Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Netiface/3/326131343a396530303a393130303a3a2f34302d3430203d3e203630323233.roa
File:                     326131343a396530303a393130303a3a2f34302d3430203d3e203630323233.roa (raw, json)
Hash identifier:          OcIfOI8Jb5u8vNNWna6QrbpheSZTAyuqn0ohlsjyBDw=
Subject key identifier:   73:13:8F:F9:F0:5D:3D:74:B2:05:80:06:CD:1C:A4:3D:9B:63:FC:35
Certificate issuer:       /CN=a640aa61f1d62b9c940459804ae11be99ad43842
Certificate serial:       26DF20723EECA5B00C6EF79B640598E8C769E910
Authority key identifier: A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
Subject info access:      rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a393130303a3a2f34302d3430203d3e203630323233.roa
Signing time:             Sun 22 Dec 2024 20:52:15 +0000
ROA not before:           Sun 22 Dec 2024 20:47:15 +0000
ROA not after:            Sun 21 Dec 2025 20:52:15 +0000
asID:                     60223
IP address blocks:        2a14:9e00:9100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl
                          rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:df:20:72:3e:ec:a5:b0:0c:6e:f7:9b:64:05:98:e8:c7:69:e9:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640aa61f1d62b9c940459804ae11be99ad43842
        Validity
            Not Before: Dec 22 20:47:15 2024 GMT
            Not After : Dec 21 20:52:15 2025 GMT
        Subject: CN=73138FF9F05D3D74B2058006CD1CA43D9B63FC35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:91:98:60:b1:93:40:db:c7:bc:79:1e:43:6a:
                    cb:1f:86:9e:7e:b5:0b:af:8f:d9:9a:a5:1e:72:33:
                    5f:96:4e:2a:d9:3b:8d:31:49:dc:f1:7b:86:2f:1e:
                    e0:bb:fe:6c:e6:5b:75:60:16:8b:0e:e2:5c:d0:64:
                    36:66:f6:16:5e:47:62:d0:01:ff:f7:da:74:9b:91:
                    b0:b9:13:30:80:f8:6a:4c:ea:c1:f5:0b:98:24:42:
                    ef:1f:31:e4:1d:ba:d2:da:07:db:36:50:25:76:d3:
                    93:c3:b3:9e:f4:64:90:29:ff:c3:38:59:c3:c4:2c:
                    05:18:6b:3d:df:a3:ea:62:57:96:b5:fb:66:07:7d:
                    88:f0:da:85:14:8d:67:bd:67:f6:00:34:b6:14:f7:
                    c9:e5:96:91:6e:8c:f0:85:95:02:b5:a6:cd:bc:65:
                    70:60:7e:13:85:2f:c9:83:52:0b:bb:6d:35:2d:7b:
                    d4:42:6e:4c:97:7d:9f:82:24:37:8d:c5:5c:a8:cf:
                    d8:e3:2a:7c:93:86:9a:47:81:81:90:5e:ba:d8:c8:
                    16:e6:93:da:d5:5b:6a:f1:40:09:77:99:0b:be:13:
                    93:bd:15:cf:e7:4c:a3:28:bb:1a:3e:0c:bd:25:50:
                    93:4a:97:f0:8a:1c:81:39:de:d8:7b:47:4f:33:a2:
                    1a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:13:8F:F9:F0:5D:3D:74:B2:05:80:06:CD:1C:A4:3D:9B:63:FC:35
            X509v3 Authority Key Identifier:
                keyid:A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a393130303a3a2f34302d3430203d3e203630323233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:9100::/40

    Signature Algorithm: sha256WithRSAEncryption
         72:a6:8e:f4:e0:06:d9:98:53:d1:a3:29:e7:c1:ab:a6:ef:6d:
         f0:bd:01:37:bf:b0:5f:af:98:69:f2:a1:44:94:12:25:e8:29:
         f0:18:5f:22:ee:99:77:63:93:37:41:52:11:17:86:22:18:3c:
         72:80:11:a4:8b:ef:d7:8f:f6:b9:c2:57:0f:b1:36:b8:0a:b3:
         1b:ca:c5:26:16:f4:de:59:91:0f:9f:7e:e4:df:b1:23:d7:d8:
         56:61:40:76:d9:d1:74:8e:a9:55:fe:df:5e:d3:bb:be:e2:f7:
         eb:22:e3:1f:ec:f8:f7:8b:a3:93:b6:c1:9d:02:27:23:96:1c:
         ae:24:e2:9a:b7:d1:d7:44:5f:e8:9e:21:ad:f8:44:a9:7d:eb:
         b9:b7:47:41:4d:8e:8b:9e:cd:f5:fc:52:19:43:f7:c0:ea:1c:
         bc:4c:97:bc:01:d9:f2:da:c9:0f:de:4e:b0:b2:2a:54:89:e0:
         61:98:ae:cf:52:4b:88:b0:df:81:08:fe:bd:d4:79:5a:3b:f6:
         48:7a:cf:31:ab:55:02:fc:30:52:76:9e:aa:5a:4a:47:00:d9:
         68:a1:15:5f:27:92:bd:1f:21:0d:d6:69:41:0f:60:62:9d:a7:
         12:8e:82:e8:c1:b0:40:b2:cf:35:9b:f2:65:e6:7d:80:8b:5d:
         32:81:7c:d9
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUJt8gcj7spbAMbvebZAWY6Mdp6RAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTY0MGFhNjFmMWQ2MmI5Yzk0MDQ1OTgwNGFlMTFiZTk5
YWQ0Mzg0MjAeFw0yNDEyMjIyMDQ3MTVaFw0yNTEyMjEyMDUyMTVaMDMxMTAvBgNV
BAMTKDczMTM4RkY5RjA1RDNENzRCMjA1ODAwNkNEMUNBNDNEOUI2M0ZDMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYkZhgsZNA28e8eR5Dassfhp5+
tQuvj9mapR5yM1+WTirZO40xSdzxe4YvHuC7/mzmW3VgFosO4lzQZDZm9hZeR2LQ
Af/32nSbkbC5EzCA+GpM6sH1C5gkQu8fMeQdutLaB9s2UCV205PDs570ZJAp/8M4
WcPELAUYaz3fo+piV5a1+2YHfYjw2oUUjWe9Z/YANLYU98nllpFujPCFlQK1ps28
ZXBgfhOFL8mDUgu7bTUte9RCbkyXfZ+CJDeNxVyoz9jjKnyThppHgYGQXrrYyBbm
k9rVW2rxQAl3mQu+E5O9Fc/nTKMouxo+DL0lUJNKl/CKHIE53th7R08zohptAgMB
AAGjggHnMIIB4zAdBgNVHQ4EFgQUcxOP+fBdPXSyBYAGzRykPZtj/DUwHwYDVR0j
BBgwFoAUpkCqYfHWK5yUBFmASuEb6ZrUOEIwDgYDVR0PAQH/BAQDAgeAMGUGA1Ud
HwReMFwwWqBYoFaGVHJzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vTmV0aWZh
Y2UvMy9BNjQwQUE2MUYxRDYyQjlDOTQwNDU5ODA0QUUxMUJFOTlBRDQzODQyLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcGtDcVlmSFdLNXlVQkZtQVN1RWI2WnJV
T0VJLmNlcjCBhgYIKwYBBQUHAQsEejB4MHYGCCsGAQUFBzALhmpyc3luYzovL3Jl
cG8ucnBraS5zcGFjZS9yZXBvL05ldGlmYWNlLzMvMzI2MTMxMzQzYTM5NjUzMDMw
M2EzOTMxMzAzMDNhM2EyZjM0MzAyZDM0MzAyMDNkM2UyMDM2MzAzMjMyMzMucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgAqFJ4AkTANBgkqhkiG9w0BAQsFAAOCAQEAcqaO9OAG2ZhT0aMp58Gr
pu9t8L0BN7+wX6+YafKhRJQSJegp8BhfIu6Zd2OTN0FSEReGIhg8coARpIvv14/2
ucJXD7E2uAqzG8rFJhb03lmRD59+5N+xI9fYVmFAdtnRdI6pVf7fXtO7vuL36yLj
H+z494ujk7bBnQInI5YcriTimrfR10Rf6J4hrfhEqX3rubdHQU2Oi57N9fxSGUP3
wOocvEyXvAHZ8trJD95OsLIqVIngYZiuz1JLiLDfgQj+vdR5Wjv2SHrPMatVAvww
UnaeqlpKRwDZaKEVXyeSvR8hDdZpQQ9gYp2nEo6C6MGwQLLPNZvyZeZ9gItdMoF8
2Q==
-----END CERTIFICATE-----