89:75:79:
                    3d:53:8e:33:12:67:3a:a0:a4:37:84:05:48:b5:1d:
                    a0:58:ab:e1:30:6f:b4:a6:0c:d9:1e:03:2c:30:fd:
                    50:af:bb:65:1f:5f:cc:f6:4d:48:9f:fe:bb:e0:13:
                    9e:c5:90:99:b5:16:70:c3:86:c7:f5:b7:57:89:f2:
                    83:12:a7:4d:62:81:0c:dc:af:b8:30:91:08:22:10:
                    60:5e:a1:ad:d8:26:1f:75:5d:d7:d4:9d:2c:8e:96:
                    05:b9:2b:7e:5d:e3:d6:97:12:a4:65:b6:df:46:e6:
                    0b:cd:d8:d5:9f:6b:51:08:0f:e0:cc:61:b1:53:12:
                    5a:97:b0:7d:df:5b:96:f1:bc:10:02:bf:93:c1:25:
                    4e:a0:ad:3d:71:e5:52:3b:cb:1c:cf:7d:d6:83:8f:
                    2a:67:da:8f:6f:d2:38:c8:69:a9:cb:7b:23:fd:f3:
                    51:b5:d4:e2:b2:67:6b:64:b0:ab:f1:29:f1:3c:65:
                    85:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:9E:DA:AE:83:A7:D0:E3:E0:9C:7A:2D:2E:CF:47:95:AE:5F:5A:99
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a363130303a3a2f34302d3430203d3e203231373338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:6100::/40

    Signature Algorithm: sha256WithRSAEncryption
         4a:0f:95:48:e8:61:49:19:ff:56:d9:be:4f:62:41:87:f7:ff:
         9a:fc:d0:72:a3:e7:f8:aa:b7:1d:0a:05:4e:11:a6:3d:7c:4b:
         a7:b8:ea:0b:76:94:f5:30:28:3c:2b:16:89:db:27:b8:ed:49:
         d5:2a:a8:ea:d0:0e:91:d8:eb:93:16:3c:b9:5f:f4:17:90:d1:
         1a:07:03:17:9e:ca:70:5d:f0:9e:5c:7d:34:55:73:2c:72:95:
         15:77:a5:ff:a1:58:5d:ab:93:46:e6:54:43:79:f0:75:33:26:
         82:ec:9d:cb:2b:e0:13:27:be:44:25:fb:54:7a:56:3c:4d:78:
         b2:54:16:79:95:0a:b9:ac:b7:91:d7:b2:72:8d:6f:be:3b:53:
         14:89:83:2d:bb:28:d5:7e:68:e9:0a:aa:0c:b6:83:3f:c8:e2:
         20:c8:8d:8c:b8:75:6d:79:98:77:18:fb:72:73:db:94:14:6d:
         79:1e:32:4a:a8:fc:b4:18:cc:49:e3:6a:a3:d2:ad:09:d8:a2:
         a9:2f:47:5e:78:f3:d7:7a:09:49:62:42:f7:02:53:99:2b:bf:
         51:e1:9d:51:39:60:bb:a2:76:fd:b5:98:e2:57:0a:13:8e:26:
         09:48:60:68:f3:a5:3b:d3:77:c9:d3:43:bd:af:83:32:85:0d:
         aa:c5:4d:6f
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUOx4cbR+q39rBeaRd2qKDc+/AKcswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA5MTkyMDMyMzBaFw0yNTA5MTgyMDM3MzBaMDMxMTAvBgNV
BAMTKDg1OUVEQUFFODNBN0QwRTNFMDlDN0EyRDJFQ0Y0Nzk1QUU1RjVBOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnOMt7CeU5+13Hg93KfiyGsQE8
e7ajCnqePaSNoiPtK+u3QLiMjFeedajtHNgAgJoEBK2F1OlaCW5Cq/uWeN8Ak6Yn
/eMkJ4l1eT1TjjMSZzqgpDeEBUi1HaBYq+Ewb7SmDNkeAyww/VCvu2UfX8z2TUif
/rvgE57FkJm1FnDDhsf1t1eJ8oMSp01igQzcr7gwkQgiEGBeoa3YJh91XdfUnSyO
lgW5K35d49aXEqRltt9G5gvN2NWfa1EID+DMYbFTElqXsH3fW5bxvBACv5PBJU6g
rT1x5VI7yxzPfdaDjypn2o9v0jjIaanLeyP981G11OKyZ2tksKvxKfE8ZYWJAgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQUhZ7aroOn0OPgnHotLs9Hla5fWpkwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBhwYIKwYBBQUHAQsEezB5MHcGCCsGAQUFBzALhmtyc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzYzMTMwMzAzYTNhMmYzNDMwMmQzNDMwMjAzZDNlMjAzMjMxMzczMzM4
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIw
EDAOBAIAAjAIAwYAKhQHwGEwDQYJKoZIhvcNAQELBQADggEBAEoPlUjoYUkZ/1bZ
vk9iQYf3/5r80HKj5/iqtx0KBU4Rpj18S6e46gt2lPUwKDwrFonbJ7jtSdUqqOrQ
DpHY65MWPLlf9BeQ0RoHAxeeynBd8J5cfTRVcyxylRV3pf+hWF2rk0bmVEN58HUz
JoLsncsr4BMnvkQl+1R6VjxNeLJUFnmVCrmst5HXsnKNb747UxSJgy27KNV+aOkK
qgy2gz/I4iDIjYy4dW15mHcY+3Jz25QUbXkeMkqo/LQYzEnjaqPSrQnYoqkvR154
89d6CUliQvcCU5krv1HhnVE5YLuidv21mOJXChOOJglIYGjzpTvTd8nTQ72vgzKF
DarFTW8=
-----END CERTIFICATE-----