Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Netiface/3/326131343a396530303a313030303a3a2f33382d3438203d3e2030.roa
File:                     326131343a396530303a313030303a3a2f33382d3438203d3e2030.roa (raw, json)
Hash identifier:          6ExBLuSQxWHojzPXWa9GzIXEEEhnYmej4adivPlDSJU=
Subject key identifier:   C5:F6:D2:BC:50:04:F0:6A:5B:50:9F:73:F0:9A:AD:9D:47:10:8A:0C
Certificate issuer:       /CN=a640aa61f1d62b9c940459804ae11be99ad43842
Certificate serial:       3435B352C3A7DA2D3AD830AF6C3B921C8AC4DD18
Authority key identifier: A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
Subject info access:      rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a313030303a3a2f33382d3438203d3e2030.roa
Signing time:             Fri 23 May 2025 23:57:46 +0000
ROA not before:           Fri 23 May 2025 23:52:46 +0000
ROA not after:            Fri 22 May 2026 23:57:46 +0000
asID:                     0
IP address blocks:        2a14:9e00:1000::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl
                          rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 13:09:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:35:b3:52:c3:a7:da:2d:3a:d8:30:af:6c:3b:92:1c:8a:c4:dd:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640aa61f1d62b9c940459804ae11be99ad43842
        Validity
            Not Before: May 23 23:52:46 2025 GMT
            Not After : May 22 23:57:46 2026 GMT
        Subject: CN=C5F6D2BC5004F06A5B509F73F09AAD9D47108A0C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:ae:1b:b0:c5:e8:40:ac:ed:bf:28:4e:b8:e3:
                    61:9e:a1:9a:20:31:6a:83:3b:67:44:24:73:17:ad:
                    0b:ca:4e:f0:f1:b8:6d:f7:10:30:8d:31:f8:4b:79:
                    64:b1:b8:8a:04:27:b7:c2:6c:88:ea:dd:aa:87:e7:
                    de:22:df:a1:da:73:49:75:c9:6a:46:f2:3e:45:5f:
                    61:c8:7c:90:21:5b:5c:b8:95:78:c4:47:51:fa:ed:
                    c5:77:6c:e9:18:aa:14:54:d1:3b:22:76:f5:bb:41:
                    4d:1b:2b:45:49:c7:64:2b:07:88:82:17:95:7c:de:
                    d2:45:2a:a6:27:71:d7:c0:ca:c8:db:fe:12:b8:45:
                    78:63:3e:6c:d6:f5:7c:7f:50:50:e8:3f:86:b0:95:
                    cb:71:18:0c:d1:fb:ce:2a:25:91:42:a2:f9:10:c6:
                    92:4c:46:b4:ee:a5:e8:98:a0:22:f7:4c:6a:87:19:
                    b0:45:d4:5a:24:9f:79:40:3e:04:eb:2e:a5:9e:a6:
                    17:d2:70:ec:02:0f:f6:e9:84:43:d0:0b:16:8c:6d:
                    5c:8d:de:ff:85:84:52:da:9c:ea:2f:ac:ab:fa:15:
                    3d:94:eb:93:ea:23:34:11:48:e5:75:dc:67:8a:0b:
                    4d:e9:89:7d:e0:d9:11:07:ec:be:47:ea:73:db:44:
                    37:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:F6:D2:BC:50:04:F0:6A:5B:50:9F:73:F0:9A:AD:9D:47:10:8A:0C
            X509v3 Authority Key Identifier:
                keyid:A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a313030303a3a2f33382d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:1000::/38

    Signature Algorithm: sha256WithRSAEncryption
         64:c6:a9:0e:55:4c:30:b7:cd:d5:54:68:35:f5:a6:be:25:a5:
         e3:c3:5c:cf:02:e8:1c:97:a4:21:9a:1d:66:08:a9:46:74:b5:
         c1:a6:ae:25:d9:0d:72:23:1e:78:30:bb:ed:13:64:3c:04:34:
         69:f6:d4:11:e3:13:00:49:c2:68:62:65:83:de:1a:01:01:0d:
         59:c9:b9:c3:5c:d4:67:bd:19:62:e0:08:5d:50:75:68:3c:21:
         36:e4:7c:25:8c:43:72:f5:6d:c6:b1:81:65:01:95:fb:53:e6:
         42:57:4e:e8:90:af:84:0f:17:20:d1:8a:7f:42:30:01:15:fe:
         1e:5d:bf:b0:cf:81:ad:02:59:65:2f:70:ad:ed:06:da:c0:ef:
         c7:72:e7:23:68:3c:65:b9:fc:ac:27:70:da:88:25:73:80:9c:
         dd:8f:37:f9:8b:09:ec:4b:75:9e:88:b1:de:f0:39:5a:c2:f4:
         87:23:f3:c1:49:6e:7d:25:e7:a3:42:0b:a7:7c:1d:9e:12:a9:
         ea:e1:3c:dc:a6:16:1f:04:4b:1e:a9:b3:d6:21:67:ba:de:d2:
         cf:92:44:9e:8f:76:f6:3f:7c:89:28:e3:53:19:7c:97:77:0d:
         52:be:15:e9:bd:52:75:79:5b:7b:e5:6d:23:8f:a7:12:ba:e0:
         84:48:09:10
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIUNDWzUsOn2i062DCvbDuSHIrE3RgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTY0MGFhNjFmMWQ2MmI5Yzk0MDQ1OTgwNGFlMTFiZTk5
YWQ0Mzg0MjAeFw0yNTA1MjMyMzUyNDZaFw0yNjA1MjIyMzU3NDZaMDMxMTAvBgNV
BAMTKEM1RjZEMkJDNTAwNEYwNkE1QjUwOUY3M0YwOUFBRDlENDcxMDhBMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD8rhuwxehArO2/KE6442GeoZog
MWqDO2dEJHMXrQvKTvDxuG33EDCNMfhLeWSxuIoEJ7fCbIjq3aqH594i36Hac0l1
yWpG8j5FX2HIfJAhW1y4lXjER1H67cV3bOkYqhRU0TsidvW7QU0bK0VJx2QrB4iC
F5V83tJFKqYncdfAysjb/hK4RXhjPmzW9Xx/UFDoP4awlctxGAzR+84qJZFCovkQ
xpJMRrTupeiYoCL3TGqHGbBF1Fokn3lAPgTrLqWephfScOwCD/bphEPQCxaMbVyN
3v+FhFLanOovrKv6FT2U65PqIzQRSOV13GeKC03piX3g2REH7L5H6nPbRDcVAgMB
AAGjggHeMIIB2jAdBgNVHQ4EFgQUxfbSvFAE8GpbUJ9z8JqtnUcQigwwHwYDVR0j
BBgwFoAUpkCqYfHWK5yUBFmASuEb6ZrUOEIwDgYDVR0PAQH/BAQDAgeAMGUGA1Ud
HwReMFwwWqBYoFaGVHJzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vTmV0aWZh
Y2UvMy9BNjQwQUE2MUYxRDYyQjlDOTQwNDU5ODA0QUUxMUJFOTlBRDQzODQyLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcGtDcVlmSFdLNXlVQkZtQVN1RWI2WnJV
T0VJLmNlcjB+BggrBgEFBQcBCwRyMHAwbgYIKwYBBQUHMAuGYnJzeW5jOi8vcmVw
by5ycGtpLnNwYWNlL3JlcG8vTmV0aWZhY2UvMy8zMjYxMzEzNDNhMzk2NTMwMzAz
YTMxMzAzMDMwM2EzYTJmMzMzODJkMzQzODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgIq
FJ4AEDANBgkqhkiG9w0BAQsFAAOCAQEAZMapDlVMMLfN1VRoNfWmviWl48NczwLo
HJekIZodZgipRnS1waauJdkNciMeeDC77RNkPAQ0afbUEeMTAEnCaGJlg94aAQEN
Wcm5w1zUZ70ZYuAIXVB1aDwhNuR8JYxDcvVtxrGBZQGV+1PmQldO6JCvhA8XINGK
f0IwARX+Hl2/sM+BrQJZZS9wre0G2sDvx3LnI2g8Zbn8rCdw2oglc4Cc3Y83+YsJ
7Et1noix3vA5WsL0hyPzwUlufSXno0ILp3wdnhKp6uE83KYWHwRLHqmz1iFnut7S
z5JEno929j98iSjjUxl8l3cNUr4V6b1SdXlbe+VtI4+nErrghEgJEA==
-----END CERTIFICATE-----