Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Netiface/3/326131343a396530303a383a3a2f34382d3438203d3e203139313438.roa
File:                     326131343a396530303a383a3a2f34382d3438203d3e203139313438.roa (raw, json)
Hash identifier:          0kZRhHUq0Q5cMeQlGPesx/OlWxzPHqZcR6uvayJhZ7s=
Subject key identifier:   DF:86:18:F4:36:F7:6A:75:95:74:96:BF:87:18:3F:17:E3:BA:7D:13
Certificate issuer:       /CN=a640aa61f1d62b9c940459804ae11be99ad43842
Certificate serial:       6242F9707639B06F606ED971F7A48B40C8DB986A
Authority key identifier: A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
Subject info access:      rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a383a3a2f34382d3438203d3e203139313438.roa
Signing time:             Tue 29 Apr 2025 21:39:57 +0000
ROA not before:           Tue 29 Apr 2025 21:34:57 +0000
ROA not after:            Tue 28 Apr 2026 21:39:57 +0000
asID:                     19148
IP address blocks:        2a14:9e00:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl
                          rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 13:34:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:42:f9:70:76:39:b0:6f:60:6e:d9:71:f7:a4:8b:40:c8:db:98:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a640aa61f1d62b9c940459804ae11be99ad43842
        Validity
            Not Before: Apr 29 21:34:57 2025 GMT
            Not After : Apr 28 21:39:57 2026 GMT
        Subject: CN=DF8618F436F76A75957496BF87183F17E3BA7D13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ab:a5:26:12:e9:3b:d8:fa:cd:72:d7:02:1e:
                    5f:ee:21:b0:2d:9a:9e:83:44:a2:df:19:be:33:b3:
                    8e:d8:55:a6:07:5d:d5:7a:da:24:64:fe:40:f5:c9:
                    4c:ee:ba:6b:78:90:f7:1d:50:67:0e:04:90:83:2f:
                    ec:6a:fb:b5:af:11:b8:53:ef:f8:e0:68:f8:d7:71:
                    32:83:70:0f:4c:87:1f:92:e9:ec:03:2d:3e:04:f9:
                    cc:83:57:ad:37:c1:28:bd:7d:c5:09:75:3c:a8:44:
                    51:86:15:82:0f:bd:06:da:fb:6a:fa:26:a6:89:51:
                    76:51:b9:ae:5e:2a:84:62:1a:ba:66:a5:0b:d1:d1:
                    6f:6f:01:6b:98:28:cc:11:be:4a:4d:25:98:34:c5:
                    63:7c:de:c6:2c:f2:01:14:3b:b3:4e:8b:5a:f6:3a:
                    5a:19:b3:2c:9a:64:63:57:3b:87:2d:74:f8:a2:de:
                    bc:b8:9a:a2:8e:4e:a7:fd:07:f8:be:94:e6:cd:bf:
                    83:9b:98:b6:c0:f1:e3:d8:ea:97:46:c6:00:55:0b:
                    03:70:6c:6c:76:94:b6:b6:48:32:71:a9:cc:44:8e:
                    1f:6c:84:f9:0e:0f:bb:79:97:77:72:aa:76:5f:83:
                    3a:7e:c3:c2:6d:9a:77:5a:45:b4:f8:43:4f:3b:ab:
                    1c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:86:18:F4:36:F7:6A:75:95:74:96:BF:87:18:3F:17:E3:BA:7D:13
            X509v3 Authority Key Identifier:
                keyid:A6:40:AA:61:F1:D6:2B:9C:94:04:59:80:4A:E1:1B:E9:9A:D4:38:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Netiface/3/A640AA61F1D62B9C940459804AE11BE99AD43842.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkCqYfHWK5yUBFmASuEb6ZrUOEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Netiface/3/326131343a396530303a383a3a2f34382d3438203d3e203139313438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:0a:d7:ba:34:56:ee:0e:81:0c:82:91:07:f9:8a:d1:72:c2:
         8b:47:a6:6d:4c:a0:2f:f6:27:52:53:99:f8:c4:7a:ce:f3:d0:
         ad:87:19:50:99:18:a1:33:ea:f6:3c:a7:76:70:a6:cc:61:27:
         48:6d:82:3f:6c:9e:2e:0d:01:71:0b:e8:f8:55:55:a0:6e:65:
         3c:c4:e1:7b:27:3e:79:36:f7:74:9c:29:c3:81:1b:0e:aa:17:
         8d:30:9b:c8:71:c6:f2:ba:d2:57:1e:15:6e:f4:8d:25:cc:ac:
         ac:62:0b:0f:36:0e:5a:f0:50:05:ec:94:34:68:e1:2c:5f:52:
         da:fd:cf:a0:a8:0d:92:45:34:c0:83:96:bf:39:0a:38:89:b5:
         41:97:b9:1a:a0:e4:4f:df:fc:4e:7c:0e:7f:c3:6a:29:d5:56:
         36:c4:f0:5b:40:d5:5e:4a:d0:28:75:cd:d6:be:ba:c9:9c:95:
         3f:ec:23:8e:57:eb:88:68:19:2e:9e:f7:2a:07:43:19:1d:ac:
         12:d4:65:d6:f8:96:c5:33:92:05:bc:b7:81:0e:83:8c:cf:24:
         d2:d9:c3:ee:48:88:7f:32:59:13:96:50:db:99:06:de:ed:62:
         b1:3f:53:90:54:07:94:30:ee:c3:ab:c3:72:43:f5:62:ed:d6:
         39:dc:1a:d4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUYkL5cHY5sG9gbtlx96SLQMjbmGowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTY0MGFhNjFmMWQ2MmI5Yzk0MDQ1OTgwNGFlMTFiZTk5
YWQ0Mzg0MjAeFw0yNTA0MjkyMTM0NTdaFw0yNjA0MjgyMTM5NTdaMDMxMTAvBgNV
BAMTKERGODYxOEY0MzZGNzZBNzU5NTc0OTZCRjg3MTgzRjE3RTNCQTdEMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+q6UmEuk72PrNctcCHl/uIbAt
mp6DRKLfGb4zs47YVaYHXdV62iRk/kD1yUzuumt4kPcdUGcOBJCDL+xq+7WvEbhT
7/jgaPjXcTKDcA9Mhx+S6ewDLT4E+cyDV603wSi9fcUJdTyoRFGGFYIPvQba+2r6
JqaJUXZRua5eKoRiGrpmpQvR0W9vAWuYKMwRvkpNJZg0xWN83sYs8gEUO7NOi1r2
OloZsyyaZGNXO4ctdPii3ry4mqKOTqf9B/i+lObNv4ObmLbA8ePY6pdGxgBVCwNw
bGx2lLa2SDJxqcxEjh9shPkOD7t5l3dyqnZfgzp+w8JtmndaRbT4Q087qxwfAgMB
AAGjggHiMIIB3jAdBgNVHQ4EFgQU34YY9Db3anWVdJa/hxg/F+O6fRMwHwYDVR0j
BBgwFoAUpkCqYfHWK5yUBFmASuEb6ZrUOEIwDgYDVR0PAQH/BAQDAgeAMGUGA1Ud
HwReMFwwWqBYoFaGVHJzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vTmV0aWZh
Y2UvMy9BNjQwQUE2MUYxRDYyQjlDOTQwNDU5ODA0QUUxMUJFOTlBRDQzODQyLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcGtDcVlmSFdLNXlVQkZtQVN1RWI2WnJV
T0VJLmNlcjCBgAYIKwYBBQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3Jl
cG8ucnBraS5zcGFjZS9yZXBvL05ldGlmYWNlLzMvMzI2MTMxMzQzYTM5NjUzMDMw
M2EzODNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMxMzkzMTM0Mzgucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkD
BwAqFJ4AAAgwDQYJKoZIhvcNAQELBQADggEBAL8K17o0Vu4OgQyCkQf5itFywotH
pm1MoC/2J1JTmfjEes7z0K2HGVCZGKEz6vY8p3ZwpsxhJ0htgj9sni4NAXEL6PhV
VaBuZTzE4XsnPnk293ScKcOBGw6qF40wm8hxxvK60lceFW70jSXMrKxiCw82Dlrw
UAXslDRo4SxfUtr9z6CoDZJFNMCDlr85CjiJtUGXuRqg5E/f/E58Dn/DainVVjbE
8FtA1V5K0Ch1zda+usmclT/sI45X64hoGS6e9yoHQxkdrBLUZdb4lsUzkgW8t4EO
g4zPJNLZw+5IiH8yWROWUNuZBt7tYrE/U5BUB5Qw7sOrw3JD9WLt1jncGtQ=
-----END CERTIFICATE-----