Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3132382e3232302e302f32322d3332203d3e2033323134.roa
File:                     34352e3132382e3232302e302f32322d3332203d3e2033323134.roa (raw, json)
Hash identifier:          qJUcY2jgghK/ztaHsW5vCY9qmkIhDd0vNrjTE9t6JCY=
Subject key identifier:   16:FC:1D:83:1B:5C:3F:72:C3:24:7C:8C:EB:1C:BC:83:94:70:28:BF
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       110CCC7E1183F0A434D72C108F8E4C96AD5BEC5B
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3132382e3232302e302f32322d3332203d3e2033323134.roa
Signing time:             Thu 06 Mar 2025 05:52:10 +0000
ROA not before:           Thu 06 Mar 2025 05:47:10 +0000
ROA not after:            Thu 05 Mar 2026 05:52:10 +0000
asID:                     3214
IP address blocks:        45.128.220.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:54:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:0c:cc:7e:11:83:f0:a4:34:d7:2c:10:8f:8e:4c:96:ad:5b:ec:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Mar  6 05:47:10 2025 GMT
            Not After : Mar  5 05:52:10 2026 GMT
        Subject: CN=16FC1D831B5C3F72C3247C8CEB1CBC83947028BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7e:1c:61:f5:93:87:78:4b:68:ef:87:dc:da:
                    e9:aa:69:81:6d:81:23:37:bb:b0:3d:10:39:fc:00:
                    85:95:50:af:bc:6d:c5:96:21:a3:76:7d:0f:d8:68:
                    22:23:55:3e:c3:45:dc:6c:bc:ac:9d:a2:9c:44:e6:
                    47:aa:71:54:32:29:94:df:47:33:35:bd:21:21:1c:
                    fd:00:79:ba:d6:32:55:38:8b:3b:f6:ab:cf:0e:cb:
                    4a:22:d5:0c:63:77:a4:03:a0:d3:f1:8c:f1:4a:ed:
                    2c:a5:f5:dc:70:7c:2f:87:9d:b1:f7:29:62:21:45:
                    61:1d:b4:3a:07:f4:90:78:a9:f5:4d:19:ec:9b:0f:
                    5b:d8:59:a3:76:46:cd:89:87:61:24:95:fd:3b:3b:
                    06:b7:39:69:af:eb:9c:66:1e:b3:ab:a6:cc:00:6a:
                    e8:55:08:f7:1d:73:1f:bd:fc:54:f6:07:b8:e4:7a:
                    70:77:e2:35:b0:78:d4:db:f7:ba:e4:b9:b5:f5:00:
                    34:93:75:62:79:43:6a:97:2b:5c:4a:31:c5:d9:f9:
                    5c:25:81:2d:2b:d0:39:49:36:4f:69:77:95:7d:5e:
                    b8:7f:23:05:0e:d4:e3:42:9c:2e:08:2c:e1:32:cc:
                    53:f6:26:7d:dc:42:dc:f8:21:3f:c4:b9:66:8f:3e:
                    3e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:FC:1D:83:1B:5C:3F:72:C3:24:7C:8C:EB:1C:BC:83:94:70:28:BF
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3132382e3232302e302f32322d3332203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:e8:d0:6d:30:71:e6:0c:6f:96:74:b1:b2:8f:68:c1:ba:ea:
         24:32:62:dd:09:d9:a8:4f:89:76:4d:e7:46:57:8c:9b:6a:d0:
         f1:95:bd:f2:cb:d5:0a:ee:4f:a9:99:5a:1e:ac:e1:cc:88:e7:
         99:3b:df:ef:7f:46:a6:1b:a9:c9:91:ff:13:97:66:89:5c:39:
         f7:2d:17:55:26:b9:56:03:e6:83:55:7c:16:2b:59:0c:2b:d7:
         60:fd:7c:c4:0c:06:29:5e:65:78:52:48:d4:24:5b:f6:34:eb:
         97:0f:ef:c1:c7:c1:66:13:b5:4f:ee:a8:fe:d9:20:b4:81:e7:
         a2:ae:49:0a:3e:ae:dc:e3:52:23:de:58:77:f0:8a:90:21:bd:
         d6:f2:52:d4:2d:5b:d7:eb:72:23:0c:41:13:0b:00:c3:93:94:
         a3:5a:a5:c1:e1:b3:67:12:26:cd:bd:e8:cf:27:27:aa:80:fd:
         c4:f0:99:60:a6:db:cc:26:63:e1:38:11:58:fb:42:7a:a8:67:
         82:b5:23:52:51:ad:1d:5b:13:3a:af:b6:a0:e2:c4:38:ec:a0:
         92:73:ae:8a:89:15:f7:b0:a8:51:11:c9:db:a1:36:17:2a:31:
         48:57:b1:9b:18:3d:01:39:f6:81:21:62:66:03:70:ee:c8:e1:
         f5:37:b6:a3
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUEQzMfhGD8KQ01ywQj45Mlq1b7FswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTAzMDYwNTQ3MTBaFw0yNjAzMDUwNTUyMTBaMDMxMTAvBgNV
BAMTKDE2RkMxRDgzMUI1QzNGNzJDMzI0N0M4Q0VCMUNCQzgzOTQ3MDI4QkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzfhxh9ZOHeEto74fc2umqaYFt
gSM3u7A9EDn8AIWVUK+8bcWWIaN2fQ/YaCIjVT7DRdxsvKydopxE5keqcVQyKZTf
RzM1vSEhHP0AebrWMlU4izv2q88Oy0oi1Qxjd6QDoNPxjPFK7Syl9dxwfC+HnbH3
KWIhRWEdtDoH9JB4qfVNGeybD1vYWaN2Rs2Jh2Eklf07Owa3OWmv65xmHrOrpswA
auhVCPcdcx+9/FT2B7jkenB34jWweNTb97rkubX1ADSTdWJ5Q2qXK1xKMcXZ+Vwl
gS0r0DlJNk9pd5V9Xrh/IwUO1ONCnC4ILOEyzFP2Jn3cQtz4IT/EuWaPPj5vAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUFvwdgxtcP3LDJHyM6xy8g5RwKL8wHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzMjM4MmUzMjMyMzAyZTMwMmYzMjMyMmQzMzMyMjAzZDNlMjAzMzMyMzEz
NC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAi2A3DANBgkqhkiG9w0BAQsFAAOCAQEAf+jQbTBx5gxvlnSx
so9owbrqJDJi3QnZqE+Jdk3nRleMm2rQ8ZW98svVCu5PqZlaHqzhzIjnmTvf739G
phupyZH/E5dmiVw59y0XVSa5VgPmg1V8FitZDCvXYP18xAwGKV5leFJI1CRb9jTr
lw/vwcfBZhO1T+6o/tkgtIHnoq5JCj6u3ONSI95Yd/CKkCG91vJS1C1b1+tyIwxB
EwsAw5OUo1qlweGzZxImzb3ozycnqoD9xPCZYKbbzCZj4TgRWPtCeqhngrUjUlGt
HVsTOq+2oOLEOOygknOuiokV97CoURHJ26E2FyoxSFexmxg9ATn2gSFiZgNw7sjh
9Te2ow==
-----END CERTIFICATE-----