Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333430303a3a2f33382d3438203d3e20323135313237.roa
File:                     326131343a3763303a333430303a3a2f33382d3438203d3e20323135313237.roa (raw, json)
Hash identifier:          imtmsT50roDuiQzYVqVGDVEIygWEETVhZ68kxrKNZ84=
Subject key identifier:   C8:D3:D4:73:6F:F9:BA:B0:3E:DF:D7:28:08:A8:6C:B9:3C:CD:9D:F9
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       6FBBF3013E4B4CA6B6F02E09A94223EA3C8F178E
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333430303a3a2f33382d3438203d3e20323135313237.roa
Signing time:             Tue 29 Apr 2025 15:19:14 +0000
ROA not before:           Tue 29 Apr 2025 15:14:14 +0000
ROA not after:            Tue 28 Apr 2026 15:19:14 +0000
asID:                     215127
IP address blocks:        2a14:7c0:3400::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:bb:f3:01:3e:4b:4c:a6:b6:f0:2e:09:a9:42:23:ea:3c:8f:17:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Apr 29 15:14:14 2025 GMT
            Not After : Apr 28 15:19:14 2026 GMT
        Subject: CN=C8D3D4736FF9BAB03EDFD72808A86CB93CCD9DF9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ed:fc:41:93:b9:e5:27:e4:21:12:e4:b0:28:
                    49:02:e6:db:72:71:e5:73:72:cf:a8:ec:21:14:66:
                    8a:eb:43:5a:36:04:18:5c:8a:5d:2d:6f:fd:e7:00:
                    9e:91:8f:20:e6:1a:a3:ed:26:76:80:98:37:42:da:
                    22:ec:1f:0b:2f:6f:ce:1a:28:90:62:02:af:3f:ef:
                    3f:53:af:8a:67:5f:b6:85:79:a3:d8:5b:86:65:66:
                    85:d6:7d:d2:0f:24:bf:6c:01:5d:98:cc:0e:04:c3:
                    ab:a3:4e:ce:f6:46:fe:51:7e:c2:81:c2:f9:eb:ef:
                    b2:50:73:22:9b:bd:f9:1f:e9:73:71:ac:4f:ac:d2:
                    ac:8e:29:c4:b1:95:6c:d6:8b:bb:32:92:78:f8:24:
                    65:67:bc:1b:60:5a:56:41:f0:17:56:4f:e5:97:03:
                    e2:d5:33:85:41:c5:8b:04:ad:95:d2:53:db:ce:48:
                    b5:ce:40:5f:ab:37:1a:a9:e7:12:fc:dd:dc:f1:0d:
                    e4:75:3d:c5:43:98:c2:84:86:8d:5d:86:52:3e:5e:
                    e0:7e:16:aa:9b:76:d5:6b:29:76:f2:d4:6b:69:8c:
                    91:4f:9d:51:15:e0:97:a3:a9:32:f7:8d:f9:ac:39:
                    20:6b:61:83:2f:b9:16:24:3f:3f:8c:1e:21:a7:f1:
                    e5:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:D3:D4:73:6F:F9:BA:B0:3E:DF:D7:28:08:A8:6C:B9:3C:CD:9D:F9
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a333430303a3a2f33382d3438203d3e20323135313237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:3400::/38

    Signature Algorithm: sha256WithRSAEncryption
         9a:a3:3c:0a:e0:9d:91:e7:b6:83:a0:4f:d2:98:e3:df:14:62:
         25:fa:4e:8c:95:17:c1:96:0a:8c:77:a9:18:57:89:1e:de:02:
         00:53:3e:66:1f:f2:12:b4:2f:14:40:61:81:1f:50:26:bd:f1:
         7a:65:ab:48:59:97:11:40:0e:75:32:e6:4e:b0:0e:6e:11:d0:
         99:08:3b:bd:d3:fb:54:33:b1:ca:50:51:64:6f:d8:94:99:55:
         4f:7a:75:d5:ab:9b:ab:74:db:e0:7b:4b:54:fa:f8:f3:a4:6f:
         f4:e4:ac:3a:a7:86:b2:b6:ff:d5:1d:e6:91:e3:8e:cb:70:8b:
         e2:99:be:71:87:1a:49:9c:34:fc:73:96:d1:59:52:7a:e3:00:
         91:19:a2:88:13:11:fe:b8:af:88:fa:24:38:ab:90:25:fb:9a:
         3c:d3:c3:af:0f:89:ef:a9:c7:e9:84:92:e7:e9:0a:62:eb:c4:
         27:2f:d8:41:27:e8:47:3f:22:03:dc:ec:2c:54:88:c7:21:1d:
         4f:a1:8d:df:ec:76:3c:90:a0:77:6c:4f:85:d9:38:37:6d:59:
         0b:7f:f0:54:1b:9f:f7:8a:ac:86:72:06:4c:02:2a:61:be:43:
         e7:07:de:ec:94:96:cb:b0:9c:8a:19:b8:15:7c:20:cc:62:aa:
         c9:88:a8:2c
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUb7vzAT5LTKa28C4JqUIj6jyPF44wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNTA0MjkxNTE0MTRaFw0yNjA0MjgxNTE5MTRaMDMxMTAvBgNV
BAMTKEM4RDNENDczNkZGOUJBQjAzRURGRDcyODA4QTg2Q0I5M0NDRDlERjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF7fxBk7nlJ+QhEuSwKEkC5tty
ceVzcs+o7CEUZorrQ1o2BBhcil0tb/3nAJ6RjyDmGqPtJnaAmDdC2iLsHwsvb84a
KJBiAq8/7z9Tr4pnX7aFeaPYW4ZlZoXWfdIPJL9sAV2YzA4Ew6ujTs72Rv5RfsKB
wvnr77JQcyKbvfkf6XNxrE+s0qyOKcSxlWzWi7syknj4JGVnvBtgWlZB8BdWT+WX
A+LVM4VBxYsErZXSU9vOSLXOQF+rNxqp5xL83dzxDeR1PcVDmMKEho1dhlI+XuB+
FqqbdtVrKXby1GtpjJFPnVEV4JejqTL3jfmsOSBrYYMvuRYkPz+MHiGn8eXxAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUyNPUc2/5urA+39coCKhsuTzNnfkwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzMzNDMwMzAzYTNhMmYzMzM4MmQzNDM4MjAzZDNlMjAzMjMxMzUzMTMy
Mzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgIqFAfANDANBgkqhkiG9w0BAQsFAAOCAQEAmqM8CuCdkee2
g6BP0pjj3xRiJfpOjJUXwZYKjHepGFeJHt4CAFM+Zh/yErQvFEBhgR9QJr3xemWr
SFmXEUAOdTLmTrAObhHQmQg7vdP7VDOxylBRZG/YlJlVT3p11aubq3Tb4HtLVPr4
86Rv9OSsOqeGsrb/1R3mkeOOy3CL4pm+cYcaSZw0/HOW0VlSeuMAkRmiiBMR/riv
iPokOKuQJfuaPNPDrw+J76nH6YSS5+kKYuvEJy/YQSfoRz8iA9zsLFSIxyEdT6GN
3+x2PJCgd2xPhdk4N21ZC3/wVBuf94qshnIGTAIqYb5D5wfe7JSWy7Ccihm4FXwg
zGKqyYioLA==
-----END CERTIFICATE-----