Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a316330303a3a2f33392d3438203d3e20323135353633.roa
File:                     326131343a3763303a316330303a3a2f33392d3438203d3e20323135353633.roa (raw, json)
Hash identifier:          szMHA90ERyTWWMxvkvh022dJvClAe3njmwC4gnKhIjU=
Subject key identifier:   D3:77:C9:31:10:A5:C2:D4:6E:0F:B6:6D:F3:4E:99:94:3B:69:CE:CE
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       6064453D34C00F9F851D79BDE463E9741D975985
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a316330303a3a2f33392d3438203d3e20323135353633.roa
Signing time:             Tue 29 Apr 2025 15:19:14 +0000
ROA not before:           Tue 29 Apr 2025 15:14:14 +0000
ROA not after:            Tue 28 Apr 2026 15:19:14 +0000
asID:                     215563
IP address blocks:        2a14:7c0:1c00::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 23:16:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:64:45:3d:34:c0:0f:9f:85:1d:79:bd:e4:63:e9:74:1d:97:59:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Apr 29 15:14:14 2025 GMT
            Not After : Apr 28 15:19:14 2026 GMT
        Subject: CN=D377C93110A5C2D46E0FB66DF34E99943B69CECE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:89:fe:75:d8:69:fe:37:4d:47:51:84:a7:28:
                    20:05:d1:3e:a1:80:61:86:a9:1c:d1:b7:b3:ee:d1:
                    3c:00:99:eb:2e:d1:e6:5e:57:fd:2f:97:22:61:4c:
                    7c:2e:c4:c7:3c:06:f0:f8:7b:91:b6:7f:18:ad:f1:
                    4c:2b:0c:4a:7b:e8:db:86:90:4c:03:3d:d0:99:51:
                    99:d2:bd:65:99:03:da:1d:8e:8a:72:28:6f:e2:08:
                    d9:3d:69:6a:94:b6:5e:26:75:3a:0e:49:64:79:22:
                    14:53:34:c7:e1:9b:78:81:5b:19:5b:4f:08:46:c3:
                    27:bb:bb:a1:5d:9c:b3:40:e6:58:3f:e0:39:de:65:
                    cf:2c:4c:68:24:cd:7f:0e:b4:91:90:56:de:0b:26:
                    c0:ee:ff:ad:d8:37:7f:1d:81:b4:94:8f:a5:0c:4d:
                    42:e4:ea:af:ca:9f:65:c5:76:2c:7f:ce:17:8d:27:
                    55:b2:b1:9f:a8:d4:bc:b8:a6:7e:bb:a8:a5:39:8b:
                    7a:36:ea:79:fe:ed:62:f2:b0:b9:82:e4:f5:a0:7d:
                    d7:70:4e:aa:af:dd:2c:15:39:e7:c6:92:6d:b4:f3:
                    50:bd:96:4a:a8:42:1c:fd:91:c8:9f:79:52:c3:c4:
                    59:24:17:d8:c9:51:bd:de:73:94:09:33:f5:21:54:
                    fc:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:77:C9:31:10:A5:C2:D4:6E:0F:B6:6D:F3:4E:99:94:3B:69:CE:CE
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a316330303a3a2f33392d3438203d3e20323135353633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:1c00::/39

    Signature Algorithm: sha256WithRSAEncryption
         63:34:e5:c3:69:8e:f9:cd:8f:fb:f9:51:62:b6:29:a0:57:bd:
         d3:7a:d3:ac:1c:ba:a8:85:93:b7:24:ee:e1:c5:83:3e:7c:18:
         40:17:a2:cd:d3:1e:ed:af:0b:da:a8:f1:17:02:13:3b:bb:a0:
         62:b1:c2:f7:b9:09:59:2d:63:1a:98:f0:6e:ef:28:33:77:63:
         f5:8b:a6:c6:0b:b8:f5:e8:07:50:1f:2f:51:03:71:54:b2:f5:
         b3:95:d4:f6:30:95:a0:6e:35:5d:99:20:b6:07:b3:1b:ed:af:
         29:1b:be:b2:c8:19:35:84:58:c3:f3:ab:53:00:58:01:2c:52:
         db:e8:0f:ac:f1:62:87:11:b3:4e:20:be:84:6f:7b:9e:84:44:
         09:8f:52:f9:73:39:2f:ac:39:26:67:db:38:0c:d9:81:e7:3f:
         fd:0d:78:fb:ba:a0:77:c5:1d:47:e8:6f:d4:e9:a9:6f:8c:e9:
         5d:b4:e0:d5:86:bd:e9:3c:08:51:00:47:f1:c3:ba:59:62:c3:
         dc:b7:ab:06:50:5d:e1:40:66:0c:ac:b3:39:b6:a0:3a:52:03:
         f0:95:11:fd:78:ab:a5:23:7c:cb:a7:3e:2d:22:28:91:5c:38:
         ac:5e:fc:08:b0:4e:f0:81:04:22:3c:df:20:6a:ec:ab:b1:c8:
         ec:c5:5a:15
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUYGRFPTTAD5+FHXm95GPpdB2XWYUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNTA0MjkxNTE0MTRaFw0yNjA0MjgxNTE5MTRaMDMxMTAvBgNV
BAMTKEQzNzdDOTMxMTBBNUMyRDQ2RTBGQjY2REYzNEU5OTk0M0I2OUNFQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9if512Gn+N01HUYSnKCAF0T6h
gGGGqRzRt7Pu0TwAmesu0eZeV/0vlyJhTHwuxMc8BvD4e5G2fxit8UwrDEp76NuG
kEwDPdCZUZnSvWWZA9odjopyKG/iCNk9aWqUtl4mdToOSWR5IhRTNMfhm3iBWxlb
TwhGwye7u6FdnLNA5lg/4DneZc8sTGgkzX8OtJGQVt4LJsDu/63YN38dgbSUj6UM
TULk6q/Kn2XFdix/zheNJ1WysZ+o1Ly4pn67qKU5i3o26nn+7WLysLmC5PWgfddw
Tqqv3SwVOefGkm2081C9lkqoQhz9kcifeVLDxFkkF9jJUb3ec5QJM/UhVPxDAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQU03fJMRClwtRuD7Zt806ZlDtpzs4wHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzE2MzMwMzAzYTNhMmYzMzM5MmQzNDM4MjAzZDNlMjAzMjMxMzUzNTM2
MzMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgEqFAfAHDANBgkqhkiG9w0BAQsFAAOCAQEAYzTlw2mO+c2P
+/lRYrYpoFe903rTrBy6qIWTtyTu4cWDPnwYQBeizdMe7a8L2qjxFwITO7ugYrHC
97kJWS1jGpjwbu8oM3dj9Yumxgu49egHUB8vUQNxVLL1s5XU9jCVoG41XZkgtgez
G+2vKRu+ssgZNYRYw/OrUwBYASxS2+gPrPFihxGzTiC+hG97noRECY9S+XM5L6w5
JmfbOAzZgec//Q14+7qgd8UdR+hv1Ompb4zpXbTg1Ya96TwIUQBH8cO6WWLD3Ler
BlBd4UBmDKyzObagOlID8JUR/XirpSN8y6c+LSIokVw4rF78CLBO8IEEIjzfIGrs
q7HI7MVaFQ==
-----END CERTIFICATE-----