Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a3430303a3a2f33382d3438203d3e20323135353331.roa
File:                     326131343a3763303a3430303a3a2f33382d3438203d3e20323135353331.roa (raw, json)
Hash identifier:          FBe5dYkV+Z15o8SqfFszRXlHxnMcczKIcZwFi7cYwy0=
Subject key identifier:   6B:B0:4D:22:16:B6:54:99:4A:DE:3A:E0:B4:4F:9B:CF:B3:19:43:2C
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       6A5AD8E54E1617FFB9525DD4F662AF94F55041ED
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a3430303a3a2f33382d3438203d3e20323135353331.roa
Signing time:             Tue 29 Apr 2025 15:19:18 +0000
ROA not before:           Tue 29 Apr 2025 15:14:18 +0000
ROA not after:            Tue 28 Apr 2026 15:19:18 +0000
asID:                     215531
IP address blocks:        2a14:7c0:400::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 03:53:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:5a:d8:e5:4e:16:17:ff:b9:52:5d:d4:f6:62:af:94:f5:50:41:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Apr 29 15:14:18 2025 GMT
            Not After : Apr 28 15:19:18 2026 GMT
        Subject: CN=6BB04D2216B654994ADE3AE0B44F9BCFB319432C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8b:f0:e8:ff:f1:fc:33:72:e5:fb:02:6d:bf:
                    97:64:05:34:38:d0:e8:ac:78:62:09:61:c8:8a:84:
                    0c:b1:cc:eb:ff:42:64:ce:45:43:54:95:a6:68:e3:
                    26:48:92:c8:3e:7d:b3:a6:a3:38:ae:9a:fb:3f:26:
                    7a:4e:6c:e4:46:eb:45:d5:49:88:25:cd:dc:12:f9:
                    db:6e:6d:34:8f:12:10:33:35:5c:e3:61:b9:c0:fb:
                    e1:0b:e5:df:09:42:81:52:16:31:ed:80:04:b6:14:
                    9d:4d:15:81:60:c5:94:09:4f:29:b0:7c:70:0e:69:
                    f7:79:6a:68:86:54:5c:79:3b:6c:e8:5f:ac:98:0a:
                    56:65:63:58:bb:e2:8c:cc:40:f8:85:7e:ac:02:22:
                    0f:e6:c1:1d:3f:69:e9:2a:1e:c3:a0:15:0d:a9:31:
                    ff:ba:62:da:f9:c0:4b:ce:f9:b2:19:ec:01:c0:fe:
                    d1:09:dc:af:f8:8e:10:b2:c6:72:05:92:54:63:df:
                    70:f8:2e:e7:d1:fd:26:58:9c:90:84:18:13:8e:8f:
                    da:ec:5d:f4:b7:37:d4:25:59:31:93:cc:27:68:d5:
                    22:bb:0b:5e:c1:ed:d2:ae:f6:80:6f:7a:88:86:54:
                    81:32:91:aa:f3:10:dc:74:f7:09:d1:7c:01:c4:06:
                    4e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:B0:4D:22:16:B6:54:99:4A:DE:3A:E0:B4:4F:9B:CF:B3:19:43:2C
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a3430303a3a2f33382d3438203d3e20323135353331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         2c:90:5b:ec:b6:cb:b8:35:10:61:1c:3e:09:0f:53:56:97:e8:
         6b:aa:4c:eb:1f:76:86:56:b0:18:0f:c1:db:90:b0:d6:f7:72:
         b1:e2:e4:32:1f:3b:1e:63:11:e3:9e:c8:83:6d:5a:0c:a1:41:
         21:ac:61:d0:fe:e0:5b:41:36:f0:35:c5:e6:26:f5:db:ab:69:
         7c:05:5f:e0:61:9a:15:2b:e2:7d:be:3c:9b:98:80:3a:e9:ad:
         03:8c:dd:d3:bf:cf:cb:99:58:33:ca:cb:c4:24:1e:23:ee:b8:
         a6:e0:41:29:8c:ed:26:2d:0a:38:c2:7a:1b:7f:d1:b1:0a:8a:
         9b:50:46:ab:43:3d:36:41:a6:f3:d6:46:22:3b:02:72:a4:05:
         39:c3:d6:a7:4f:e6:02:2b:94:b1:8c:b2:72:1e:46:17:71:42:
         55:fc:ce:08:7b:7c:76:fb:61:95:9e:d6:5a:bf:ad:29:ba:1a:
         22:58:09:d5:f8:6c:a1:ba:3c:ac:a3:f3:b0:0e:f1:40:57:19:
         89:d2:d2:e0:df:9f:5c:d4:8a:56:98:5e:17:02:88:7d:7f:ef:
         b0:c8:0c:f7:a5:10:b8:db:eb:bf:cf:ab:8b:bf:bd:27:67:a2:
         2e:a2:5a:85:9a:bd:88:9e:c5:91:b4:d4:ae:72:aa:4d:3d:00:
         be:ee:f6:6a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUalrY5U4WF/+5Ul3U9mKvlPVQQe0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNTA0MjkxNTE0MThaFw0yNjA0MjgxNTE5MThaMDMxMTAvBgNV
BAMTKDZCQjA0RDIyMTZCNjU0OTk0QURFM0FFMEI0NEY5QkNGQjMxOTQzMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9i/Do//H8M3Ll+wJtv5dkBTQ4
0OiseGIJYciKhAyxzOv/QmTORUNUlaZo4yZIksg+fbOmoziumvs/JnpObORG60XV
SYglzdwS+dtubTSPEhAzNVzjYbnA++EL5d8JQoFSFjHtgAS2FJ1NFYFgxZQJTymw
fHAOafd5amiGVFx5O2zoX6yYClZlY1i74ozMQPiFfqwCIg/mwR0/aekqHsOgFQ2p
Mf+6Ytr5wEvO+bIZ7AHA/tEJ3K/4jhCyxnIFklRj33D4LufR/SZYnJCEGBOOj9rs
XfS3N9QlWTGTzCdo1SK7C17B7dKu9oBveoiGVIEykarzENx09wnRfAHEBk6JAgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQUa7BNIha2VJlK3jrgtE+bz7MZQywwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBhwYIKwYBBQUHAQsEezB5MHcGCCsGAQUFBzALhmtyc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzQzMDMwM2EzYTJmMzMzODJkMzQzODIwM2QzZTIwMzIzMTM1MzUzMzMx
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIw
EDAOBAIAAjAIAwYCKhQHwAQwDQYJKoZIhvcNAQELBQADggEBACyQW+y2y7g1EGEc
PgkPU1aX6GuqTOsfdoZWsBgPwduQsNb3crHi5DIfOx5jEeOeyINtWgyhQSGsYdD+
4FtBNvA1xeYm9duraXwFX+BhmhUr4n2+PJuYgDrprQOM3dO/z8uZWDPKy8QkHiPu
uKbgQSmM7SYtCjjCeht/0bEKiptQRqtDPTZBpvPWRiI7AnKkBTnD1qdP5gIrlLGM
snIeRhdxQlX8zgh7fHb7YZWe1lq/rSm6GiJYCdX4bKG6PKyj87AO8UBXGYnS0uDf
n1zUilaYXhcCiH1/77DIDPelELjb67/Pq4u/vSdnoi6iWoWavYiexZG01K5yqk09
AL7u9mo=
-----END CERTIFICATE-----