Route Origin Authorization

$ rpki-client -vvf repo.rpki.space/repo/Infiniroute/1/326131343a3763303a343830303a3a2f34302d3430203d3e20323135323932.roa
File:                     326131343a3763303a343830303a3a2f34302d3430203d3e20323135323932.roa (raw, json)
Hash identifier:          gDqFP4wJ2bXsegK5WqwGPkFygXdi4sn+vrkm3LftzqI=
Subject key identifier:   35:DD:D8:9E:72:D1:6B:F9:2D:DA:7F:ED:B7:AD:34:14:4E:36:64:14
Certificate issuer:       /CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
Certificate serial:       354E8825C7B3160466A5930273266E82656E53BA
Authority key identifier: 5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
Subject info access:      rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a343830303a3a2f34302d3430203d3e20323135323932.roa
Signing time:             Tue 31 Mar 2026 15:52:17 +0000
ROA not before:           Tue 31 Mar 2026 15:47:17 +0000
ROA not after:            Tue 30 Mar 2027 15:52:17 +0000
asID:                     215292
IP address blocks:        2a14:7c0:4800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl
                          rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:18:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:4e:88:25:c7:b3:16:04:66:a5:93:02:73:26:6e:82:65:6e:53:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b8e21c6890bd79ab764d91b60c39c3b7e4985e1
        Validity
            Not Before: Mar 31 15:47:17 2026 GMT
            Not After : Mar 30 15:52:17 2027 GMT
        Subject: CN=35DDD89E72D16BF92DDA7FEDB7AD34144E366414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:dc:15:3a:1e:fa:ab:7f:4f:47:66:44:dc:c7:
                    22:b4:5f:fa:58:9e:82:2e:c6:54:30:e2:5f:4d:e4:
                    b9:94:14:45:3d:df:f3:6e:48:fe:68:91:b6:4a:48:
                    1b:85:6c:10:3c:c8:65:41:60:05:cc:43:4a:fc:9a:
                    65:6d:df:80:9a:b5:f1:b9:6d:6e:20:83:a8:ce:85:
                    22:89:fb:0a:f1:6d:a8:4f:c2:71:4d:84:10:9e:94:
                    16:eb:eb:83:b9:cf:f7:46:19:6b:f3:f1:2c:0d:aa:
                    c8:06:e2:14:b2:99:b4:21:75:60:3d:f7:f8:57:2c:
                    18:8f:ee:e3:16:21:25:6a:32:b3:0a:0f:5f:dc:bb:
                    16:56:19:e9:28:4d:be:e9:72:c3:54:51:ad:3b:26:
                    c2:3b:5c:05:40:ae:11:1e:a9:d3:c7:13:0a:5c:cc:
                    57:c0:c5:ac:73:d6:c6:4f:b7:03:5c:85:88:30:11:
                    d3:a4:d8:b2:24:83:e1:c4:22:d4:3b:68:30:63:5d:
                    ad:86:a5:52:fb:c7:ec:25:bc:a1:e5:11:47:d0:3d:
                    2c:67:a9:f5:53:22:34:e9:78:f6:2d:fa:0e:71:f6:
                    53:dd:62:1e:32:32:d7:2f:74:c0:0a:7c:ff:bf:46:
                    f1:d2:a1:1c:b8:8c:aa:95:6b:cf:86:3b:32:e5:67:
                    e7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:DD:D8:9E:72:D1:6B:F9:2D:DA:7F:ED:B7:AD:34:14:4E:36:64:14
            X509v3 Authority Key Identifier:
                keyid:5B:8E:21:C6:89:0B:D7:9A:B7:64:D9:1B:60:C3:9C:3B:7E:49:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.rpki.space/repo/Infiniroute/1/5B8E21C6890BD79AB764D91B60C39C3B7E4985E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W44hxokL15q3ZNkbYMOcO35JheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.rpki.space/repo/Infiniroute/1/326131343a3763303a343830303a3a2f34302d3430203d3e20323135323932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c0:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         04:e6:43:81:31:2d:9c:70:55:0f:db:ef:d8:aa:51:e6:fe:bc:
         1e:3e:44:48:4d:10:68:52:67:37:af:80:97:d7:2a:00:82:32:
         aa:25:47:d4:3d:30:fa:51:f7:48:b3:cc:aa:6b:61:81:a4:27:
         b6:ff:8f:e6:f9:fa:be:42:03:ee:51:a1:1a:2b:5d:d8:0a:e1:
         a7:fc:61:9c:e7:2e:7b:e3:d8:7c:01:29:b7:64:fb:e3:ec:11:
         62:eb:74:bb:31:fa:ed:c3:a0:20:e8:33:a2:8f:c6:8b:8b:13:
         7d:0e:13:f9:bd:07:0b:fd:ae:97:0e:3c:22:58:4d:f1:f5:03:
         e8:70:8b:8d:f5:a2:e8:c1:d2:b9:71:45:40:fb:dd:53:02:ab:
         25:84:33:a1:a1:3b:77:9a:07:0c:1f:5d:97:70:f3:bc:fc:b9:
         88:61:e0:94:3e:36:64:a4:a6:4f:10:52:89:14:93:bd:32:86:
         75:77:03:b3:9e:87:fe:8e:d3:cc:a2:67:26:27:f3:c4:44:b7:
         df:25:b4:f1:40:5b:3c:31:0c:2a:07:31:cd:c6:f2:f9:fa:89:
         d6:cf:89:b9:37:cb:46:51:19:eb:07:d4:3c:92:db:62:46:bc:
         7c:7b:b0:7a:ae:0b:90:53:56:c5:af:1e:ff:0f:4e:91:87:36:
         b3:b0:71:aa
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUNU6IJcezFgRmpZMCcyZugmVuU7owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWI4ZTIxYzY4OTBiZDc5YWI3NjRkOTFiNjBjMzljM2I3
ZTQ5ODVlMTAeFw0yNjAzMzExNTQ3MTdaFw0yNzAzMzAxNTUyMTdaMDMxMTAvBgNV
BAMTKDM1REREODlFNzJEMTZCRjkyRERBN0ZFREI3QUQzNDE0NEUzNjY0MTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy3BU6Hvqrf09HZkTcxyK0X/pY
noIuxlQw4l9N5LmUFEU93/NuSP5okbZKSBuFbBA8yGVBYAXMQ0r8mmVt34CatfG5
bW4gg6jOhSKJ+wrxbahPwnFNhBCelBbr64O5z/dGGWvz8SwNqsgG4hSymbQhdWA9
9/hXLBiP7uMWISVqMrMKD1/cuxZWGekoTb7pcsNUUa07JsI7XAVArhEeqdPHEwpc
zFfAxaxz1sZPtwNchYgwEdOk2LIkg+HEItQ7aDBjXa2GpVL7x+wlvKHlEUfQPSxn
qfVTIjTpePYt+g5x9lPdYh4yMtcvdMAKfP+/RvHSoRy4jKqVa8+GOzLlZ+ePAgMB
AAGjggHtMIIB6TAdBgNVHQ4EFgQUNd3YnnLRa/kt2n/tt600FE42ZBQwHwYDVR0j
BBgwFoAUW44hxokL15q3ZNkbYMOcO35JheEwDgYDVR0PAQH/BAQDAgeAMGgGA1Ud
HwRhMF8wXaBboFmGV3JzeW5jOi8vcmVwby5ycGtpLnNwYWNlL3JlcG8vSW5maW5p
cm91dGUvMS81QjhFMjFDNjg5MEJENzlBQjc2NEQ5MUI2MEMzOUMzQjdFNDk4NUUx
LmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvVzQ0aHhva0wxNXEzWk5rYllNT2NP
MzVKaGVFLmNlcjCBiQYIKwYBBQUHAQsEfTB7MHkGCCsGAQUFBzALhm1yc3luYzov
L3JlcG8ucnBraS5zcGFjZS9yZXBvL0luZmluaXJvdXRlLzEvMzI2MTMxMzQzYTM3
NjMzMDNhMzQzODMwMzAzYTNhMmYzNDMwMmQzNDMwMjAzZDNlMjAzMjMxMzUzMjM5
MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAqFAfASDANBgkqhkiG9w0BAQsFAAOCAQEABOZDgTEtnHBV
D9vv2KpR5v68Hj5ESE0QaFJnN6+Al9cqAIIyqiVH1D0w+lH3SLPMqmthgaQntv+P
5vn6vkID7lGhGitd2Arhp/xhnOcue+PYfAEpt2T74+wRYut0uzH67cOgIOgzoo/G
i4sTfQ4T+b0HC/2ulw48IlhN8fUD6HCLjfWi6MHSuXFFQPvdUwKrJYQzoaE7d5oH
DB9dl3DzvPy5iGHglD42ZKSmTxBSiRSTvTKGdXcDs56H/o7TzKJnJifzxES33yW0
8UBbPDEMKgcxzcby+fqJ1s+JuTfLRlEZ6wfUPJLbYka8fHuweq4LkFNWxa8e/w9O
kYc2s7Bxqg==
-----END CERTIFICATE-----