Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a383030303a3a2f33362d3438203d3e20323134383334.roa
File:                     326131343a3763303a383030303a3a2f33362d3438203d3e20323134383334.roa (raw, json)
Hash identifier:          wPXQm8K51BefGl432fec4ynm8Sb7Fdcd8BIU/4potvg=
Subject key identifier:   D2:43:76:56:AD:4E:CE:C4:D4:0F:72:6D:BA:06:92:47:F4:FB:83:94
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       63F0CC68B544778C13A87C8A630A51A91ED8999C
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a383030303a3a2f33362d3438203d3e20323134383334.roa
Signing time:             Sat 03 Aug 2024 20:16:19 +0000
ROA not before:           Sat 03 Aug 2024 20:11:19 +0000
ROA not after:            Sat 02 Aug 2025 20:16:19 +0000
asID:                     214834
IP address blocks:        2a14:7c0:8000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:f0:cc:68:b5:44:77:8c:13:a8:7c:8a:63:0a:51:a9:1e:d8:99:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Aug  3 20:11:19 2024 GMT
            Not After : Aug  2 20:16:19 2025 GMT
        Subject: CN=D2437656AD4ECEC4D40F726DBA069247F4FB8394
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:35:8b:4a:34:72:71:01:5e:f3:ec:59:40:03:
                    cb:66:a3:22:5b:92:0c:5d:e0:03:ea:1f:5f:47:bf:
                    f0:70:99:41:4a:34:f2:09:ac:25:ce:0e:34:83:ba:
                    cd:9b:b0:ad:02:e7:a1:6d:06:eb:9e:f6:5e:20:73:
                    23:65:ac:a1:fb:c8:c2:63:99:6f:7e:d6:c4:32:97:
                    82:f9:08:87:b2:5b:43:c1:27:46:d6:ed:95:9a:9b:
                    93:d8:bb:a9:8a:21:76:d6:80:47:28:ed:6e:2f:ef:
                    74:b9:80:1e:c8:76:71:38:16:11:75:bc:92:58:b0:
                    b0:8d:eb:0d:95:9b:da:ee:5c:10:ab:67:72:af:c8:
                    ab:10:9d:0b:87:76:f3:d2:7a:68:22:c6:59:ee:e8:
                    8a:96:48:d1:ae:f9:31:eb:64:c3:46:b3:6e:4b:41:
                    00:22:b8:ba:e8:9d:46:8c:66:c4:7b:c4:87:b1:e6:
                    0a:14:0c:78:77:9b:9d:2d:3c:77:0f:db:5a:a4:f4:
                    a5:05:8d:ae:f3:81:fa:e8:5f:25:ff:e6:67:57:ec:
                    fb:01:eb:2b:26:9f:44:47:d8:90:24:c6:e4:0b:e3:
                    50:11:ad:db:8f:fd:e9:c4:a0:eb:9d:76:52:93:45:
                    9c:1e:a9:60:ab:55:e3:c5:fe:b6:f5:43:f3:47:b2:
                    f0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:43:76:56:AD:4E:CE:C4:D4:0F:72:6D:BA:06:92:47:F4:FB:83:94
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a383030303a3a2f33362d3438203d3e20323134383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         55:3b:a2:72:5f:fb:0b:53:9b:6f:9c:c0:5e:63:83:99:f7:cd:
         33:1a:12:25:4e:35:0b:32:f2:cb:25:63:89:e2:f9:32:81:a8:
         d0:e4:5d:e4:d7:b9:30:f5:3f:44:08:6e:40:69:8d:0a:28:5a:
         49:30:ca:67:86:d8:68:81:17:a7:b8:d5:40:92:3b:ba:00:fa:
         fa:3d:7b:3e:6a:e3:3d:65:a8:95:16:4c:f9:4c:a9:77:72:f6:
         49:04:48:d4:ff:e6:ba:69:05:37:ad:2e:a1:6b:3d:ed:97:e3:
         24:9e:00:bf:fc:4f:6e:fa:da:b2:6a:64:10:f1:c2:d0:c7:26:
         fd:4a:4d:43:6d:83:96:7f:24:21:65:49:51:27:af:5a:32:ee:
         ef:cd:30:90:cc:c5:43:1c:e1:c9:55:92:0f:c3:4f:39:64:5f:
         de:41:d9:cd:a4:45:a3:00:d6:f4:c2:ad:21:fe:37:e6:1f:30:
         53:27:0a:fe:69:35:41:8b:30:da:fc:01:45:c3:d3:ce:67:d1:
         54:dd:f4:ad:44:79:49:bc:3f:3a:52:2b:63:7f:06:2c:00:d4:
         0f:b0:51:10:2f:92:e4:73:ca:48:db:39:84:79:bb:21:66:24:
         8f:f8:53:26:3e:d0:c8:3a:4a:08:3d:29:cc:16:30:1b:ae:a8:
         71:d7:4c:a3
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUY/DMaLVEd4wTqHyKYwpRqR7YmZwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA4MDMyMDExMTlaFw0yNTA4MDIyMDE2MTlaMDMxMTAvBgNV
BAMTKEQyNDM3NjU2QUQ0RUNFQzRENDBGNzI2REJBMDY5MjQ3RjRGQjgzOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDENYtKNHJxAV7z7FlAA8tmoyJb
kgxd4APqH19Hv/BwmUFKNPIJrCXODjSDus2bsK0C56FtBuue9l4gcyNlrKH7yMJj
mW9+1sQyl4L5CIeyW0PBJ0bW7ZWam5PYu6mKIXbWgEco7W4v73S5gB7IdnE4FhF1
vJJYsLCN6w2Vm9ruXBCrZ3KvyKsQnQuHdvPSemgixlnu6IqWSNGu+THrZMNGs25L
QQAiuLronUaMZsR7xIex5goUDHh3m50tPHcP21qk9KUFja7zgfroXyX/5mdX7PsB
6ysmn0RH2JAkxuQL41ARrduP/enEoOuddlKTRZweqWCrVePF/rb1Q/NHsvBjAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQU0kN2Vq1OzsTUD3JtugaSR/T7g5QwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzgzMDMwMzAzYTNhMmYzMzM2MmQzNDM4MjAzZDNlMjAzMjMxMzQzODMz
MzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgQqFAfAgDANBgkqhkiG9w0BAQsFAAOCAQEAVTuicl/7C1Ob
b5zAXmODmffNMxoSJU41CzLyyyVjieL5MoGo0ORd5Ne5MPU/RAhuQGmNCihaSTDK
Z4bYaIEXp7jVQJI7ugD6+j17PmrjPWWolRZM+Uypd3L2SQRI1P/mumkFN60uoWs9
7ZfjJJ4Av/xPbvrasmpkEPHC0Mcm/UpNQ22Dln8kIWVJUSevWjLu780wkMzFQxzh
yVWSD8NPOWRf3kHZzaRFowDW9MKtIf435h8wUycK/mk1QYsw2vwBRcPTzmfRVN30
rUR5Sbw/OlIrY38GLADUD7BREC+S5HPKSNs5hHm7IWYkj/hTJj7QyDpKCD0pzBYw
G66ocddMow==
-----END CERTIFICATE-----