Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Netiface/3/326131343a396530303a313030303a3a2f33382d3438203d3e20323134383334.roa
File:                     326131343a396530303a313030303a3a2f33382d3438203d3e20323134383334.roa (raw, json)
Hash identifier:          V49YsX5OLi5TOtYTJUTnqUVEJjRsqQfdQ/eaBx/63cM=
Subject key identifier:   E5:AC:16:63:77:E5:DA:3B:BB:5B:5E:66:A4:99:90:6D:44:D3:8D:8B
Certificate issuer:       /CN=a640aa61f1d62b9c940459804ae11be99ad43842
Certificate serial:       0EBE7E9B5F1896DA5D490083A8868C1FEC564657
Authority key identifier: A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
Subject info access:      rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a313030303a3a2f33382d3438203d3e20323134383334.roa
Signing time:             Wed 05 Feb 2025 20:07:24 +0000
ROA not before:           Wed 05 Feb 2025 20:02:24 +0000
ROA not after:            Wed 04 Feb 2026 20:07:24 +0000
asID:                     214834
IP address blocks:        2a14:9e00:1000::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl
                          rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:be:7e:9b:5f:18:96:da:5d:49:00:83:a8:86:8c:1f:ec:56:46:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640aa61f1d62b9c940459804ae11be99ad43842
        Validity
            Not Before: Feb  5 20:02:24 2025 GMT
            Not After : Feb  4 20:07:24 2026 GMT
        Subject: CN=E5AC166377E5DA3BBB5B5E66A499906D44D38D8B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5c:57:76:89:ce:ad:0d:44:b8:92:a8:31:d3:
                    11:29:69:00:f1:ff:77:4a:cf:bb:c1:f1:77:bd:4e:
                    45:bb:e4:67:92:2b:3a:7e:3a:75:46:2d:51:60:3d:
                    48:38:c0:a0:6b:31:c2:f5:61:68:45:5d:7b:c4:99:
                    d3:47:b2:14:c4:90:80:5c:2d:27:5d:3f:c8:84:02:
                    45:1c:6e:ae:1f:4e:8e:dd:0e:fb:7c:8c:91:c3:a2:
                    34:7c:05:c8:42:12:0e:f7:28:51:b6:c1:ba:77:f3:
                    10:c7:dd:62:8e:e9:90:e7:2f:16:a3:05:19:b9:9d:
                    b6:6d:e7:a2:be:10:c2:9f:0f:7c:76:66:4c:cc:12:
                    20:22:37:53:37:8c:1e:4d:45:47:1c:45:a9:73:1e:
                    33:03:01:aa:67:44:b9:f5:6e:cc:9b:bf:d5:d2:9a:
                    67:38:1d:98:b5:95:76:b7:c0:a3:09:a3:0a:d3:c1:
                    92:b7:c1:f7:90:3c:b3:95:df:86:2c:4d:25:d6:b7:
                    38:fe:4e:e0:5b:f5:71:e3:76:2b:d0:ce:c8:97:b5:
                    3f:2d:b2:ce:7e:1f:a4:42:b0:00:e9:47:c4:27:03:
                    e0:97:28:33:fe:17:ec:3e:9c:0f:18:69:ab:4c:69:
                    40:99:ea:89:71:9d:af:fc:2a:81:1c:83:7c:12:9e:
                    4e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:AC:16:63:77:E5:DA:3B:BB:5B:5E:66:A4:99:90:6D:44:D3:8D:8B
            X509v3 Authority Key Identifier:
                keyid:A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a313030303a3a2f33382d3438203d3e20323134383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:1000::/38

    Signature Algorithm: sha256WithRSAEncryption
         18:6d:dd:cf:1d:08:31:80:0f:00:c6:47:da:28:88:a9:e7:85:
         61:fd:2f:a6:46:ed:46:25:f5:1b:32:bb:62:6f:8b:7d:f6:d3:
         5c:5b:14:ff:53:e0:74:0a:c4:e7:50:b3:69:05:9f:1d:a3:37:
         f3:34:e9:ac:f1:94:9e:ed:c7:5c:13:2c:11:9d:20:0e:3e:51:
         e8:37:b6:c8:df:bd:fb:65:2c:b2:3b:71:d0:c9:ab:07:65:d8:
         14:e4:48:e5:8d:ba:c5:21:56:cb:16:ab:c7:35:b5:8c:4a:21:
         ef:5b:f0:de:aa:0b:11:65:1a:98:e3:2a:11:b1:8d:7c:d7:91:
         27:b0:83:bf:0c:2c:28:fc:9f:97:b8:cd:82:c6:a4:9a:1d:f6:
         42:e2:9d:71:28:19:ba:0b:02:14:c6:ce:4b:e0:b0:dd:f5:a4:
         98:f0:ec:c4:0d:b2:52:4a:5d:5a:9d:c0:3b:5a:3e:60:6a:c9:
         aa:06:fb:24:65:65:cf:6c:5e:83:6a:c8:57:78:c6:3c:bc:44:
         6d:a3:96:ca:b1:91:a2:18:55:70:69:bc:6c:67:d9:86:89:ec:
         b1:6b:d1:65:6f:a3:4a:0a:78:5d:8f:2a:cb:a9:50:45:2e:09:
         7b:1d:e3:25:d1:66:bc:b0:81:00:ac:21:06:c9:63:a0:a1:47:
         fa:e2:73:c1
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIUDr5+m18YltpdSQCDqIaMH+xWRlcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTY0MGFhNjFmMWQ2MmI5Yzk0MDQ1OTgwNGFlMTFiZTk5
YWQ0Mzg0MjAeFw0yNTAyMDUyMDAyMjRaFw0yNjAyMDQyMDA3MjRaMDMxMTAvBgNV
BAMTKEU1QUMxNjYzNzdFNURBM0JCQjVCNUU2NkE0OTk5MDZENDREMzhEOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdXFd2ic6tDUS4kqgx0xEpaQDx
/3dKz7vB8Xe9TkW75GeSKzp+OnVGLVFgPUg4wKBrMcL1YWhFXXvEmdNHshTEkIBc
LSddP8iEAkUcbq4fTo7dDvt8jJHDojR8BchCEg73KFG2wbp38xDH3WKO6ZDnLxaj
BRm5nbZt56K+EMKfD3x2ZkzMEiAiN1M3jB5NRUccRalzHjMDAapnRLn1bsybv9XS
mmc4HZi1lXa3wKMJowrTwZK3wfeQPLOV34YsTSXWtzj+TuBb9XHjdivQzsiXtT8t
ss5+H6RCsADpR8QnA+CXKDP+F+w+nA8YaatMaUCZ6olxna/8KoEcg3wSnk7ZAgMB
AAGjggHpMIIB5TAdBgNVHQ4EFgQU5awWY3fl2ju7W15mpJmQbUTTjYswHwYDVR0j
BBgwFoAUpkCqYfHWK5yUBFmASuEb6ZrUOEIwDgYDVR0PAQH/BAQDAgeAMGUGA1Ud
HwReMFwwWqBYoFaGVHJzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vTmV0aWZh
Y2UvMy9BNjQwQUE2MUYxRDYyQjlDOTQwNDU5ODA0QUUxMUJFOTlBRDQzODQyLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcGtDcVlmSFdLNXlVQkZtQVN1RWI2WnJV
T0VJLmNlcjCBiAYIKwYBBQUHAQsEfDB6MHgGCCsGAQUFBzALhmxyc3luYzovL3Jl
cG8ucnBraS5zcGFjZS9yZXBvL05ldGlmYWNlLzMvMzI2MTMxMzQzYTM5NjUzMDMw
M2EzMTMwMzAzMDNhM2EyZjMzMzgyZDM0MzgyMDNkM2UyMDMyMzEzNDM4MzMzNC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAw
DgQCAAIwCAMGAioUngAQMA0GCSqGSIb3DQEBCwUAA4IBAQAYbd3PHQgxgA8Axkfa
KIip54Vh/S+mRu1GJfUbMrtib4t99tNcWxT/U+B0CsTnULNpBZ8dozfzNOms8ZSe
7cdcEywRnSAOPlHoN7bI3737ZSyyO3HQyasHZdgU5EjljbrFIVbLFqvHNbWMSiHv
W/DeqgsRZRqY4yoRsY1815EnsIO/DCwo/J+XuM2CxqSaHfZC4p1xKBm6CwIUxs5L
4LDd9aSY8OzEDbJSSl1ancA7Wj5gasmqBvskZWXPbF6DashXeMY8vERto5bKsZGi
GFVwabxsZ9mGieyxa9Flb6NKCnhdjyrLqVBFLgl7HeMl0Wa8sIEArCEGyWOgoUf6
4nPB
-----END CERTIFICATE-----