Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a33303a3a2f34342d3438203d3e20323135343230.roa
File:                     326131343a3763303a33303a3a2f34342d3438203d3e20323135343230.roa (raw, json)
Hash identifier:          ReFCNxRZg+kLRYVVnpdesEFHWCA1uRyJBCDlbsY32G0=
Subject key identifier:   76:FE:61:6A:AF:34:AD:12:3D:57:60:47:17:D9:00:9E:12:D8:9C:FD
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       42562C635FDA2286200C88C2D707E89F6921E6FB
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a33303a3a2f34342d3438203d3e20323135343230.roa
Signing time:             Sat 11 Apr 2026 17:52:34 +0000
ROA not before:           Sat 11 Apr 2026 17:47:34 +0000
ROA not after:            Sat 10 Apr 2027 17:52:34 +0000
asID:                     215420
IP address blocks:        2a14:7c0:30::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:18:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:56:2c:63:5f:da:22:86:20:0c:88:c2:d7:07:e8:9f:69:21:e6:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Apr 11 17:47:34 2026 GMT
            Not After : Apr 10 17:52:34 2027 GMT
        Subject: CN=76FE616AAF34AD123D57604717D9009E12D89CFD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:50:d1:eb:8f:b4:63:02:6a:f1:71:c9:d4:c2:
                    3f:7a:1a:03:0a:15:be:93:68:21:51:cf:9e:7b:79:
                    79:fe:3d:0d:24:93:59:7d:1a:25:34:01:75:7b:36:
                    ca:27:d7:89:f1:60:c8:bf:60:83:a4:3f:b8:1d:fa:
                    9e:42:2b:61:62:a1:1b:90:37:02:97:06:d4:d3:97:
                    79:47:e8:41:b6:c0:0a:9f:8b:53:c3:80:46:fb:1e:
                    06:9d:5f:a4:92:b9:92:92:1c:80:8d:2f:60:5b:2d:
                    81:24:57:0a:91:41:db:77:c6:ca:60:72:37:8e:53:
                    c4:1c:55:8d:0a:05:75:5c:f6:a0:90:1c:d7:00:e6:
                    8d:1c:f4:91:c5:68:22:6f:df:32:58:6a:e1:f7:d4:
                    bf:eb:c2:aa:48:5f:3e:d9:33:88:09:5c:8f:2f:7e:
                    a0:b8:72:c3:d1:df:be:0e:3c:0d:93:0d:6d:bf:6f:
                    ca:6c:88:c3:0e:87:ff:96:64:c0:eb:0f:d6:fb:63:
                    e9:33:c0:45:76:cc:dd:ba:9a:a1:24:c0:50:be:89:
                    76:aa:30:c1:bc:16:d8:fc:1b:c9:83:26:fc:6b:e9:
                    03:a1:50:4f:c5:6c:f6:15:64:70:1d:08:cc:54:2a:
                    9d:e1:68:6f:1d:26:42:a2:ec:15:f7:b4:b2:85:e4:
                    d9:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:FE:61:6A:AF:34:AD:12:3D:57:60:47:17:D9:00:9E:12:D8:9C:FD
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a33303a3a2f34342d3438203d3e20323135343230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:30::/44

    Signature Algorithm: sha256WithRSAEncryption
         6c:33:04:dd:f4:fb:5b:ff:50:60:f8:51:dc:11:25:f0:2b:0e:
         ff:44:2f:a6:b4:a1:4c:3a:66:35:db:40:40:6a:ac:0e:c7:4b:
         53:df:ce:45:ca:8d:58:8e:0c:88:84:93:c6:71:93:98:0b:69:
         65:82:ad:da:81:9b:4c:98:d4:db:f9:86:86:ba:bf:12:e8:60:
         76:75:61:47:be:2a:d7:fb:11:48:0f:cb:e6:3d:f4:f5:51:b5:
         62:82:e4:55:c7:9f:83:bd:0c:19:94:73:66:56:e7:80:1d:ba:
         ba:ba:fd:02:5b:98:1e:31:9a:77:26:f7:c2:c9:30:d5:a3:d8:
         ae:b8:83:d3:14:d4:58:d7:f0:c1:0c:5b:87:c5:99:86:12:cc:
         cb:cc:9d:06:61:9b:5a:24:fb:7b:27:8c:12:23:5e:03:1f:b6:
         98:cd:5f:02:1d:88:06:c2:78:2a:d5:10:31:0a:fa:23:86:3f:
         32:c7:89:af:b3:72:58:fe:c6:59:19:19:26:9a:3c:b7:44:42:
         03:ab:22:69:3e:6b:22:84:dc:07:57:89:5e:1d:39:29:87:04:
         f6:5a:da:29:c7:44:7a:00:6a:d8:d4:b2:61:25:83:14:ca:8d:
         be:54:7b:f2:f9:b6:ba:86:a8:71:76:31:c5:b2:ff:bf:ae:3d:
         1e:36:9d:ca
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUQlYsY1/aIoYgDIjC1wfon2kh5vswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNjA0MTExNzQ3MzRaFw0yNzA0MTAxNzUyMzRaMDMxMTAvBgNV
BAMTKDc2RkU2MTZBQUYzNEFEMTIzRDU3NjA0NzE3RDkwMDlFMTJEODlDRkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBUNHrj7RjAmrxccnUwj96GgMK
Fb6TaCFRz557eXn+PQ0kk1l9GiU0AXV7Nson14nxYMi/YIOkP7gd+p5CK2FioRuQ
NwKXBtTTl3lH6EG2wAqfi1PDgEb7HgadX6SSuZKSHICNL2BbLYEkVwqRQdt3xspg
cjeOU8QcVY0KBXVc9qCQHNcA5o0c9JHFaCJv3zJYauH31L/rwqpIXz7ZM4gJXI8v
fqC4csPR374OPA2TDW2/b8psiMMOh/+WZMDrD9b7Y+kzwEV2zN26mqEkwFC+iXaq
MMG8Ftj8G8mDJvxr6QOhUE/FbPYVZHAdCMxUKp3haG8dJkKi7BX3tLKF5NlVAgMB
AAGjggHqMIIB5jAdBgNVHQ4EFgQUdv5haq80rRI9V2BHF9kAnhLYnP0wHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBhQYIKwYBBQUHAQsEeTB3MHUGCCsGAQUFBzALhmlyc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzMzMDNhM2EyZjM0MzQyZDM0MzgyMDNkM2UyMDMyMzEzNTM0MzIzMC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHBCoUB8AAMDANBgkqhkiG9w0BAQsFAAOCAQEAbDME3fT7W/9QYPhR
3BEl8CsO/0QvprShTDpmNdtAQGqsDsdLU9/ORcqNWI4MiISTxnGTmAtpZYKt2oGb
TJjU2/mGhrq/EuhgdnVhR74q1/sRSA/L5j309VG1YoLkVcefg70MGZRzZlbngB26
urr9AluYHjGadyb3wskw1aPYrriD0xTUWNfwwQxbh8WZhhLMy8ydBmGbWiT7eyeM
EiNeAx+2mM1fAh2IBsJ4KtUQMQr6I4Y/MseJr7NyWP7GWRkZJpo8t0RCA6siaT5r
IoTcB1eJXh05KYcE9lraKcdEegBq2NSyYSWDFMqNvlR78vm2uoaocXYxxbL/v649
Hjadyg==
-----END CERTIFICATE-----