Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763313a3a2f33322d3438203d3e203531333936.roa
File:                     326131343a3763313a3a2f33322d3438203d3e203531333936.roa (raw, json)
Hash identifier:          nJC28iNT7rpgy0Baq9T/HZIVz9r1BZJaRNU9s0xQKiw=
Subject key identifier:   9B:A4:4B:40:2C:43:CB:01:55:B6:33:F9:66:1A:2C:9D:4A:F3:88:9E
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       2585E801A538432E4F1A310F60735667BA9B06FE
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763313a3a2f33322d3438203d3e203531333936.roa
Signing time:             Mon 25 Aug 2025 07:38:20 +0000
ROA not before:           Mon 25 Aug 2025 07:33:20 +0000
ROA not after:            Mon 24 Aug 2026 07:38:20 +0000
asID:                     51396
IP address blocks:        2a14:7c1::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:85:e8:01:a5:38:43:2e:4f:1a:31:0f:60:73:56:67:ba:9b:06:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Aug 25 07:33:20 2025 GMT
            Not After : Aug 24 07:38:20 2026 GMT
        Subject: CN=9BA44B402C43CB0155B633F9661A2C9D4AF3889E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:21:23:f1:04:0f:52:d4:5c:2c:15:96:c8:06:
                    0e:02:7a:9a:a3:69:54:24:94:fd:15:ed:4f:e2:2c:
                    b8:2e:b3:f2:46:fe:bb:04:87:25:e7:4b:20:d7:64:
                    42:4d:0d:bf:fe:bc:16:82:18:89:8d:1a:3b:a6:98:
                    33:cb:8a:2f:68:ac:3a:df:ac:5b:ce:a6:19:40:8a:
                    61:cb:77:23:5f:59:81:cb:a3:f5:ce:b6:30:6f:b3:
                    7f:55:35:f0:87:70:46:e2:b7:e1:d8:83:9f:1f:26:
                    3f:ae:1f:7d:0f:19:46:13:ce:e6:b3:12:e8:ec:c0:
                    4b:b5:76:0f:92:db:85:44:59:4b:25:18:ae:0d:35:
                    13:b9:af:b9:75:6b:90:66:6b:69:23:f8:59:f8:2c:
                    32:1a:af:a2:7a:01:c2:6e:17:09:f5:e0:da:1f:5a:
                    1c:87:bb:16:87:39:6e:c7:6e:e4:69:96:08:84:52:
                    30:b3:99:b9:15:6b:d2:43:f0:49:f8:6d:fa:09:45:
                    27:d4:5f:5c:d0:ed:6b:60:17:2d:71:a0:ac:0e:8e:
                    b7:a5:e2:01:c2:99:5d:23:ff:2e:a6:c7:29:de:d8:
                    69:17:a8:d2:c7:a2:80:cf:9e:13:84:20:2d:66:a9:
                    c6:36:c6:04:00:bf:9e:de:7f:30:e7:aa:85:26:e3:
                    09:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:A4:4B:40:2C:43:CB:01:55:B6:33:F9:66:1A:2C:9D:4A:F3:88:9E
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763313a3a2f33322d3438203d3e203531333936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:2b:be:71:31:03:a3:66:5a:25:20:d4:b4:49:04:51:fc:01:
         ec:68:30:5f:f3:c6:7e:77:5a:42:32:e4:57:45:e5:39:46:f3:
         bc:e2:54:67:c5:d3:f8:d3:94:f0:80:fd:bb:c2:7e:24:91:93:
         23:60:5b:34:1d:9f:42:31:0c:1b:a6:6b:75:66:58:e5:08:bb:
         64:bd:7a:d6:70:d8:5a:16:08:ad:e9:95:57:1d:f9:7c:2c:98:
         b0:0b:b4:07:4b:a7:d8:be:f0:07:62:a9:6c:25:31:89:08:df:
         de:f3:a3:2c:1a:60:33:64:59:64:9b:5e:e2:88:61:94:73:60:
         ae:65:81:0c:31:5f:d0:8e:43:e3:ed:6f:ba:e9:9c:d3:fa:46:
         d4:3e:53:c2:57:94:27:b9:95:b1:a6:a8:f5:2b:83:ba:3d:d6:
         c3:a5:08:e7:61:9d:4c:5d:52:0a:26:a0:c4:f0:65:0b:18:3f:
         8f:83:a4:92:5a:d1:92:5a:c9:70:96:41:31:48:33:81:ae:4b:
         cd:2d:1c:c4:a6:ce:88:12:00:c9:7a:ab:5b:b0:1d:84:67:5a:
         19:5a:a0:88:62:3c:62:64:1b:26:85:46:90:f0:d1:91:fd:64:
         06:f6:89:1b:f9:e3:6d:fc:9b:66:df:99:06:45:ec:28:8b:9e:
         d7:d3:94:f6
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUJYXoAaU4Qy5PGjEPYHNWZ7qbBv4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNTA4MjUwNzMzMjBaFw0yNjA4MjQwNzM4MjBaMDMxMTAvBgNV
BAMTKDlCQTQ0QjQwMkM0M0NCMDE1NUI2MzNGOTY2MUEyQzlENEFGMzg4OUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzISPxBA9S1FwsFZbIBg4Cepqj
aVQklP0V7U/iLLgus/JG/rsEhyXnSyDXZEJNDb/+vBaCGImNGjummDPLii9orDrf
rFvOphlAimHLdyNfWYHLo/XOtjBvs39VNfCHcEbit+HYg58fJj+uH30PGUYTzuaz
EujswEu1dg+S24VEWUslGK4NNRO5r7l1a5Bma2kj+Fn4LDIar6J6AcJuFwn14Nof
WhyHuxaHOW7HbuRplgiEUjCzmbkVa9JD8En4bfoJRSfUX1zQ7WtgFy1xoKwOjrel
4gHCmV0j/y6mxyne2GkXqNLHooDPnhOEIC1mqcY2xgQAv57efzDnqoUm4wmJAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUm6RLQCxDywFVtjP5ZhosnUrziJ4wHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjB9BggrBgEFBQcBCwRxMG8wbQYIKwYBBQUHMAuGYXJzeW5jOi8v
cmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5pcm91dGUvMS8zMjYxMzEzNDNhMzc2
MzMxM2EzYTJmMzMzMjJkMzQzODIwM2QzZTIwMzUzMTMzMzkzNi5yb2EwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMF
ACoUB8EwDQYJKoZIhvcNAQELBQADggEBAJkrvnExA6NmWiUg1LRJBFH8AexoMF/z
xn53WkIy5FdF5TlG87ziVGfF0/jTlPCA/bvCfiSRkyNgWzQdn0IxDBuma3VmWOUI
u2S9etZw2FoWCK3plVcd+XwsmLALtAdLp9i+8AdiqWwlMYkI397zoywaYDNkWWSb
XuKIYZRzYK5lgQwxX9COQ+Ptb7rpnNP6RtQ+U8JXlCe5lbGmqPUrg7o91sOlCOdh
nUxdUgomoMTwZQsYP4+DpJJa0ZJayXCWQTFIM4GuS80tHMSmzogSAMl6q1uwHYRn
WhlaoIhiPGJkGyaFRpDw0ZH9ZAb2iRv54238m2bfmQZF7CiLntfTlPY=
-----END CERTIFICATE-----