Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a346330303a3a2f34302d3438203d3e20323134383334.roa
File:                     326131343a3763303a346330303a3a2f34302d3438203d3e20323134383334.roa (raw, json)
Hash identifier:          6hKyZP/Bs4eXLiGHF6548Pv6QkqmvGmetLjm0Fx0Nb4=
Subject key identifier:   5B:47:6E:9E:C8:ED:C6:79:87:15:F4:86:C1:1E:D1:9A:7F:72:05:77
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       162CBA0A38E6EDD4F153D36CE5759F3306FA89F4
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a346330303a3a2f34302d3438203d3e20323134383334.roa
Signing time:             Tue 29 Apr 2025 15:19:14 +0000
ROA not before:           Tue 29 Apr 2025 15:14:14 +0000
ROA not after:            Tue 28 Apr 2026 15:19:14 +0000
asID:                     214834
IP address blocks:        2a14:7c0:4c00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 16:14:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:2c:ba:0a:38:e6:ed:d4:f1:53:d3:6c:e5:75:9f:33:06:fa:89:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Apr 29 15:14:14 2025 GMT
            Not After : Apr 28 15:19:14 2026 GMT
        Subject: CN=5B476E9EC8EDC6798715F486C11ED19A7F720577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f4:cf:25:97:8f:a6:1b:93:66:b7:71:8f:7c:
                    b3:e8:65:2f:7f:61:cd:fd:e7:68:9b:cb:26:eb:ee:
                    40:ca:a6:3f:3e:da:6b:e8:0d:34:fa:27:ae:a3:f4:
                    56:ac:36:77:17:70:23:31:fd:7f:d8:c3:a3:68:a8:
                    99:27:37:45:22:56:28:01:fd:95:a3:05:51:c6:24:
                    ba:a0:1d:ab:ef:bc:1d:47:aa:13:b4:bb:2f:89:dd:
                    91:7b:0b:fc:bb:3b:70:75:72:d0:8d:8f:6b:c1:30:
                    dd:a1:5f:48:ad:c3:2d:c1:65:f9:44:ba:00:6a:18:
                    09:1e:2c:d5:6c:e2:2d:fa:d6:0c:63:2e:c1:09:c8:
                    a4:56:38:31:c7:c3:05:51:fc:d8:7a:6b:44:02:5e:
                    ad:38:9a:a4:82:73:73:62:dc:90:2d:0d:0c:cd:72:
                    41:7b:12:24:fb:a7:df:d0:18:7d:ef:60:ed:35:93:
                    48:b1:d9:bf:c9:8c:7e:47:3e:0b:23:9f:c4:32:dd:
                    85:3c:dd:04:5b:56:04:84:c0:a1:4c:b8:4b:e4:b0:
                    57:15:b9:3b:c0:95:2b:ff:06:38:86:e7:e5:6e:1b:
                    c0:b6:62:22:a5:e5:99:b3:03:2f:4a:7b:a5:aa:4d:
                    f8:a8:1c:4a:3e:68:92:cb:68:7c:a7:b3:72:80:3a:
                    ef:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:47:6E:9E:C8:ED:C6:79:87:15:F4:86:C1:1E:D1:9A:7F:72:05:77
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a346330303a3a2f34302d3438203d3e20323134383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:4c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         36:8b:5d:b8:76:43:12:9c:85:3b:d2:55:20:a5:ea:20:98:4a:
         b7:e1:f7:8e:5d:91:06:5f:13:b3:b7:51:4c:b3:33:8d:a2:93:
         c8:de:2e:39:f2:77:6b:a4:76:dd:5b:c9:28:09:f9:01:6d:09:
         87:3d:f6:4f:ff:cc:9c:d6:7f:b3:00:f4:49:b5:ae:70:35:91:
         5d:31:e1:55:90:6e:64:ad:a7:fe:e3:71:38:31:88:e2:91:ef:
         7d:80:32:94:e4:12:e6:98:ab:9e:12:b1:4a:dc:a1:15:88:e8:
         0b:d7:6e:c7:cf:51:e2:90:00:b6:58:af:11:22:0b:3c:54:93:
         6f:44:46:06:ce:40:38:f6:e8:87:f5:37:f6:c3:ad:6a:93:38:
         98:4d:04:2a:bd:85:f9:70:b6:96:5f:50:de:57:dc:8b:65:84:
         df:de:eb:4c:75:27:b3:88:44:02:d5:86:0b:7a:8f:f1:39:c2:
         c3:d9:7e:fd:f1:8c:72:c8:a7:35:fe:1c:4b:c2:50:2b:26:ad:
         79:27:d9:0c:af:b3:e2:b6:92:23:0d:e3:1d:21:de:a6:e2:12:
         08:24:93:9b:ac:d2:19:1d:65:c8:80:e9:f3:ac:30:c8:04:7d:
         86:f5:9f:28:f6:ec:f8:b2:e4:0d:64:f8:45:24:75:9a:c9:ed:
         36:67:a2:0c
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUFiy6Cjjm7dTxU9Ns5XWfMwb6ifQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNTA0MjkxNTE0MTRaFw0yNjA0MjgxNTE5MTRaMDMxMTAvBgNV
BAMTKDVCNDc2RTlFQzhFREM2Nzk4NzE1RjQ4NkMxMUVEMTlBN0Y3MjA1NzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09M8ll4+mG5Nmt3GPfLPoZS9/
Yc3952ibyybr7kDKpj8+2mvoDTT6J66j9FasNncXcCMx/X/Yw6NoqJknN0UiVigB
/ZWjBVHGJLqgHavvvB1HqhO0uy+J3ZF7C/y7O3B1ctCNj2vBMN2hX0itwy3BZflE
ugBqGAkeLNVs4i361gxjLsEJyKRWODHHwwVR/Nh6a0QCXq04mqSCc3Ni3JAtDQzN
ckF7EiT7p9/QGH3vYO01k0ix2b/JjH5HPgsjn8Qy3YU83QRbVgSEwKFMuEvksFcV
uTvAlSv/BjiG5+VuG8C2YiKl5ZmzAy9Ke6WqTfioHEo+aJLLaHyns3KAOu/ZAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUW0dunsjtxnmHFfSGwR7Rmn9yBXcwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzQ2MzMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMxMzQzODMz
MzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfATDANBgkqhkiG9w0BAQsFAAOCAQEANotduHZDEpyF
O9JVIKXqIJhKt+H3jl2RBl8Ts7dRTLMzjaKTyN4uOfJ3a6R23VvJKAn5AW0Jhz32
T//MnNZ/swD0SbWucDWRXTHhVZBuZK2n/uNxODGI4pHvfYAylOQS5pirnhKxStyh
FYjoC9dux89R4pAAtlivESILPFSTb0RGBs5AOPboh/U39sOtapM4mE0EKr2F+XC2
ll9Q3lfci2WE397rTHUns4hEAtWGC3qP8TnCw9l+/fGMcsinNf4cS8JQKyateSfZ
DK+z4raSIw3jHSHepuISCCSTm6zSGR1lyIDp86wwyAR9hvWfKPbs+LLkDWT4RSR1
msntNmeiDA==
-----END CERTIFICATE-----