Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Netiface/3/326131343a396530303a3330303a3a2f34302d3430203d3e203630323233.roa
File:                     326131343a396530303a3330303a3a2f34302d3430203d3e203630323233.roa (raw, json)
Hash identifier:          OgTW7WzxR6g+6szzdgCFhGWBRyPDwCwaKEVA7kGKa4I=
Subject key identifier:   9A:EA:AF:06:5F:60:E9:77:A0:FF:CE:D6:AA:B8:1B:29:23:C5:54:79
Certificate issuer:       /CN=a640aa61f1d62b9c940459804ae11be99ad43842
Certificate serial:       64E4C7687C6B641F45720099AEAA9D6291BD54B1
Authority key identifier: A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
Subject info access:      rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a3330303a3a2f34302d3430203d3e203630323233.roa
Signing time:             Sun 23 Mar 2025 13:44:53 +0000
ROA not before:           Sun 23 Mar 2025 13:39:53 +0000
ROA not after:            Sun 22 Mar 2026 13:44:53 +0000
asID:                     60223
IP address blocks:        2a14:9e00:300::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl
                          rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:e4:c7:68:7c:6b:64:1f:45:72:00:99:ae:aa:9d:62:91:bd:54:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640aa61f1d62b9c940459804ae11be99ad43842
        Validity
            Not Before: Mar 23 13:39:53 2025 GMT
            Not After : Mar 22 13:44:53 2026 GMT
        Subject: CN=9AEAAF065F60E977A0FFCED6AAB81B2923C55479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8b:d5:9e:9b:e7:35:61:9b:f4:ca:73:90:08:
                    f1:34:46:b7:cd:16:df:93:30:61:39:80:ef:6a:25:
                    31:9d:6f:89:a6:ce:81:89:1c:7d:94:56:67:8f:ba:
                    d1:54:7f:75:8a:7a:85:e2:f1:b1:26:7c:78:8f:6a:
                    56:a0:c0:0c:90:9f:98:3c:47:64:78:ee:c1:14:cf:
                    b9:db:c8:b4:05:c8:23:4c:fb:a7:bf:44:e3:52:38:
                    0b:c5:d8:0d:b7:a1:ed:ad:76:6e:5e:a1:96:42:78:
                    6b:c4:ea:8c:fc:22:6b:23:6f:b2:65:5b:b6:1c:f3:
                    15:59:64:6f:32:ee:e8:12:00:3b:6a:e8:74:a2:d2:
                    c7:0b:7d:05:26:c3:11:6d:df:83:cd:32:6b:06:19:
                    10:25:30:03:6a:dd:95:c8:8e:75:c8:7e:ca:8b:33:
                    87:df:a3:ac:2b:72:00:6b:23:9e:27:82:51:62:f0:
                    a9:40:4c:0a:b3:54:8e:cc:d7:4f:bb:4d:b7:71:a8:
                    82:fe:80:be:40:0b:9b:9c:fe:73:30:76:a8:9b:8b:
                    fc:70:08:10:57:a2:d4:68:d0:1a:0f:4b:8b:eb:6c:
                    31:20:6c:34:8c:f3:3f:7a:a1:89:ad:d2:98:7d:5c:
                    98:4b:17:9a:15:a1:ac:24:c1:6d:63:20:12:8d:91:
                    f6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:EA:AF:06:5F:60:E9:77:A0:FF:CE:D6:AA:B8:1B:29:23:C5:54:79
            X509v3 Authority Key Identifier:
                keyid:A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a3330303a3a2f34302d3430203d3e203630323233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         86:41:a1:f7:03:1e:85:b3:65:f1:32:1c:5e:5d:61:a1:bd:c2:
         2c:ef:3a:70:40:44:df:d1:99:e9:4a:44:5a:23:5f:d5:a9:b8:
         43:1a:78:95:1b:70:b6:b5:4a:b7:2e:98:8e:24:83:49:d5:3b:
         37:c4:be:94:13:a5:cf:24:1d:76:ba:53:52:98:b9:ed:fb:59:
         b4:ac:ff:3d:36:13:09:ad:70:d2:39:58:fa:fc:1b:20:56:a0:
         6a:4e:e8:a0:1c:70:7e:56:03:c2:e2:88:be:04:37:38:71:2f:
         5e:24:87:28:bc:90:5e:d8:53:d0:b6:aa:3b:b8:53:9a:84:a4:
         87:73:f6:a6:4d:b0:f1:44:80:39:84:4c:70:21:a5:e5:96:20:
         8a:52:0e:b0:fa:21:bd:52:45:74:54:ec:b3:b1:b6:35:62:14:
         cf:0f:92:48:51:1a:53:3d:20:7a:7c:05:b0:0a:da:8a:a4:ff:
         f0:f6:66:4f:27:6b:92:ec:87:57:47:91:82:0f:54:a7:7c:03:
         a3:1c:28:18:7d:95:c0:71:1f:19:b9:bf:63:39:8d:a7:63:b3:
         6c:e5:45:cd:62:c3:f9:7e:8b:68:62:00:1c:ea:9d:42:5f:f8:
         1a:af:14:3b:b3:12:5c:b4:1f:ea:47:ef:6a:60:79:23:c1:7f:
         ee:b2:31:95
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgIUZOTHaHxrZB9FcgCZrqqdYpG9VLEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTY0MGFhNjFmMWQ2MmI5Yzk0MDQ1OTgwNGFlMTFiZTk5
YWQ0Mzg0MjAeFw0yNTAzMjMxMzM5NTNaFw0yNjAzMjIxMzQ0NTNaMDMxMTAvBgNV
BAMTKDlBRUFBRjA2NUY2MEU5NzdBMEZGQ0VENkFBQjgxQjI5MjNDNTU0NzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3i9Wem+c1YZv0ynOQCPE0RrfN
Ft+TMGE5gO9qJTGdb4mmzoGJHH2UVmePutFUf3WKeoXi8bEmfHiPalagwAyQn5g8
R2R47sEUz7nbyLQFyCNM+6e/RONSOAvF2A23oe2tdm5eoZZCeGvE6oz8Imsjb7Jl
W7Yc8xVZZG8y7ugSADtq6HSi0scLfQUmwxFt34PNMmsGGRAlMANq3ZXIjnXIfsqL
M4ffo6wrcgBrI54nglFi8KlATAqzVI7M10+7TbdxqIL+gL5AC5uc/nMwdqibi/xw
CBBXotRo0BoPS4vrbDEgbDSM8z96oYmt0ph9XJhLF5oVoawkwW1jIBKNkfY3AgMB
AAGjggHlMIIB4TAdBgNVHQ4EFgQUmuqvBl9g6Xeg/87WqrgbKSPFVHkwHwYDVR0j
BBgwFoAUpkCqYfHWK5yUBFmASuEb6ZrUOEIwDgYDVR0PAQH/BAQDAgeAMGUGA1Ud
HwReMFwwWqBYoFaGVHJzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vTmV0aWZh
Y2UvMy9BNjQwQUE2MUYxRDYyQjlDOTQwNDU5ODA0QUUxMUJFOTlBRDQzODQyLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcGtDcVlmSFdLNXlVQkZtQVN1RWI2WnJV
T0VJLmNlcjCBhAYIKwYBBQUHAQsEeDB2MHQGCCsGAQUFBzALhmhyc3luYzovL3Jl
cG8ucnBraS5zcGFjZS9yZXBvL05ldGlmYWNlLzMvMzI2MTMxMzQzYTM5NjUzMDMw
M2EzMzMwMzAzYTNhMmYzNDMwMmQzNDMwMjAzZDNlMjAzNjMwMzIzMjMzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIA
AjAIAwYAKhSeAAMwDQYJKoZIhvcNAQELBQADggEBAIZBofcDHoWzZfEyHF5dYaG9
wizvOnBARN/RmelKRFojX9WpuEMaeJUbcLa1SrcumI4kg0nVOzfEvpQTpc8kHXa6
U1KYue37WbSs/z02EwmtcNI5WPr8GyBWoGpO6KAccH5WA8LiiL4ENzhxL14khyi8
kF7YU9C2qju4U5qEpIdz9qZNsPFEgDmETHAhpeWWIIpSDrD6Ib1SRXRU7LOxtjVi
FM8PkkhRGlM9IHp8BbAK2oqk//D2Zk8na5Lsh1dHkYIPVKd8A6McKBh9lcBxHxm5
v2M5jadjs2zlRc1iw/l+i2hiABzqnUJf+BqvFDuzEly0H+pH72pgeSPBf+6yMZU=
-----END CERTIFICATE-----