Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Netiface/3/326131343a396530363a3a2f33322d3438203d3e203336383332.roa
File:                     326131343a396530363a3a2f33322d3438203d3e203336383332.roa (raw, json)
Hash identifier:          S8TKZ/WVLOW7v2r6OhCSu4cWLuYCe6lC/UIiOKF9e5o=
Subject key identifier:   02:9D:C2:FD:2E:3D:2E:C9:1D:C7:71:DD:A3:37:4E:CE:84:F0:91:9E
Certificate issuer:       /CN=a640aa61f1d62b9c940459804ae11be99ad43842
Certificate serial:       4594948BF3195F2E35510FBB03A2D92A8442AA08
Authority key identifier: A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
Subject info access:      rsync://repo.rpki.space/repo/Netiface/3/326131343a396530363a3a2f33322d3438203d3e203336383332.roa
Signing time:             Sun 19 Jan 2025 18:21:02 +0000
ROA not before:           Sun 19 Jan 2025 18:16:02 +0000
ROA not after:            Sun 18 Jan 2026 18:21:02 +0000
asID:                     36832
IP address blocks:        2a14:9e06::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl
                          rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:94:94:8b:f3:19:5f:2e:35:51:0f:bb:03:a2:d9:2a:84:42:aa:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640aa61f1d62b9c940459804ae11be99ad43842
        Validity
            Not Before: Jan 19 18:16:02 2025 GMT
            Not After : Jan 18 18:21:02 2026 GMT
        Subject: CN=029DC2FD2E3D2EC91DC771DDA3374ECE84F0919E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d7:97:88:03:c2:07:53:18:f5:72:6f:89:ff:
                    25:c1:78:49:bc:88:03:0e:76:29:de:e4:3d:80:06:
                    7c:96:c0:00:7c:8d:af:78:2b:8c:fb:93:4d:2a:f9:
                    c2:d3:d2:9f:60:9d:25:70:1f:72:5c:0c:03:af:a3:
                    18:66:80:ae:97:b9:3d:f1:40:e4:38:15:82:d1:7f:
                    fb:61:6a:8c:2d:af:3e:9a:61:54:2c:5d:83:b3:52:
                    7f:4b:25:e6:c8:d6:c1:2d:1c:f2:cc:c1:05:5a:b2:
                    33:09:d8:66:4d:68:c7:c1:20:8c:80:ae:c1:40:e9:
                    18:7c:9e:de:1c:2a:c4:00:44:43:28:65:d6:7c:6c:
                    44:a7:f6:6f:7d:34:65:3a:55:79:4d:ea:66:25:d0:
                    32:24:37:c2:e8:b1:25:04:2f:fb:f3:53:9b:85:06:
                    26:88:c6:38:0b:1e:75:83:fb:c0:38:51:9f:5d:84:
                    f5:00:20:37:f2:ed:1f:da:fd:df:db:59:2d:63:b4:
                    85:ff:71:78:6b:4e:3a:ad:39:5e:ab:4d:03:02:6f:
                    c0:c9:0e:81:81:a1:50:ed:fa:ed:36:51:cd:04:7f:
                    3a:c4:82:cc:40:de:07:6a:af:83:6d:8e:52:da:51:
                    63:43:ff:c4:77:7d:8d:96:3a:26:c5:a2:87:44:25:
                    f4:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:9D:C2:FD:2E:3D:2E:C9:1D:C7:71:DD:A3:37:4E:CE:84:F0:91:9E
            X509v3 Authority Key Identifier:
                keyid:A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Netiface/3/326131343a396530363a3a2f33322d3438203d3e203336383332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e06::/32

    Signature Algorithm: sha256WithRSAEncryption
         af:99:0d:8a:a1:36:47:24:60:6a:bb:72:61:3c:4d:b0:83:19:
         f2:b0:8b:a9:ec:1f:80:3f:f0:fd:04:c7:40:cd:c2:ee:67:49:
         f2:05:66:a6:f4:fc:71:60:a0:1c:36:c6:e1:3a:ef:69:1e:6d:
         d1:bf:e7:bb:f8:70:2b:bf:2c:ed:81:6b:eb:93:6b:8d:c8:79:
         c2:f3:43:33:16:e8:af:ad:52:d8:25:1e:ae:0a:6d:e5:9d:3f:
         a0:58:f9:47:18:93:09:fc:cd:55:33:a9:cf:26:00:f7:ae:c2:
         f2:f4:3d:be:da:1b:61:09:44:f5:6c:28:93:cc:31:52:9e:94:
         ef:72:09:11:cf:3f:a8:46:39:20:7d:f7:f1:75:8d:80:22:a6:
         3b:b6:69:b3:10:78:08:29:0d:1e:04:ba:49:67:8e:ff:c2:e9:
         5c:e3:75:3f:de:a8:df:cf:ff:03:58:a1:0b:01:45:35:45:72:
         59:43:b4:b9:b4:6b:9d:e5:de:ed:69:68:5b:20:89:e4:07:75:
         ca:19:ba:47:34:79:73:a9:fe:3e:40:5d:9f:fe:11:ed:91:33:
         ad:9b:42:7d:8f:3c:ca:fa:cd:51:fa:fd:07:89:b4:60:02:1e:
         15:76:22:0d:57:b1:ca:9b:f4:6c:10:87:da:24:84:4e:83:fc:
         53:41:8a:4b
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIURZSUi/MZXy41UQ+7A6LZKoRCqggwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTY0MGFhNjFmMWQ2MmI5Yzk0MDQ1OTgwNGFlMTFiZTk5
YWQ0Mzg0MjAeFw0yNTAxMTkxODE2MDJaFw0yNjAxMTgxODIxMDJaMDMxMTAvBgNV
BAMTKDAyOURDMkZEMkUzRDJFQzkxREM3NzFEREEzMzc0RUNFODRGMDkxOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC415eIA8IHUxj1cm+J/yXBeEm8
iAMOdine5D2ABnyWwAB8ja94K4z7k00q+cLT0p9gnSVwH3JcDAOvoxhmgK6XuT3x
QOQ4FYLRf/thaowtrz6aYVQsXYOzUn9LJebI1sEtHPLMwQVasjMJ2GZNaMfBIIyA
rsFA6Rh8nt4cKsQAREMoZdZ8bESn9m99NGU6VXlN6mYl0DIkN8LosSUEL/vzU5uF
BiaIxjgLHnWD+8A4UZ9dhPUAIDfy7R/a/d/bWS1jtIX/cXhrTjqtOV6rTQMCb8DJ
DoGBoVDt+u02Uc0EfzrEgsxA3gdqr4NtjlLaUWND/8R3fY2WOibFoodEJfTBAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUAp3C/S49Lskdx3HdozdOzoTwkZ4wHwYDVR0j
BBgwFoAUpkCqYfHWK5yUBFmASuEb6ZrUOEIwDgYDVR0PAQH/BAQDAgeAMGUGA1Ud
HwReMFwwWqBYoFaGVHJzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vTmV0aWZh
Y2UvMy9BNjQwQUE2MUYxRDYyQjlDOTQwNDU5ODA0QUUxMUJFOTlBRDQzODQyLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcGtDcVlmSFdLNXlVQkZtQVN1RWI2WnJV
T0VJLmNlcjB8BggrBgEFBQcBCwRwMG4wbAYIKwYBBQUHMAuGYHJzeW5jOi8vcmVw
by5ycGtpLnNwYWNlL3JlcG8vTmV0aWZhY2UvMy8zMjYxMzEzNDNhMzk2NTMwMzYz
YTNhMmYzMzMyMmQzNDM4MjAzZDNlMjAzMzM2MzgzMzMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhSe
BjANBgkqhkiG9w0BAQsFAAOCAQEAr5kNiqE2RyRgartyYTxNsIMZ8rCLqewfgD/w
/QTHQM3C7mdJ8gVmpvT8cWCgHDbG4TrvaR5t0b/nu/hwK78s7YFr65Nrjch5wvND
Mxbor61S2CUergpt5Z0/oFj5RxiTCfzNVTOpzyYA967C8vQ9vtobYQlE9Wwok8wx
Up6U73IJEc8/qEY5IH338XWNgCKmO7ZpsxB4CCkNHgS6SWeO/8LpXON1P96o38//
A1ihCwFFNUVyWUO0ubRrneXe7WloWyCJ5Ad1yhm6RzR5c6n+PkBdn/4R7ZEzrZtC
fY88yvrNUfr9B4m0YAIeFXYiDVexypv0bBCH2iSEToP8U0GKSw==
-----END CERTIFICATE-----