Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Netiface/3/326131343a396530303a3830303a3a2f33392d3430203d3e20323136303738.roa
File:                     326131343a396530303a3830303a3a2f33392d3430203d3e20323136303738.roa (raw, json)
Hash identifier:          KXrP5XgowVFAYww6BWJGjNegozCUncXMfvJUxLIit08=
Subject key identifier:   0D:3D:61:F5:F4:B3:73:9D:60:DD:55:55:46:0E:F1:5A:3E:00:0F:B2
Certificate issuer:       /CN=a640aa61f1d62b9c940459804ae11be99ad43842
Certificate serial:       3AF341A72E1CF04C7E5DFFD3001D4541D2005D7D
Authority key identifier: A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
Subject info access:      rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a3830303a3a2f33392d3430203d3e20323136303738.roa
Signing time:             Tue 17 Dec 2024 23:31:56 +0000
ROA not before:           Tue 17 Dec 2024 23:26:56 +0000
ROA not after:            Tue 16 Dec 2025 23:31:56 +0000
asID:                     216078
IP address blocks:        2a14:9e00:800::/39 maxlen: 40
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl
                          rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 11:14:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:f3:41:a7:2e:1c:f0:4c:7e:5d:ff:d3:00:1d:45:41:d2:00:5d:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640aa61f1d62b9c940459804ae11be99ad43842
        Validity
            Not Before: Dec 17 23:26:56 2024 GMT
            Not After : Dec 16 23:31:56 2025 GMT
        Subject: CN=0D3D61F5F4B3739D60DD5555460EF15A3E000FB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b6:a3:6d:d9:89:ed:60:ff:de:40:78:7f:9d:
                    cd:a3:aa:0f:b9:6d:29:02:be:eb:85:76:33:c0:e5:
                    2d:cd:2e:c3:46:68:3e:ca:62:ed:16:9c:b5:b6:76:
                    49:5a:8b:48:cf:fe:df:25:72:03:53:6c:fc:9d:60:
                    7e:61:64:29:f2:18:4e:f6:04:3a:7c:9f:18:55:4a:
                    32:11:6f:18:37:c6:4b:94:78:e2:f6:eb:4a:a9:75:
                    8c:c2:c5:94:fb:6e:ce:63:b8:1f:6d:da:bc:59:65:
                    85:cc:28:cd:8a:c0:55:38:e9:ae:b4:b7:1e:b6:18:
                    1a:e0:39:65:5e:42:3b:c6:8f:e4:58:0a:5f:9f:30:
                    b6:7c:d3:f3:e2:e5:db:d7:49:d5:1c:6d:61:52:06:
                    e5:91:57:14:ac:61:71:bb:92:e0:90:21:02:4e:7d:
                    8c:68:6d:54:95:02:69:ea:d0:f9:bb:2c:58:7e:fe:
                    fd:51:92:9b:fe:25:96:89:67:7b:b8:f1:04:8b:c0:
                    6a:19:6b:52:75:2e:44:3d:43:9b:35:38:e4:c7:e1:
                    9e:38:15:ea:6b:60:3b:98:33:bf:2e:65:c8:41:d1:
                    31:6d:c4:b9:fe:01:58:2f:13:dc:f8:46:fe:bc:5a:
                    b5:02:91:ce:cb:91:d1:d7:94:fe:db:47:20:75:1e:
                    d8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:3D:61:F5:F4:B3:73:9D:60:DD:55:55:46:0E:F1:5A:3E:00:0F:B2
            X509v3 Authority Key Identifier:
                keyid:A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a3830303a3a2f33392d3430203d3e20323136303738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:800::/39

    Signature Algorithm: sha256WithRSAEncryption
         2e:fa:48:fa:90:1a:eb:16:27:71:a1:d8:a0:67:de:7d:4a:34:
         a0:34:5d:53:33:ea:d9:39:b2:93:03:e5:c2:9b:ab:a3:81:fd:
         13:58:9e:fe:a7:8f:26:0d:18:9a:69:4b:47:28:61:fa:b7:ca:
         90:80:85:25:12:54:79:10:4a:43:88:41:41:e7:da:7b:37:57:
         ac:6b:a4:33:ae:50:9c:12:fd:18:32:6e:42:3b:a6:8b:0c:e0:
         81:0e:af:a4:7d:a5:a6:c8:20:5e:c8:2a:bd:d9:e7:4e:22:93:
         0d:91:09:03:a5:d2:b6:be:01:c9:ea:67:48:1d:d8:a1:80:72:
         b7:c7:3c:76:60:be:02:17:05:45:4e:8c:22:c0:01:f0:94:3f:
         77:8c:45:23:1b:ef:e9:4b:32:1b:cc:81:2d:70:d7:7a:8e:ae:
         c2:39:18:05:fe:c2:34:fa:14:30:47:84:93:b8:da:95:3b:79:
         90:3d:cc:e9:58:c9:0e:53:30:35:dd:04:f7:8e:87:cb:72:66:
         c7:5d:33:d6:c1:17:31:8b:b3:d0:28:96:56:29:5a:c6:b2:5e:
         70:da:f6:b4:8b:78:34:79:90:bb:82:ab:a8:56:4e:2b:96:69:
         fb:50:b8:12:f2:ff:ae:3d:46:ba:ab:9a:98:fd:a5:0b:c9:34:
         e0:3c:1d:13
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUOvNBpy4c8Ex+Xf/TAB1FQdIAXX0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTY0MGFhNjFmMWQ2MmI5Yzk0MDQ1OTgwNGFlMTFiZTk5
YWQ0Mzg0MjAeFw0yNDEyMTcyMzI2NTZaFw0yNTEyMTYyMzMxNTZaMDMxMTAvBgNV
BAMTKDBEM0Q2MUY1RjRCMzczOUQ2MERENTU1NTQ2MEVGMTVBM0UwMDBGQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6tqNt2YntYP/eQHh/nc2jqg+5
bSkCvuuFdjPA5S3NLsNGaD7KYu0WnLW2dklai0jP/t8lcgNTbPydYH5hZCnyGE72
BDp8nxhVSjIRbxg3xkuUeOL260qpdYzCxZT7bs5juB9t2rxZZYXMKM2KwFU46a60
tx62GBrgOWVeQjvGj+RYCl+fMLZ80/Pi5dvXSdUcbWFSBuWRVxSsYXG7kuCQIQJO
fYxobVSVAmnq0Pm7LFh+/v1Rkpv+JZaJZ3u48QSLwGoZa1J1LkQ9Q5s1OOTH4Z44
FeprYDuYM78uZchB0TFtxLn+AVgvE9z4Rv68WrUCkc7LkdHXlP7bRyB1HtijAgMB
AAGjggHnMIIB4zAdBgNVHQ4EFgQUDT1h9fSzc51g3VVVRg7xWj4AD7IwHwYDVR0j
BBgwFoAUpkCqYfHWK5yUBFmASuEb6ZrUOEIwDgYDVR0PAQH/BAQDAgeAMGUGA1Ud
HwReMFwwWqBYoFaGVHJzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vTmV0aWZh
Y2UvMy9BNjQwQUE2MUYxRDYyQjlDOTQwNDU5ODA0QUUxMUJFOTlBRDQzODQyLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcGtDcVlmSFdLNXlVQkZtQVN1RWI2WnJV
T0VJLmNlcjCBhgYIKwYBBQUHAQsEejB4MHYGCCsGAQUFBzALhmpyc3luYzovL3Jl
cG8ucnBraS5zcGFjZS9yZXBvL05ldGlmYWNlLzMvMzI2MTMxMzQzYTM5NjUzMDMw
M2EzODMwMzAzYTNhMmYzMzM5MmQzNDMwMjAzZDNlMjAzMjMxMzYzMDM3Mzgucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgEqFJ4ACDANBgkqhkiG9w0BAQsFAAOCAQEALvpI+pAa6xYncaHYoGfe
fUo0oDRdUzPq2TmykwPlwpuro4H9E1ie/qePJg0YmmlLRyhh+rfKkICFJRJUeRBK
Q4hBQefaezdXrGukM65QnBL9GDJuQjumiwzggQ6vpH2lpsggXsgqvdnnTiKTDZEJ
A6XStr4ByepnSB3YoYByt8c8dmC+AhcFRU6MIsAB8JQ/d4xFIxvv6UsyG8yBLXDX
eo6uwjkYBf7CNPoUMEeEk7jalTt5kD3M6VjJDlMwNd0E946Hy3Jmx10z1sEXMYuz
0CiWVilaxrJecNr2tIt4NHmQu4KrqFZOK5Zp+1C4EvL/rj1GuquamP2lC8k04Dwd
Ew==
-----END CERTIFICATE-----