Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Netiface/3/326131343a396530303a3230303a3a2f34302d3430203d3e20323134353135.roa
File:                     326131343a396530303a3230303a3a2f34302d3430203d3e20323134353135.roa (raw, json)
Hash identifier:          x4Wz4xUi49scDcHSN021TbaKuu0PCcvyL3sKxMSMfkM=
Subject key identifier:   1C:AE:80:A5:AF:72:11:F4:25:42:07:69:98:62:5E:2D:B5:CA:77:7A
Certificate issuer:       /CN=a640aa61f1d62b9c940459804ae11be99ad43842
Certificate serial:       641FB24AD1AA412B5183470CBA89C237D3993F16
Authority key identifier: A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
Subject info access:      rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a3230303a3a2f34302d3430203d3e20323134353135.roa
Signing time:             Sun 22 Dec 2024 20:52:41 +0000
ROA not before:           Sun 22 Dec 2024 20:47:41 +0000
ROA not after:            Sun 21 Dec 2025 20:52:41 +0000
asID:                     214515
IP address blocks:        2a14:9e00:200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl
                          rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:1f:b2:4a:d1:aa:41:2b:51:83:47:0c:ba:89:c2:37:d3:99:3f:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640aa61f1d62b9c940459804ae11be99ad43842
        Validity
            Not Before: Dec 22 20:47:41 2024 GMT
            Not After : Dec 21 20:52:41 2025 GMT
        Subject: CN=1CAE80A5AF7211F42542076998625E2DB5CA777A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:84:c6:ef:87:d3:27:2c:07:b8:b7:ca:32:e8:
                    3e:48:0c:9f:11:7c:c5:f2:3f:5d:e4:17:8a:c0:51:
                    62:5b:cb:26:4c:2a:b5:34:02:a0:07:f1:7c:18:e7:
                    91:af:c0:a9:e9:59:c8:d5:eb:67:66:a9:b4:3e:f2:
                    7c:1d:bf:01:e7:80:86:91:04:8e:cf:30:2c:ed:6a:
                    5e:fb:e8:d2:f5:13:10:12:84:d3:8b:a2:60:cc:d5:
                    44:bd:ab:51:07:3c:c6:d8:b7:44:4e:73:f8:e4:43:
                    aa:fe:62:be:a4:68:f6:b6:94:c6:31:8d:4b:7a:5d:
                    6c:f6:f0:86:2b:ee:fe:6e:87:1b:5e:06:c9:4f:9b:
                    fa:3b:50:24:33:12:1b:95:78:1f:9c:6e:3c:53:bb:
                    be:c8:ef:04:6f:b8:ac:d3:b2:15:82:27:3e:cf:92:
                    86:d1:8f:6e:4e:0b:c8:90:67:96:19:04:3f:1c:74:
                    8f:25:1b:70:5b:ea:27:ea:af:51:d3:04:1e:e0:94:
                    c3:78:08:fe:ec:45:6d:2e:9d:a7:5b:17:50:16:82:
                    db:74:77:e5:e3:9a:64:51:83:7a:04:65:e0:31:f2:
                    6b:2f:12:6b:2e:9f:08:ea:e5:dc:12:0c:76:09:22:
                    d8:15:a3:ae:ba:f3:7a:0c:3d:0d:67:c3:56:d9:0b:
                    c0:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:AE:80:A5:AF:72:11:F4:25:42:07:69:98:62:5E:2D:B5:CA:77:7A
            X509v3 Authority Key Identifier:
                keyid:A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a3230303a3a2f34302d3430203d3e20323134353135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         22:b6:50:07:93:d9:50:a3:4e:7f:c6:39:99:92:44:d9:08:64:
         89:80:3f:ee:ed:90:56:c6:c8:45:71:28:68:20:bb:0c:bd:8e:
         b9:59:56:e2:94:d6:0d:2a:91:5d:62:20:77:d2:40:9e:97:1d:
         25:ab:69:d7:1e:33:2e:b9:92:a8:da:4f:cf:54:98:ee:31:f3:
         0b:8e:e3:ad:9f:59:66:82:1c:5f:c5:52:56:56:fa:8b:60:7b:
         ba:d3:68:db:a6:90:e2:39:fa:83:0a:1f:44:66:b2:33:d2:08:
         9d:d5:df:b5:e3:9c:e3:eb:82:60:22:a6:ee:88:46:0f:88:7c:
         a4:77:e7:13:16:e9:f4:42:a9:70:39:ea:03:18:9e:9c:51:08:
         c8:9f:cc:76:73:73:58:64:f0:f0:cf:ea:01:f4:75:e6:f4:7f:
         83:19:15:84:17:91:49:42:6c:90:63:0a:45:d9:af:94:69:d9:
         d6:bb:0e:8f:6f:f2:94:50:c0:f2:4c:8f:ce:c9:4c:31:46:04:
         77:04:fa:84:19:fe:0a:89:ef:0b:52:78:e3:34:e2:06:89:e2:
         23:3c:71:1b:3b:31:24:21:bb:1b:17:e5:10:99:e8:fd:71:f8:
         ce:47:54:1d:45:7a:d8:f9:76:54:a7:af:e1:56:46:55:81:e5:
         d4:22:c1:e3
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUZB+yStGqQStRg0cMuonCN9OZPxYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTY0MGFhNjFmMWQ2MmI5Yzk0MDQ1OTgwNGFlMTFiZTk5
YWQ0Mzg0MjAeFw0yNDEyMjIyMDQ3NDFaFw0yNTEyMjEyMDUyNDFaMDMxMTAvBgNV
BAMTKDFDQUU4MEE1QUY3MjExRjQyNTQyMDc2OTk4NjI1RTJEQjVDQTc3N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMhMbvh9MnLAe4t8oy6D5IDJ8R
fMXyP13kF4rAUWJbyyZMKrU0AqAH8XwY55GvwKnpWcjV62dmqbQ+8nwdvwHngIaR
BI7PMCztal776NL1ExAShNOLomDM1US9q1EHPMbYt0ROc/jkQ6r+Yr6kaPa2lMYx
jUt6XWz28IYr7v5uhxteBslPm/o7UCQzEhuVeB+cbjxTu77I7wRvuKzTshWCJz7P
kobRj25OC8iQZ5YZBD8cdI8lG3Bb6ifqr1HTBB7glMN4CP7sRW0unadbF1AWgtt0
d+XjmmRRg3oEZeAx8msvEmsunwjq5dwSDHYJItgVo66683oMPQ1nw1bZC8DDAgMB
AAGjggHnMIIB4zAdBgNVHQ4EFgQUHK6Apa9yEfQlQgdpmGJeLbXKd3owHwYDVR0j
BBgwFoAUpkCqYfHWK5yUBFmASuEb6ZrUOEIwDgYDVR0PAQH/BAQDAgeAMGUGA1Ud
HwReMFwwWqBYoFaGVHJzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vTmV0aWZh
Y2UvMy9BNjQwQUE2MUYxRDYyQjlDOTQwNDU5ODA0QUUxMUJFOTlBRDQzODQyLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcGtDcVlmSFdLNXlVQkZtQVN1RWI2WnJV
T0VJLmNlcjCBhgYIKwYBBQUHAQsEejB4MHYGCCsGAQUFBzALhmpyc3luYzovL3Jl
cG8ucnBraS5zcGFjZS9yZXBvL05ldGlmYWNlLzMvMzI2MTMxMzQzYTM5NjUzMDMw
M2EzMjMwMzAzYTNhMmYzNDMwMmQzNDMwMjAzZDNlMjAzMjMxMzQzNTMxMzUucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgAqFJ4AAjANBgkqhkiG9w0BAQsFAAOCAQEAIrZQB5PZUKNOf8Y5mZJE
2QhkiYA/7u2QVsbIRXEoaCC7DL2OuVlW4pTWDSqRXWIgd9JAnpcdJatp1x4zLrmS
qNpPz1SY7jHzC47jrZ9ZZoIcX8VSVlb6i2B7utNo26aQ4jn6gwofRGayM9IIndXf
teOc4+uCYCKm7ohGD4h8pHfnExbp9EKpcDnqAxienFEIyJ/MdnNzWGTw8M/qAfR1
5vR/gxkVhBeRSUJskGMKRdmvlGnZ1rsOj2/ylFDA8kyPzslMMUYEdwT6hBn+Conv
C1J44zTiBoniIzxxGzsxJCG7GxflEJno/XH4zkdUHUV62Pl2VKev4VZGVYHl1CLB
4w==
-----END CERTIFICATE-----