Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a393130303a3a2f34342d3438203d3e20323135333137.roa
File:                     326131343a3763303a393130303a3a2f34342d3438203d3e20323135333137.roa (raw, json)
Hash identifier:          p/llEmCCSJiokeC4mJ/ROzOlfCa7c55KxM0uEcb2hYM=
Subject key identifier:   66:9F:A5:F7:6B:9E:0D:1F:9C:03:11:64:79:43:38:16:B2:F2:69:F2
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       53BD77EF684B7637447B7CDAF4B0873675DDCDB8
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a393130303a3a2f34342d3438203d3e20323135333137.roa
Signing time:             Tue 28 May 2024 15:03:36 +0000
ROA not before:           Tue 28 May 2024 14:58:36 +0000
ROA not after:            Tue 27 May 2025 15:03:36 +0000
asID:                     215317
IP address blocks:        2a14:7c0:9100::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:bd:77:ef:68:4b:76:37:44:7b:7c:da:f4:b0:87:36:75:dd:cd:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 14:58:36 2024 GMT
            Not After : May 27 15:03:36 2025 GMT
        Subject: CN=669FA5F76B9E0D1F9C03116479433816B2F269F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:07:85:c4:55:5a:ac:d0:38:c5:b3:a0:05:78:
                    1b:3b:81:60:18:4b:f1:ee:25:36:4e:9f:9a:f8:b1:
                    a9:7f:88:64:6a:da:5b:38:45:91:58:25:31:6f:69:
                    e3:81:4d:f2:65:ca:21:43:b7:91:a1:24:81:2f:45:
                    a2:03:4f:d2:8b:d7:8e:c5:27:df:86:5f:34:d0:aa:
                    df:2b:e3:8c:10:89:79:9b:99:ae:d4:57:5e:b5:a2:
                    59:83:89:b0:cc:f9:26:2d:6d:2a:98:23:26:a4:b2:
                    ba:42:a4:05:56:78:f4:73:3a:2c:11:64:51:5e:90:
                    7b:c4:9a:3b:a4:3e:f1:48:84:34:cf:b4:b8:97:8f:
                    a7:8b:4b:e1:d2:11:60:11:6b:0c:ea:c6:1a:84:1e:
                    60:61:d4:f0:6c:85:b6:df:77:3a:77:1a:5c:a4:fe:
                    6d:2a:04:f1:57:cd:8e:0d:31:63:a3:73:ea:ff:aa:
                    74:f6:37:db:6b:3b:f1:77:80:86:c5:57:6d:c5:30:
                    53:d1:c7:c8:16:11:9f:04:38:db:25:e3:94:55:a2:
                    9a:55:12:b0:99:da:6c:4a:7c:c1:f8:7f:dd:66:cd:
                    e1:9d:17:fc:65:15:78:2e:75:e3:ed:72:02:76:7e:
                    40:25:f4:8b:62:26:88:f0:e2:f9:2c:5c:86:bf:8b:
                    52:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:9F:A5:F7:6B:9E:0D:1F:9C:03:11:64:79:43:38:16:B2:F2:69:F2
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a393130303a3a2f34342d3438203d3e20323135333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:9100::/44

    Signature Algorithm: sha256WithRSAEncryption
         11:34:89:61:6d:5d:d6:7e:de:72:de:25:f5:d0:8a:cf:f3:a3:
         ba:14:ff:aa:60:dc:39:6b:7d:71:7f:d2:73:10:a8:5d:b2:ac:
         d4:b8:84:db:a4:53:5b:04:b8:76:d0:f3:fd:db:18:be:c8:a5:
         1a:cb:39:c8:81:d3:34:9e:d0:fd:7d:8a:3a:51:2a:01:f7:24:
         02:64:36:5d:31:e4:4a:f3:b1:70:5d:5c:18:7f:ff:20:b8:7c:
         2b:18:e7:61:06:7c:97:b6:ff:bc:db:c6:a8:a4:b6:92:c9:dd:
         26:52:a5:4c:83:31:fd:c8:3b:dc:87:11:e4:fb:8d:7b:fa:90:
         d9:5c:f7:c8:37:8d:a9:9a:b5:74:c0:81:b1:e1:d2:df:31:5e:
         e6:c9:c5:a7:86:a1:fd:34:c3:14:96:17:f0:53:81:41:c3:fe:
         d6:3e:9e:6e:73:e2:53:52:29:5c:86:4a:7f:c7:07:58:0b:6a:
         b2:d7:06:c6:44:90:2e:e6:44:05:e8:d8:67:76:23:2e:8c:95:
         d0:0b:3c:d0:95:c8:cb:69:9c:49:a2:f1:0b:b9:e1:10:a8:1a:
         9b:9a:dc:da:2c:ca:a7:db:a8:d9:17:f5:ba:19:3f:de:59:b7:
         d2:1f:26:00:6f:9b:23:65:cb:d6:3b:b3:a2:68:24:2f:ec:c9:
         e7:dd:92:23
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUU71372hLdjdEe3za9LCHNnXdzbgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNDU4MzZaFw0yNTA1MjcxNTAzMzZaMDMxMTAvBgNV
BAMTKDY2OUZBNUY3NkI5RTBEMUY5QzAzMTE2NDc5NDMzODE2QjJGMjY5RjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIB4XEVVqs0DjFs6AFeBs7gWAY
S/HuJTZOn5r4sal/iGRq2ls4RZFYJTFvaeOBTfJlyiFDt5GhJIEvRaIDT9KL147F
J9+GXzTQqt8r44wQiXmbma7UV161olmDibDM+SYtbSqYIyaksrpCpAVWePRzOiwR
ZFFekHvEmjukPvFIhDTPtLiXj6eLS+HSEWARawzqxhqEHmBh1PBshbbfdzp3Glyk
/m0qBPFXzY4NMWOjc+r/qnT2N9trO/F3gIbFV23FMFPRx8gWEZ8EONsl45RVoppV
ErCZ2mxKfMH4f91mzeGdF/xlFXgudePtcgJ2fkAl9ItiJojw4vksXIa/i1KhAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUZp+l92ueDR+cAxFkeUM4FrLyafIwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzkzMTMwMzAzYTNhMmYzNDM0MmQzNDM4MjAzZDNlMjAzMjMxMzUzMzMx
Mzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwQqFAfAkQAwDQYJKoZIhvcNAQELBQADggEBABE0iWFtXdZ+
3nLeJfXQis/zo7oU/6pg3DlrfXF/0nMQqF2yrNS4hNukU1sEuHbQ8/3bGL7IpRrL
OciB0zSe0P19ijpRKgH3JAJkNl0x5ErzsXBdXBh//yC4fCsY52EGfJe2/7zbxqik
tpLJ3SZSpUyDMf3IO9yHEeT7jXv6kNlc98g3jamatXTAgbHh0t8xXubJxaeGof00
wxSWF/BTgUHD/tY+nm5z4lNSKVyGSn/HB1gLarLXBsZEkC7mRAXo2Gd2Iy6MldAL
PNCVyMtpnEmi8Qu54RCoGpua3NosyqfbqNkX9boZP95Zt9IfJgBvmyNly9Y7s6Jo
JC/syefdkiM=
-----END CERTIFICATE-----