Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313030303a3a2f33382d3438203d3e20323135333635.roa
File:                     326131343a3763303a313030303a3a2f33382d3438203d3e20323135333635.roa (raw, json)
Hash identifier:          1hBglqnk3ZRoLrdLD4OoKM3WJJQCnsrK0j+e2hpzWng=
Subject key identifier:   82:61:0B:A4:F3:EF:16:7F:C1:53:23:7B:B3:81:10:9E:6B:34:6C:4E
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       4E21F404AC4FBE6CBCF2F935649F511B300C2BAD
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313030303a3a2f33382d3438203d3e20323135333635.roa
Signing time:             Tue 29 Apr 2025 15:19:17 +0000
ROA not before:           Tue 29 Apr 2025 15:14:17 +0000
ROA not after:            Tue 28 Apr 2026 15:19:17 +0000
asID:                     215365
IP address blocks:        2a14:7c0:1000::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 08:46:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:21:f4:04:ac:4f:be:6c:bc:f2:f9:35:64:9f:51:1b:30:0c:2b:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Apr 29 15:14:17 2025 GMT
            Not After : Apr 28 15:19:17 2026 GMT
        Subject: CN=82610BA4F3EF167FC153237BB381109E6B346C4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:f5:21:41:53:9e:8f:79:10:3a:64:dc:66:b6:
                    65:32:6c:26:60:ca:d1:a9:37:d2:51:72:de:71:35:
                    0f:bf:4a:67:40:53:7a:0c:77:c3:31:cf:3b:aa:c5:
                    75:55:18:50:c7:33:e0:d4:36:c5:23:83:2b:02:dc:
                    15:b2:3a:dc:87:6c:ea:01:cf:9c:9e:b5:a2:8a:9c:
                    7e:4a:de:a1:fd:39:39:ba:fd:37:9a:b8:6e:b6:78:
                    1a:f6:8a:4a:83:ad:8c:cf:86:88:3d:02:a5:a0:4a:
                    4b:5d:98:d2:0d:26:37:33:dd:e3:3d:65:19:e5:26:
                    40:9c:e6:1a:a3:9b:64:ff:3d:0d:20:03:1e:38:c7:
                    d5:9e:0d:62:cb:e8:09:e3:21:bb:42:ed:f4:05:c0:
                    38:99:15:6d:66:13:08:a9:72:ea:dc:dc:9f:17:fb:
                    23:0f:2c:9c:33:7d:47:76:19:d6:58:84:9f:66:f5:
                    48:8e:16:ef:b7:15:b5:3e:c4:09:75:b3:09:ef:3b:
                    dd:1e:e1:28:5a:be:e1:32:0c:b3:ec:67:69:bd:7a:
                    64:de:c1:71:cb:0e:8b:40:53:24:b8:f1:a5:33:f3:
                    52:91:36:9e:4c:38:3b:3b:36:0b:ff:ee:a0:b5:28:
                    3d:03:c8:a4:89:52:6f:3b:ce:46:ee:fb:28:53:e8:
                    61:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:61:0B:A4:F3:EF:16:7F:C1:53:23:7B:B3:81:10:9E:6B:34:6C:4E
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313030303a3a2f33382d3438203d3e20323135333635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:1000::/38

    Signature Algorithm: sha256WithRSAEncryption
         3e:d3:34:26:88:b8:67:c4:76:cf:b0:4e:54:7d:09:7a:f2:b4:
         44:3d:fa:14:35:b6:ea:46:3d:f1:5d:4b:37:2c:49:48:4c:51:
         86:03:f0:8e:40:9d:20:6c:d3:bc:91:a2:86:15:a2:e3:48:b9:
         82:1d:3c:b9:69:a4:62:5d:48:0d:a2:c3:68:9f:79:8f:03:77:
         58:4b:be:bf:2b:22:12:86:ed:d9:2a:b6:8c:38:06:ad:ef:81:
         85:c0:5d:80:8b:6f:48:65:d4:49:0d:a7:21:f2:73:5a:57:24:
         91:6c:7d:b5:0a:37:55:de:56:23:76:5b:ce:1c:2c:cf:dd:c3:
         bc:14:28:a4:fd:fb:93:d7:1b:69:71:e6:fc:7c:fa:95:bc:0b:
         5e:71:64:0d:45:2a:c3:74:1e:b2:c8:49:e9:22:f8:8a:70:f1:
         44:9b:bd:d3:20:b6:64:78:41:e2:40:15:e4:79:2d:be:9e:64:
         9b:b6:b4:ec:01:86:6a:46:58:43:35:7c:36:71:6f:70:d0:a7:
         c9:43:b4:5f:cb:2d:45:47:70:9c:8f:86:7a:ac:7f:bb:f7:27:
         70:51:c5:7e:b1:d8:49:c7:05:9d:ae:af:b2:33:d0:64:6f:d9:
         c5:19:71:49:0f:a5:5b:ae:8c:0b:96:75:2e:65:4a:e5:60:35:
         27:33:95:2e
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUTiH0BKxPvmy88vk1ZJ9RGzAMK60wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNTA0MjkxNTE0MTdaFw0yNjA0MjgxNTE5MTdaMDMxMTAvBgNV
BAMTKDgyNjEwQkE0RjNFRjE2N0ZDMTUzMjM3QkIzODExMDlFNkIzNDZDNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd9SFBU56PeRA6ZNxmtmUybCZg
ytGpN9JRct5xNQ+/SmdAU3oMd8MxzzuqxXVVGFDHM+DUNsUjgysC3BWyOtyHbOoB
z5yetaKKnH5K3qH9OTm6/TeauG62eBr2ikqDrYzPhog9AqWgSktdmNINJjcz3eM9
ZRnlJkCc5hqjm2T/PQ0gAx44x9WeDWLL6AnjIbtC7fQFwDiZFW1mEwipcurc3J8X
+yMPLJwzfUd2GdZYhJ9m9UiOFu+3FbU+xAl1swnvO90e4ShavuEyDLPsZ2m9emTe
wXHLDotAUyS48aUz81KRNp5MODs7Ngv/7qC1KD0DyKSJUm87zkbu+yhT6GG9AgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUgmELpPPvFn/BUyN7s4EQnms0bE4wHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzEzMDMwMzAzYTNhMmYzMzM4MmQzNDM4MjAzZDNlMjAzMjMxMzUzMzM2
MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgIqFAfAEDANBgkqhkiG9w0BAQsFAAOCAQEAPtM0Joi4Z8R2
z7BOVH0JevK0RD36FDW26kY98V1LNyxJSExRhgPwjkCdIGzTvJGihhWi40i5gh08
uWmkYl1IDaLDaJ95jwN3WEu+vysiEobt2Sq2jDgGre+BhcBdgItvSGXUSQ2nIfJz
WlckkWx9tQo3Vd5WI3Zbzhwsz93DvBQopP37k9cbaXHm/Hz6lbwLXnFkDUUqw3Qe
sshJ6SL4inDxRJu90yC2ZHhB4kAV5Hktvp5km7a07AGGakZYQzV8NnFvcNCnyUO0
X8stRUdwnI+Geqx/u/cncFHFfrHYSccFna6vsjPQZG/ZxRlxSQ+lW66MC5Z1LmVK
5WA1JzOVLg==
-----END CERTIFICATE-----