Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Netiface/3/326131343a396530303a3430303a3a2f33382d3438203d3e20323134383334.roa
File:                     326131343a396530303a3430303a3a2f33382d3438203d3e20323134383334.roa (raw, json)
Hash identifier:          BWHp2nIhhLhLdb75DtUHjKZyuuAsEmrFMSDX806kq4s=
Subject key identifier:   8B:B6:5B:81:65:29:DA:CF:BA:D2:A3:AF:DE:FA:8F:2F:06:65:82:8F
Certificate issuer:       /CN=a640aa61f1d62b9c940459804ae11be99ad43842
Certificate serial:       121116F513508517B419FF5A040149C4C9EE7A19
Authority key identifier: A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
Subject info access:      rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a3430303a3a2f33382d3438203d3e20323134383334.roa
Signing time:             Sat 14 Dec 2024 16:02:45 +0000
ROA not before:           Sat 14 Dec 2024 15:57:45 +0000
ROA not after:            Sat 13 Dec 2025 16:02:45 +0000
asID:                     214834
IP address blocks:        2a14:9e00:400::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl
                          rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:11:16:f5:13:50:85:17:b4:19:ff:5a:04:01:49:c4:c9:ee:7a:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640aa61f1d62b9c940459804ae11be99ad43842
        Validity
            Not Before: Dec 14 15:57:45 2024 GMT
            Not After : Dec 13 16:02:45 2025 GMT
        Subject: CN=8BB65B816529DACFBAD2A3AFDEFA8F2F0665828F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ee:dc:96:8a:b6:f1:56:f9:53:f6:02:8d:45:
                    ba:a5:5a:3f:a2:f4:3e:1c:23:5c:b7:06:75:a6:cc:
                    c5:19:96:6e:d3:c4:11:95:2d:45:18:67:21:d1:48:
                    6a:9f:4a:0d:db:8d:f4:d5:f8:66:63:df:be:cf:4a:
                    3b:ed:5e:47:29:dc:ea:7e:a9:7e:aa:16:81:6e:2f:
                    65:5c:80:c9:15:cb:ad:68:c4:2d:3b:63:6c:8a:6f:
                    67:bb:21:bd:16:ff:20:b9:d4:68:11:c0:4f:0d:15:
                    6c:9c:76:1b:c0:56:7f:49:18:b3:0d:eb:4c:00:41:
                    37:1b:2c:89:b4:20:2a:31:3c:32:7b:7e:16:3a:29:
                    b3:5c:96:da:3f:dc:59:81:f2:a3:cd:6b:7f:c6:52:
                    a5:ca:36:a0:59:77:5d:51:82:f0:d6:b7:f4:df:81:
                    38:86:48:9c:b8:3d:09:eb:db:1e:9b:b3:eb:e3:0e:
                    ee:3a:35:7c:3e:9a:99:11:f7:f3:a3:3c:67:33:96:
                    59:2a:34:9a:98:de:27:4f:cc:25:0c:6d:57:a0:7e:
                    99:aa:ad:5d:38:9f:be:fb:86:4d:76:11:c0:5a:44:
                    42:fe:32:50:ed:53:b0:d8:8c:1a:e2:9c:c3:db:00:
                    14:13:91:03:06:18:d2:8c:6c:12:b9:8c:da:01:4d:
                    f9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:B6:5B:81:65:29:DA:CF:BA:D2:A3:AF:DE:FA:8F:2F:06:65:82:8F
            X509v3 Authority Key Identifier:
                keyid:A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a3430303a3a2f33382d3438203d3e20323134383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         27:47:8d:82:6b:3f:79:47:7b:93:5f:3d:d4:c9:99:85:e3:dd:
         9d:ad:07:fa:35:13:9f:c1:c8:6b:66:9d:36:71:f8:19:7e:21:
         6a:91:3d:f3:78:26:01:81:e0:4c:d8:88:9c:00:e3:46:f3:6e:
         a2:14:6a:f9:c4:0f:c5:00:85:5a:8b:a3:04:47:a7:13:c3:15:
         e6:e5:81:10:b9:63:e7:90:f4:e1:39:19:a0:a2:7a:b2:21:aa:
         ee:90:ec:fe:f9:0a:6b:eb:65:73:f2:ee:89:b0:65:d3:cb:44:
         75:3a:99:7b:cf:d1:84:e2:d0:6b:39:a8:e8:1e:4f:dc:16:f5:
         3e:e5:d6:6b:13:e9:7f:e4:43:53:23:4e:3d:79:17:a9:a9:b6:
         18:bb:50:54:cc:e5:e6:7f:10:9c:3e:42:c9:2b:39:48:58:44:
         d6:ff:87:d2:3e:f4:e3:55:bb:90:11:3a:c3:65:c3:2d:64:99:
         7b:8b:68:b5:ec:1c:5f:89:a1:97:75:b5:b5:d4:df:af:dc:f8:
         d8:15:bd:83:5a:40:af:a2:2f:3a:97:6a:65:ce:03:3d:2f:e1:
         8a:a9:83:74:98:f7:88:55:fa:b3:9f:39:66:21:a1:7d:11:64:
         d8:ef:a2:49:12:08:ec:11:9a:1a:41:01:63:ec:80:63:87:ab:
         5f:08:d8:bb
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUEhEW9RNQhRe0Gf9aBAFJxMnuehkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTY0MGFhNjFmMWQ2MmI5Yzk0MDQ1OTgwNGFlMTFiZTk5
YWQ0Mzg0MjAeFw0yNDEyMTQxNTU3NDVaFw0yNTEyMTMxNjAyNDVaMDMxMTAvBgNV
BAMTKDhCQjY1QjgxNjUyOURBQ0ZCQUQyQTNBRkRFRkE4RjJGMDY2NTgyOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz7tyWirbxVvlT9gKNRbqlWj+i
9D4cI1y3BnWmzMUZlm7TxBGVLUUYZyHRSGqfSg3bjfTV+GZj377PSjvtXkcp3Op+
qX6qFoFuL2VcgMkVy61oxC07Y2yKb2e7Ib0W/yC51GgRwE8NFWycdhvAVn9JGLMN
60wAQTcbLIm0ICoxPDJ7fhY6KbNclto/3FmB8qPNa3/GUqXKNqBZd11RgvDWt/Tf
gTiGSJy4PQnr2x6bs+vjDu46NXw+mpkR9/OjPGczllkqNJqY3idPzCUMbVegfpmq
rV04n777hk12EcBaREL+MlDtU7DYjBrinMPbABQTkQMGGNKMbBK5jNoBTfmDAgMB
AAGjggHnMIIB4zAdBgNVHQ4EFgQUi7ZbgWUp2s+60qOv3vqPLwZlgo8wHwYDVR0j
BBgwFoAUpkCqYfHWK5yUBFmASuEb6ZrUOEIwDgYDVR0PAQH/BAQDAgeAMGUGA1Ud
HwReMFwwWqBYoFaGVHJzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vTmV0aWZh
Y2UvMy9BNjQwQUE2MUYxRDYyQjlDOTQwNDU5ODA0QUUxMUJFOTlBRDQzODQyLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcGtDcVlmSFdLNXlVQkZtQVN1RWI2WnJV
T0VJLmNlcjCBhgYIKwYBBQUHAQsEejB4MHYGCCsGAQUFBzALhmpyc3luYzovL3Jl
cG8ucnBraS5zcGFjZS9yZXBvL05ldGlmYWNlLzMvMzI2MTMxMzQzYTM5NjUzMDMw
M2EzNDMwMzAzYTNhMmYzMzM4MmQzNDM4MjAzZDNlMjAzMjMxMzQzODMzMzQucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgIqFJ4ABDANBgkqhkiG9w0BAQsFAAOCAQEAJ0eNgms/eUd7k1891MmZ
hePdna0H+jUTn8HIa2adNnH4GX4hapE983gmAYHgTNiInADjRvNuohRq+cQPxQCF
WoujBEenE8MV5uWBELlj55D04TkZoKJ6siGq7pDs/vkKa+tlc/LuibBl08tEdTqZ
e8/RhOLQazmo6B5P3Bb1PuXWaxPpf+RDUyNOPXkXqam2GLtQVMzl5n8QnD5CySs5
SFhE1v+H0j7041W7kBE6w2XDLWSZe4totewcX4mhl3W1tdTfr9z42BW9g1pAr6Iv
OpdqZc4DPS/hiqmDdJj3iFX6s585ZiGhfRFk2O+iSRII7BGaGkEBY+yAY4erXwjY
uw==
-----END CERTIFICATE-----