Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313530303a3a2f34302d3438203d3e20323135333235.roa
File:                     326131343a3763303a313530303a3a2f34302d3438203d3e20323135333235.roa (raw, json)
Hash identifier:          aQDHbhS7Lp2FbPj1mdBz6ahLUZcBQx/VIh7odXtEL8I=
Subject key identifier:   07:B5:97:3E:F2:04:1D:55:F3:96:5D:E8:EB:7C:58:50:60:67:B4:4D
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       7C2F4808067731C0C86FE6653974BAFFEBF2D44F
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313530303a3a2f34302d3438203d3e20323135333235.roa
Signing time:             Tue 29 Apr 2025 15:19:13 +0000
ROA not before:           Tue 29 Apr 2025 15:14:13 +0000
ROA not after:            Tue 28 Apr 2026 15:19:13 +0000
asID:                     215325
IP address blocks:        2a14:7c0:1500::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 08:46:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:2f:48:08:06:77:31:c0:c8:6f:e6:65:39:74:ba:ff:eb:f2:d4:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Apr 29 15:14:13 2025 GMT
            Not After : Apr 28 15:19:13 2026 GMT
        Subject: CN=07B5973EF2041D55F3965DE8EB7C58506067B44D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ee:e4:2e:1b:91:e8:cb:b9:97:34:c0:2e:6d:
                    e5:97:b3:95:41:3e:26:72:67:6a:49:21:9b:8d:5b:
                    c4:4f:1d:3a:71:6f:7c:65:74:a7:ce:3a:36:11:0a:
                    b4:a6:51:bc:f0:25:70:00:21:f1:56:96:60:df:5d:
                    4b:7e:35:e0:6f:f8:74:4c:d5:77:43:8e:07:d7:af:
                    b1:c7:dd:6d:86:64:22:da:6c:20:30:64:33:2a:0a:
                    44:93:f4:80:44:fd:0f:17:d9:d5:64:17:0e:5b:64:
                    e0:46:f7:1f:8e:3b:78:0b:32:70:60:a4:57:8e:8d:
                    8b:62:8c:09:9e:21:0f:57:19:38:82:17:2d:b3:88:
                    9e:08:c6:91:6e:3f:fc:81:18:d8:73:ef:f7:2b:4f:
                    c6:63:9f:fd:4a:fc:9a:ef:7f:4e:42:90:8c:48:22:
                    3e:ed:54:38:97:c8:ef:e7:8f:81:8e:83:f9:02:cb:
                    6c:5c:3b:79:f9:f8:7c:cd:63:1a:83:1e:1f:2d:80:
                    44:5d:e4:b5:ee:24:5a:54:d2:dc:73:0d:a6:82:60:
                    c7:b6:f7:2f:38:9b:95:81:4f:34:38:a3:c2:24:c1:
                    83:b4:f2:c4:5d:2b:2f:44:92:32:c9:04:6b:a9:68:
                    41:86:92:46:09:14:ef:db:03:d0:e5:de:04:44:9e:
                    9f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:B5:97:3E:F2:04:1D:55:F3:96:5D:E8:EB:7C:58:50:60:67:B4:4D
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a313530303a3a2f34302d3438203d3e20323135333235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:1500::/40

    Signature Algorithm: sha256WithRSAEncryption
         6d:39:7b:40:3a:26:97:98:34:3a:69:75:9c:7f:bf:23:f2:cf:
         cc:73:c3:f4:04:92:2b:52:0c:d4:86:37:dc:e0:3e:77:22:50:
         77:d0:9e:f0:32:98:d8:c1:16:78:db:98:a0:fc:d3:25:82:64:
         ec:5b:fb:55:29:3e:0c:35:6b:6b:64:2b:8a:31:36:13:7f:2b:
         85:31:99:6d:86:90:b3:2b:3f:ae:5b:3e:2d:bc:59:53:15:57:
         7e:f7:2e:48:b1:39:62:67:5e:7d:82:d7:bd:f2:0e:8f:f9:78:
         3a:d6:04:a5:52:01:92:6c:96:c1:b7:81:58:c0:92:b2:dd:7c:
         86:b0:a4:72:1a:d0:74:b0:72:dd:e3:00:61:49:51:97:bb:7b:
         79:d1:3d:cd:67:42:16:41:cf:0c:40:30:38:bd:cf:ad:ca:fe:
         34:d3:e7:5b:71:0a:20:ec:c4:2d:a3:a8:58:5e:44:fd:76:17:
         38:d3:b7:2e:85:1e:4a:0a:2b:3e:2a:84:68:e4:26:10:da:b1:
         1a:f1:30:bd:64:f4:e1:cf:0d:10:52:83:39:bf:cd:a5:fc:6a:
         87:0e:13:63:f2:e9:c8:cb:e1:ff:c9:50:de:aa:34:d7:fb:ab:
         0d:94:fa:7e:d1:e4:cd:eb:d2:2e:a2:e2:02:18:d4:ca:0f:45:
         89:dc:5f:3a
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUfC9ICAZ3McDIb+ZlOXS6/+vy1E8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNTA0MjkxNTE0MTNaFw0yNjA0MjgxNTE5MTNaMDMxMTAvBgNV
BAMTKDA3QjU5NzNFRjIwNDFENTVGMzk2NURFOEVCN0M1ODUwNjA2N0I0NEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC27uQuG5Hoy7mXNMAubeWXs5VB
PiZyZ2pJIZuNW8RPHTpxb3xldKfOOjYRCrSmUbzwJXAAIfFWlmDfXUt+NeBv+HRM
1XdDjgfXr7HH3W2GZCLabCAwZDMqCkST9IBE/Q8X2dVkFw5bZOBG9x+OO3gLMnBg
pFeOjYtijAmeIQ9XGTiCFy2ziJ4IxpFuP/yBGNhz7/crT8Zjn/1K/Jrvf05CkIxI
Ij7tVDiXyO/nj4GOg/kCy2xcO3n5+HzNYxqDHh8tgERd5LXuJFpU0txzDaaCYMe2
9y84m5WBTzQ4o8IkwYO08sRdKy9EkjLJBGupaEGGkkYJFO/bA9Dl3gREnp9vAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUB7WXPvIEHVXzll3o63xYUGBntE0wHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzEzNTMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMxMzUzMzMy
MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfAFTANBgkqhkiG9w0BAQsFAAOCAQEAbTl7QDoml5g0
Oml1nH+/I/LPzHPD9ASSK1IM1IY33OA+dyJQd9Ce8DKY2MEWeNuYoPzTJYJk7Fv7
VSk+DDVra2QrijE2E38rhTGZbYaQsys/rls+LbxZUxVXfvcuSLE5YmdefYLXvfIO
j/l4OtYEpVIBkmyWwbeBWMCSst18hrCkchrQdLBy3eMAYUlRl7t7edE9zWdCFkHP
DEAwOL3Prcr+NNPnW3EKIOzELaOoWF5E/XYXONO3LoUeSgorPiqEaOQmENqxGvEw
vWT04c8NEFKDOb/Npfxqhw4TY/LpyMvh/8lQ3qo01/urDZT6ftHkzevSLqLiAhjU
yg9FidxfOg==
-----END CERTIFICATE-----