Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Netiface/3/326131343a396530303a343a3a2f34382d3438203d3e203139313438.roa
File:                     326131343a396530303a343a3a2f34382d3438203d3e203139313438.roa (raw, json)
Hash identifier:          +pJba/8Xqwqz6GxWG5aE54WFuzIEO7aAQFkQoyQl1sU=
Subject key identifier:   47:6C:44:E0:F9:8A:14:68:14:A8:BD:47:49:95:1A:92:16:03:13:9D
Certificate issuer:       /CN=a640aa61f1d62b9c940459804ae11be99ad43842
Certificate serial:       1DEC4293133C089C69CD2641BA97F9F19E01C34B
Authority key identifier: A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
Subject info access:      rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a343a3a2f34382d3438203d3e203139313438.roa
Signing time:             Tue 29 Apr 2025 21:39:39 +0000
ROA not before:           Tue 29 Apr 2025 21:34:39 +0000
ROA not after:            Tue 28 Apr 2026 21:39:39 +0000
asID:                     19148
IP address blocks:        2a14:9e00:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl
                          rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 13:34:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:ec:42:93:13:3c:08:9c:69:cd:26:41:ba:97:f9:f1:9e:01:c3:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640aa61f1d62b9c940459804ae11be99ad43842
        Validity
            Not Before: Apr 29 21:34:39 2025 GMT
            Not After : Apr 28 21:39:39 2026 GMT
        Subject: CN=476C44E0F98A146814A8BD4749951A921603139D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bc:fa:da:6f:81:df:63:b0:2b:ff:9f:d8:0d:
                    7d:b3:a5:c1:64:f1:73:25:5f:2b:89:89:2d:6c:6b:
                    65:37:a4:83:1a:4d:db:87:da:1a:60:00:f4:15:51:
                    40:c1:0f:45:57:9a:9e:13:c7:50:13:f6:02:8c:65:
                    b7:45:c6:5e:7d:ec:24:ed:88:40:45:d0:60:40:00:
                    2c:cb:b8:6e:73:e6:fc:c9:7b:6e:a8:6d:e5:64:1d:
                    a9:16:1d:6a:e8:c6:d3:c7:52:15:34:f7:e4:7b:38:
                    4b:15:ce:ad:09:8e:4b:8f:8d:20:54:a4:74:78:e1:
                    37:d7:5b:74:d3:7d:cf:3b:7b:04:e0:b8:fd:7d:e8:
                    5d:c2:97:99:de:38:84:28:86:f0:71:c0:eb:ff:f7:
                    ee:4e:56:e8:7c:3c:54:6d:77:cc:26:be:7a:54:b0:
                    a7:90:55:9e:47:c2:4a:e9:21:ce:a5:8b:56:25:1c:
                    fc:f8:40:99:a1:67:ad:15:9c:60:a9:bc:f1:62:7f:
                    88:0a:d2:e8:08:19:ca:1d:cc:be:93:2e:32:89:af:
                    a9:08:27:20:ab:f3:25:a4:34:f5:4a:0f:14:70:56:
                    31:4e:d5:89:0f:02:c1:f2:66:58:04:cd:51:0c:37:
                    85:a3:9c:17:72:92:3e:ed:a3:05:5e:77:42:2e:03:
                    fb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:6C:44:E0:F9:8A:14:68:14:A8:BD:47:49:95:1A:92:16:03:13:9D
            X509v3 Authority Key Identifier:
                keyid:A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a343a3a2f34382d3438203d3e203139313438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:6f:d5:8c:6a:57:23:85:04:b8:5e:37:ec:f5:7c:ba:00:82:
         b9:6b:21:b1:1d:1d:5a:03:51:7f:13:35:d7:41:28:4a:dd:86:
         fa:bc:3c:23:d5:8f:9b:5f:6e:72:0f:6b:4f:ce:84:8a:56:e3:
         aa:e6:ef:b1:62:6b:12:fd:07:7b:90:6c:5d:06:d5:1a:e5:6a:
         b5:ab:84:56:17:97:b3:11:24:3a:bc:ef:50:df:78:c6:53:44:
         eb:60:33:85:bc:d4:1d:42:e3:ae:24:d6:62:2b:d5:cd:21:b4:
         72:f2:31:91:0b:5c:55:11:5a:08:d1:c7:8a:3c:d5:62:cb:ab:
         a5:86:4c:69:a5:64:af:0f:c9:4e:91:f6:e6:87:5c:be:5c:1f:
         fb:b6:53:75:db:2b:3a:36:06:43:f6:7e:b5:d5:d3:54:83:af:
         30:92:32:df:ee:dd:2a:de:43:7e:66:0b:9f:60:34:f2:aa:da:
         45:56:8a:1e:9a:35:cc:a0:62:3a:aa:32:2c:7f:fd:69:11:f7:
         04:69:77:83:14:0a:4f:62:ca:ab:b1:7e:c3:cc:c8:5c:40:5b:
         2e:df:4f:18:ca:bf:e4:da:27:e2:2a:c4:9c:9e:9b:c1:55:d7:
         3c:3e:55:86:30:08:a0:16:12:5e:1a:5f:1d:99:d9:c7:43:76:
         6b:b4:0b:d0
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUHexCkxM8CJxpzSZBupf58Z4Bw0swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTY0MGFhNjFmMWQ2MmI5Yzk0MDQ1OTgwNGFlMTFiZTk5
YWQ0Mzg0MjAeFw0yNTA0MjkyMTM0MzlaFw0yNjA0MjgyMTM5MzlaMDMxMTAvBgNV
BAMTKDQ3NkM0NEUwRjk4QTE0NjgxNEE4QkQ0NzQ5OTUxQTkyMTYwMzEzOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClvPrab4HfY7Ar/5/YDX2zpcFk
8XMlXyuJiS1sa2U3pIMaTduH2hpgAPQVUUDBD0VXmp4Tx1AT9gKMZbdFxl597CTt
iEBF0GBAACzLuG5z5vzJe26obeVkHakWHWroxtPHUhU09+R7OEsVzq0JjkuPjSBU
pHR44TfXW3TTfc87ewTguP196F3Cl5neOIQohvBxwOv/9+5OVuh8PFRtd8wmvnpU
sKeQVZ5HwkrpIc6li1YlHPz4QJmhZ60VnGCpvPFif4gK0ugIGcodzL6TLjKJr6kI
JyCr8yWkNPVKDxRwVjFO1YkPAsHyZlgEzVEMN4WjnBdykj7towVed0IuA/s5AgMB
AAGjggHiMIIB3jAdBgNVHQ4EFgQUR2xE4PmKFGgUqL1HSZUakhYDE50wHwYDVR0j
BBgwFoAUpkCqYfHWK5yUBFmASuEb6ZrUOEIwDgYDVR0PAQH/BAQDAgeAMGUGA1Ud
HwReMFwwWqBYoFaGVHJzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vTmV0aWZh
Y2UvMy9BNjQwQUE2MUYxRDYyQjlDOTQwNDU5ODA0QUUxMUJFOTlBRDQzODQyLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcGtDcVlmSFdLNXlVQkZtQVN1RWI2WnJV
T0VJLmNlcjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jl
cG8ucnBraS5zcGFjZS9yZXBvL05ldGlmYWNlLzMvMzI2MTMxMzQzYTM5NjUzMDMw
M2EzNDNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMxMzkzMTM0Mzgucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkD
BwAqFJ4AAAQwDQYJKoZIhvcNAQELBQADggEBAI9v1YxqVyOFBLheN+z1fLoAgrlr
IbEdHVoDUX8TNddBKErdhvq8PCPVj5tfbnIPa0/OhIpW46rm77FiaxL9B3uQbF0G
1RrlarWrhFYXl7MRJDq871DfeMZTROtgM4W81B1C464k1mIr1c0htHLyMZELXFUR
WgjRx4o81WLLq6WGTGmlZK8PyU6R9uaHXL5cH/u2U3XbKzo2BkP2frXV01SDrzCS
Mt/u3SreQ35mC59gNPKq2kVWih6aNcygYjqqMix//WkR9wRpd4MUCk9iyquxfsPM
yFxAWy7fTxjKv+TaJ+IqxJyem8FV1zw+VYYwCKAWEl4aXx2Z2cdDdmu0C9A=
-----END CERTIFICATE-----