Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a623030303a3a2f33362d3438203d3e20323135343336.roa
File:                     326131343a3763303a623030303a3a2f33362d3438203d3e20323135343336.roa (raw, json)
Hash identifier:          4tyM4b6SsaXF0WcwiA2eCQ0co/Kt7Cb1Qq4ovmCSNQo=
Subject key identifier:   3C:CA:4B:5A:66:4D:0E:65:46:EB:63:DA:71:48:26:59:02:72:78:A0
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       70C1213718C41E130E2C4586BA0CFDFF590F6F56
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a623030303a3a2f33362d3438203d3e20323135343336.roa
Signing time:             Tue 28 May 2024 15:05:31 +0000
ROA not before:           Tue 28 May 2024 15:00:31 +0000
ROA not after:            Tue 27 May 2025 15:05:31 +0000
asID:                     215436
IP address blocks:        2a14:7c0:b000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:c1:21:37:18:c4:1e:13:0e:2c:45:86:ba:0c:fd:ff:59:0f:6f:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: May 28 15:00:31 2024 GMT
            Not After : May 27 15:05:31 2025 GMT
        Subject: CN=3CCA4B5A664D0E6546EB63DA71482659027278A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4e:be:5d:25:4e:99:13:27:4f:55:68:9e:56:
                    5b:ce:4f:db:ed:5e:4a:4c:3c:cb:fa:c8:19:77:1b:
                    d3:c4:94:42:17:20:1e:b5:33:69:25:56:9b:13:20:
                    55:01:9e:58:4c:63:b0:5a:7a:c1:61:fd:55:5c:9b:
                    ac:9e:ff:f2:dd:d5:2f:f0:61:56:f8:3f:fd:62:1a:
                    5c:58:cc:1b:83:13:24:99:c5:2d:6e:52:02:7f:9f:
                    44:d1:c3:e8:a1:5a:44:78:ac:05:8f:8d:9e:30:88:
                    dd:59:e3:e8:cf:44:0f:5d:5c:24:ea:4a:79:23:c9:
                    b7:71:46:30:67:a3:c6:8a:58:20:56:8c:36:71:30:
                    32:7f:c8:79:d4:23:18:af:a3:24:ae:1d:f1:e8:4f:
                    4e:41:33:7b:7e:2b:96:c5:b3:c7:93:1f:43:e0:dd:
                    12:21:02:fc:e8:41:23:79:5d:68:f9:e6:3c:df:69:
                    64:2e:82:94:c1:59:05:48:de:2a:02:cd:66:e1:13:
                    ec:b5:31:cf:dd:21:ea:15:8f:c3:74:3a:58:05:9c:
                    2d:a0:8d:d8:b9:9d:0c:45:68:fa:ec:d1:76:65:d9:
                    0c:37:cc:f6:9e:16:a0:f9:b2:3e:21:f5:0c:23:a5:
                    0d:e0:f8:01:81:61:96:00:61:89:ef:51:e8:cb:4c:
                    37:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:CA:4B:5A:66:4D:0E:65:46:EB:63:DA:71:48:26:59:02:72:78:A0
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a623030303a3a2f33362d3438203d3e20323135343336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:b000::/36

    Signature Algorithm: sha256WithRSAEncryption
         97:af:c8:d5:b8:c1:d6:92:ed:38:90:dd:0c:79:dd:12:7c:6c:
         ef:66:ec:72:5f:d1:49:40:e0:6e:0b:b7:6b:70:32:54:25:13:
         44:5f:39:11:19:d2:3a:c4:b8:5e:e2:a9:ba:31:5c:c4:c0:61:
         68:95:16:64:f4:16:cd:bf:75:7f:6e:1f:6c:5c:d6:98:99:11:
         eb:ee:ea:7b:59:7c:d2:38:00:91:aa:91:b3:82:95:2e:da:da:
         f6:7d:9f:5a:23:72:ed:08:44:72:09:78:b4:7e:10:65:06:e7:
         13:c1:c2:4d:93:5e:b1:ca:17:d4:fb:72:17:b3:a6:19:b8:37:
         13:85:fe:3f:0d:cd:fa:74:90:a8:a6:4b:03:b8:7d:eb:37:3f:
         c4:f3:dd:fa:19:d4:93:98:21:f4:06:e9:27:45:6f:46:95:d6:
         f7:d9:6e:6b:88:b1:77:d2:0e:69:20:bd:47:20:f3:b5:c1:b6:
         30:42:3f:6f:5f:a7:61:6e:ff:22:9c:ae:86:30:cc:d8:1a:82:
         28:9a:48:49:60:f0:d6:df:2d:27:32:da:4a:93:09:65:69:f6:
         e6:b8:ef:09:c0:00:5a:51:93:34:42:a1:63:d1:13:d6:b7:12:
         ac:4b:b3:2a:56:8d:18:a7:94:21:0e:85:4a:17:5b:02:f5:5d:
         44:15:7a:73
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUcMEhNxjEHhMOLEWGugz9/1kPb1YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDA1MjgxNTAwMzFaFw0yNTA1MjcxNTA1MzFaMDMxMTAvBgNV
BAMTKDNDQ0E0QjVBNjY0RDBFNjU0NkVCNjNEQTcxNDgyNjU5MDI3Mjc4QTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRTr5dJU6ZEydPVWieVlvOT9vt
XkpMPMv6yBl3G9PElEIXIB61M2klVpsTIFUBnlhMY7BaesFh/VVcm6ye//Ld1S/w
YVb4P/1iGlxYzBuDEySZxS1uUgJ/n0TRw+ihWkR4rAWPjZ4wiN1Z4+jPRA9dXCTq
SnkjybdxRjBno8aKWCBWjDZxMDJ/yHnUIxivoySuHfHoT05BM3t+K5bFs8eTH0Pg
3RIhAvzoQSN5XWj55jzfaWQugpTBWQVI3ioCzWbhE+y1Mc/dIeoVj8N0OlgFnC2g
jdi5nQxFaPrs0XZl2Qw3zPaeFqD5sj4h9QwjpQ3g+AGBYZYAYYnvUejLTDdpAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUPMpLWmZNDmVG62PacUgmWQJyeKAwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhNjIzMDMwMzAzYTNhMmYzMzM2MmQzNDM4MjAzZDNlMjAzMjMxMzUzNDMz
MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgQqFAfAsDANBgkqhkiG9w0BAQsFAAOCAQEAl6/I1bjB1pLt
OJDdDHndEnxs72bscl/RSUDgbgu3a3AyVCUTRF85ERnSOsS4XuKpujFcxMBhaJUW
ZPQWzb91f24fbFzWmJkR6+7qe1l80jgAkaqRs4KVLtra9n2fWiNy7QhEcgl4tH4Q
ZQbnE8HCTZNescoX1PtyF7OmGbg3E4X+Pw3N+nSQqKZLA7h96zc/xPPd+hnUk5gh
9AbpJ0VvRpXW99lua4ixd9IOaSC9RyDztcG2MEI/b1+nYW7/IpyuhjDM2BqCKJpI
SWDw1t8tJzLaSpMJZWn25rjvCcAAWlGTNEKhY9ET1rcSrEuzKlaNGKeUIQ6FShdb
AvVdRBV6cw==
-----END CERTIFICATE-----