Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Netiface/3/326131343a396530303a393030303a3a2f34302d3430203d3e203630323233.roa
File:                     326131343a396530303a393030303a3a2f34302d3430203d3e203630323233.roa (raw, json)
Hash identifier:          +sdKUvG7KNct0W/9yKQ55EQssNuukXpt8jZj98VvwYI=
Subject key identifier:   98:D8:95:99:65:D8:68:3D:04:DD:F2:6A:01:B9:37:92:34:7B:ED:93
Certificate issuer:       /CN=a640aa61f1d62b9c940459804ae11be99ad43842
Certificate serial:       7196EA76BA59762D3DF41E9A0DB298C6D4CDA2B5
Authority key identifier: A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
Subject info access:      rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a393030303a3a2f34302d3430203d3e203630323233.roa
Signing time:             Sat 14 Dec 2024 19:57:01 +0000
ROA not before:           Sat 14 Dec 2024 19:52:01 +0000
ROA not after:            Sat 13 Dec 2025 19:57:01 +0000
asID:                     60223
IP address blocks:        2a14:9e00:9000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl
                          rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:96:ea:76:ba:59:76:2d:3d:f4:1e:9a:0d:b2:98:c6:d4:cd:a2:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640aa61f1d62b9c940459804ae11be99ad43842
        Validity
            Not Before: Dec 14 19:52:01 2024 GMT
            Not After : Dec 13 19:57:01 2025 GMT
        Subject: CN=98D8959965D8683D04DDF26A01B93792347BED93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9b:a4:bc:0c:47:e9:e2:78:8a:80:d1:c3:62:
                    e3:29:be:04:a9:42:2d:61:03:e7:67:ca:7f:01:41:
                    5c:93:ed:c2:f3:f0:40:28:e5:e3:04:c6:3d:ab:5c:
                    ab:22:4a:e8:e0:95:e6:7d:6c:d2:ff:f5:d6:87:87:
                    ee:d6:ec:00:40:85:6d:60:71:6d:04:df:d5:33:70:
                    d1:47:21:0e:86:9b:9a:9b:49:77:21:e4:3b:7b:99:
                    8f:1e:c9:5f:7a:12:dd:11:85:9b:49:00:b1:2c:95:
                    ea:52:dc:0f:07:3c:69:a2:cd:10:78:a6:71:1a:43:
                    9a:40:c7:e5:b5:49:87:99:20:90:96:e0:1f:9d:34:
                    94:46:2f:86:d4:16:37:cd:1f:a8:cc:c3:99:07:cd:
                    ed:74:da:fb:bd:d1:e8:7c:70:9d:66:32:4c:2a:e6:
                    10:81:9a:70:f2:a6:3b:ce:19:a6:c1:42:a5:d9:d8:
                    fe:df:e1:65:36:98:e5:64:ad:2e:04:7d:c0:8a:20:
                    36:f0:37:23:b5:ba:8c:dd:b3:13:98:16:b2:bd:58:
                    ce:9f:67:d1:8a:75:59:d9:84:46:f2:e8:d8:54:61:
                    53:c5:7b:6a:63:29:3a:87:cf:23:35:f4:5f:3a:0d:
                    97:d3:bb:6b:8c:e5:67:85:1f:96:ad:11:36:83:b4:
                    9d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:D8:95:99:65:D8:68:3D:04:DD:F2:6A:01:B9:37:92:34:7B:ED:93
            X509v3 Authority Key Identifier:
                keyid:A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a393030303a3a2f34302d3430203d3e203630323233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         d9:d0:56:48:5d:87:e1:98:97:08:da:8b:43:2b:3b:2c:ec:82:
         fa:1f:0c:5b:38:4a:f4:f8:a3:c9:87:1f:02:c8:80:20:2f:ed:
         8e:ef:da:2f:af:13:be:20:19:1b:ad:a1:57:ed:a4:8c:a6:56:
         b9:9f:9f:39:4d:1d:b1:96:dd:4d:3c:6c:5f:c3:3f:2f:25:a0:
         5b:aa:41:fa:da:ef:87:fd:d4:f5:71:d6:3a:b5:08:85:df:8a:
         89:87:74:ce:b0:fc:d3:d9:cd:6e:21:b8:37:14:80:e6:6b:1c:
         52:ce:41:87:0f:b4:8e:f9:88:0a:0b:aa:bf:00:72:21:52:fb:
         5f:ce:e9:7d:9b:e7:12:90:25:0a:be:4b:6d:bb:62:1e:ba:bb:
         e9:31:f1:ec:0e:14:73:20:e8:9c:f2:94:e0:02:f8:c6:2b:52:
         a5:46:d7:a5:92:6e:41:7c:89:ce:0d:18:6d:38:99:0a:aa:56:
         54:f6:15:74:3e:0a:92:18:b9:f4:bf:64:6a:6f:af:b9:10:df:
         d4:f2:17:57:12:be:d8:30:fd:b1:3e:7f:58:67:45:89:ac:2f:
         86:46:89:f8:0c:bc:4d:de:3b:2e:8d:26:cc:ba:a0:fd:8f:61:
         b9:db:20:89:53:60:b0:52:cb:90:24:09:df:7d:bb:85:cb:7d:
         5d:ae:8e:1d
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUcZbqdrpZdi099B6aDbKYxtTNorUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTY0MGFhNjFmMWQ2MmI5Yzk0MDQ1OTgwNGFlMTFiZTk5
YWQ0Mzg0MjAeFw0yNDEyMTQxOTUyMDFaFw0yNTEyMTMxOTU3MDFaMDMxMTAvBgNV
BAMTKDk4RDg5NTk5NjVEODY4M0QwNERERjI2QTAxQjkzNzkyMzQ3QkVEOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8m6S8DEfp4niKgNHDYuMpvgSp
Qi1hA+dnyn8BQVyT7cLz8EAo5eMExj2rXKsiSujgleZ9bNL/9daHh+7W7ABAhW1g
cW0E39UzcNFHIQ6Gm5qbSXch5Dt7mY8eyV96Et0RhZtJALEslepS3A8HPGmizRB4
pnEaQ5pAx+W1SYeZIJCW4B+dNJRGL4bUFjfNH6jMw5kHze102vu90eh8cJ1mMkwq
5hCBmnDypjvOGabBQqXZ2P7f4WU2mOVkrS4EfcCKIDbwNyO1uozdsxOYFrK9WM6f
Z9GKdVnZhEby6NhUYVPFe2pjKTqHzyM19F86DZfTu2uM5WeFH5atETaDtJ3RAgMB
AAGjggHnMIIB4zAdBgNVHQ4EFgQUmNiVmWXYaD0E3fJqAbk3kjR77ZMwHwYDVR0j
BBgwFoAUpkCqYfHWK5yUBFmASuEb6ZrUOEIwDgYDVR0PAQH/BAQDAgeAMGUGA1Ud
HwReMFwwWqBYoFaGVHJzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vTmV0aWZh
Y2UvMy9BNjQwQUE2MUYxRDYyQjlDOTQwNDU5ODA0QUUxMUJFOTlBRDQzODQyLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcGtDcVlmSFdLNXlVQkZtQVN1RWI2WnJV
T0VJLmNlcjCBhgYIKwYBBQUHAQsEejB4MHYGCCsGAQUFBzALhmpyc3luYzovL3Jl
cG8ucnBraS5zcGFjZS9yZXBvL05ldGlmYWNlLzMvMzI2MTMxMzQzYTM5NjUzMDMw
M2EzOTMwMzAzMDNhM2EyZjM0MzAyZDM0MzAyMDNkM2UyMDM2MzAzMjMyMzMucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgAqFJ4AkDANBgkqhkiG9w0BAQsFAAOCAQEA2dBWSF2H4ZiXCNqLQys7
LOyC+h8MWzhK9PijyYcfAsiAIC/tju/aL68TviAZG62hV+2kjKZWuZ+fOU0dsZbd
TTxsX8M/LyWgW6pB+trvh/3U9XHWOrUIhd+KiYd0zrD809nNbiG4NxSA5mscUs5B
hw+0jvmICguqvwByIVL7X87pfZvnEpAlCr5LbbtiHrq76THx7A4UcyDonPKU4AL4
xitSpUbXpZJuQXyJzg0YbTiZCqpWVPYVdD4Kkhi59L9kam+vuRDf1PIXVxK+2DD9
sT5/WGdFiawvhkaJ+Ay8Td47Lo0mzLqg/Y9hudsgiVNgsFLLkCQJ3327hct9Xa6O
HQ==
-----END CERTIFICATE-----