Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763363a3a2f33322d3332203d3e20323133393933.roa
File:                     326131343a3763363a3a2f33322d3332203d3e20323133393933.roa (raw, json)
Hash identifier:          1e1ii+IYxJHvm3wq6h9BHba6JlsvNIZ/9MxMRRuSowc=
Subject key identifier:   9A:C8:9D:04:97:F1:B1:95:D2:58:0F:4D:B9:FF:CE:A4:9E:C2:42:92
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       784C959B5ACB9ABAB3F7C475E08650AAFD39580D
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763363a3a2f33322d3332203d3e20323133393933.roa
Signing time:             Tue 29 Oct 2024 19:41:23 +0000
ROA not before:           Tue 29 Oct 2024 19:36:23 +0000
ROA not after:            Tue 28 Oct 2025 19:41:23 +0000
asID:                     213993
IP address blocks:        2a14:7c6::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:4c:95:9b:5a:cb:9a:ba:b3:f7:c4:75:e0:86:50:aa:fd:39:58:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Oct 29 19:36:23 2024 GMT
            Not After : Oct 28 19:41:23 2025 GMT
        Subject: CN=9AC89D0497F1B195D2580F4DB9FFCEA49EC24292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1e:dc:8c:22:7f:f4:5f:9d:d5:2a:da:f8:06:
                    11:87:60:8c:f4:aa:be:10:db:dc:fd:8a:96:b8:b3:
                    ac:2d:c3:80:db:18:64:69:ab:73:17:10:50:11:c7:
                    92:5e:f7:b3:e1:e5:bb:e3:01:75:a7:96:4e:49:89:
                    13:a1:c5:26:94:1f:ba:59:1d:34:a8:ef:39:60:85:
                    f7:9e:67:a6:90:65:e0:94:7a:a4:72:39:21:49:16:
                    d6:45:27:69:87:c8:2d:99:da:a2:d4:49:4a:d1:74:
                    e7:c5:f7:75:3a:3a:27:24:d1:69:ee:7e:b1:77:88:
                    10:3c:07:22:44:d1:9b:d4:14:39:a0:94:6e:4e:61:
                    43:2d:83:01:22:1a:0b:e1:cb:03:05:80:aa:e0:ed:
                    a7:49:57:16:d1:d3:d4:1e:48:15:93:5a:5b:d0:ab:
                    d3:a2:2d:ea:01:f1:a2:31:6c:be:84:89:81:a3:7c:
                    e2:0f:60:9e:3f:53:ab:ad:22:e3:bd:e2:ee:a0:90:
                    e5:4c:08:47:46:86:70:42:67:e6:6a:1c:a9:5f:d5:
                    1b:ce:a6:d1:2e:3e:2e:10:ab:bc:b0:7b:b2:48:17:
                    cb:51:37:05:b5:d1:55:e2:c8:17:6b:93:5b:a4:1a:
                    12:be:6d:38:1d:1a:f7:27:7d:00:fb:ad:fc:89:79:
                    ab:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:C8:9D:04:97:F1:B1:95:D2:58:0F:4D:B9:FF:CE:A4:9E:C2:42:92
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763363a3a2f33322d3332203d3e20323133393933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         a2:99:0e:0c:54:5f:1e:cd:3f:8d:4a:71:a2:57:78:d3:b7:f3:
         82:98:07:7f:86:44:85:b9:c8:a6:65:59:4a:88:15:ca:de:ef:
         43:c0:07:45:a5:26:b5:ba:f3:fa:7e:d8:f0:5f:b3:f3:07:ce:
         d8:a8:82:2d:22:f2:d0:68:25:55:b4:07:8d:b2:ec:5f:b7:db:
         e2:ab:47:5a:9a:42:6a:f3:25:6f:2a:b1:86:24:11:12:a9:16:
         c3:f3:60:b3:39:4b:e1:dc:0b:f6:f9:b8:61:5b:39:24:4d:57:
         5e:0c:06:8f:ac:4e:4b:62:8d:01:98:c0:2c:a6:fc:6b:c7:81:
         41:d9:3d:c0:78:7e:9f:57:28:88:10:aa:30:11:43:79:be:8e:
         b4:06:ec:67:00:70:4a:52:d9:19:63:8d:a0:1c:ae:2c:91:ef:
         66:e3:80:18:b3:c2:3c:ff:38:26:89:58:9e:b8:55:4d:ee:2c:
         ec:80:53:b4:68:4a:96:a0:44:95:cb:e9:76:b6:36:0b:92:be:
         5c:2a:57:eb:b7:0e:a0:cc:3c:47:f8:b6:98:f9:a1:fe:c7:bc:
         90:ee:6e:68:79:38:78:49:74:6e:13:8d:04:96:9b:2c:fc:56:
         f7:f5:5a:5e:ff:c2:37:99:35:35:db:6f:78:d9:eb:92:0e:71:
         6d:de:d6:a1
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgIUeEyVm1rLmrqz98R14IZQqv05WA0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNDEwMjkxOTM2MjNaFw0yNTEwMjgxOTQxMjNaMDMxMTAvBgNV
BAMTKDlBQzg5RDA0OTdGMUIxOTVEMjU4MEY0REI5RkZDRUE0OUVDMjQyOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdHtyMIn/0X53VKtr4BhGHYIz0
qr4Q29z9ipa4s6wtw4DbGGRpq3MXEFARx5Je97Ph5bvjAXWnlk5JiROhxSaUH7pZ
HTSo7zlghfeeZ6aQZeCUeqRyOSFJFtZFJ2mHyC2Z2qLUSUrRdOfF93U6Oick0Wnu
frF3iBA8ByJE0ZvUFDmglG5OYUMtgwEiGgvhywMFgKrg7adJVxbR09QeSBWTWlvQ
q9OiLeoB8aIxbL6EiYGjfOIPYJ4/U6utIuO94u6gkOVMCEdGhnBCZ+ZqHKlf1RvO
ptEuPi4Qq7ywe7JIF8tRNwW10VXiyBdrk1ukGhK+bTgdGvcnfQD7rfyJeaszAgMB
AAGjggHhMIIB3TAdBgNVHQ4EFgQUmsidBJfxsZXSWA9Nuf/OpJ7CQpIwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjB/BggrBgEFBQcBCwRzMHEwbwYIKwYBBQUHMAuGY3JzeW5jOi8v
cmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5pcm91dGUvMS8zMjYxMzEzNDNhMzc2
MzM2M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzIzMTMzMzkzOTMzLnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKhQHxjANBgkqhkiG9w0BAQsFAAOCAQEAopkODFRfHs0/jUpxold407fzgpgH
f4ZEhbnIpmVZSogVyt7vQ8AHRaUmtbrz+n7Y8F+z8wfO2KiCLSLy0GglVbQHjbLs
X7fb4qtHWppCavMlbyqxhiQREqkWw/NgszlL4dwL9vm4YVs5JE1XXgwGj6xOS2KN
AZjALKb8a8eBQdk9wHh+n1coiBCqMBFDeb6OtAbsZwBwSlLZGWONoByuLJHvZuOA
GLPCPP84JolYnrhVTe4s7IBTtGhKlqBElcvpdrY2C5K+XCpX67cOoMw8R/i2mPmh
/se8kO5uaHk4eEl0bhONBJabLPxW9/VaXv/CN5k1NdtveNnrkg5xbd7WoQ==
-----END CERTIFICATE-----