Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3133332e3131382e302f32342d3234203d3e20323130343239.roa
File:                     34352e3133332e3131382e302f32342d3234203d3e20323130343239.roa (raw, json)
Hash identifier:          mAECkILHVloh0tJ2Y9n01ldlM0BQz3fOcAe3kzz3Jyc=
Subject key identifier:   01:07:71:76:3C:92:A8:3D:13:C5:75:98:89:6B:B9:9B:43:CE:98:C4
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       633CC7F085E13980CE089AD3B0DA90573363E893
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3133332e3131382e302f32342d3234203d3e20323130343239.roa
Signing time:             Mon 29 Apr 2024 10:46:54 +0000
ROA not before:           Mon 29 Apr 2024 10:41:54 +0000
ROA not after:            Mon 28 Apr 2025 10:46:54 +0000
asID:                     210429
IP address blocks:        45.133.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:3c:c7:f0:85:e1:39:80:ce:08:9a:d3:b0:da:90:57:33:63:e8:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Apr 29 10:41:54 2024 GMT
            Not After : Apr 28 10:46:54 2025 GMT
        Subject: CN=010771763C92A83D13C57598896BB99B43CE98C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2b:18:cd:d3:35:d4:d7:d4:ab:a6:76:7b:98:
                    8d:8e:30:64:bf:4f:88:15:65:18:21:cc:8c:48:06:
                    80:fa:e8:5e:23:fb:52:18:5a:3d:32:26:bb:1c:a1:
                    eb:d0:44:cb:ea:38:68:25:cc:be:cd:33:b7:1b:79:
                    2c:32:21:d4:1d:20:cc:af:70:8f:b0:45:db:4a:ee:
                    1f:fb:6f:cb:8d:00:09:2e:fb:6e:8a:1e:ce:2d:39:
                    65:35:c6:39:f9:d8:10:7a:6a:60:3a:56:d2:82:c5:
                    20:79:a3:af:a2:61:ff:a1:af:0c:c9:83:75:25:26:
                    9e:32:a4:dd:c5:48:ea:e6:0f:7c:aa:73:e1:94:e3:
                    5e:c6:42:80:5d:3b:13:f6:92:29:75:49:5c:70:10:
                    9b:8d:df:20:c5:45:f6:87:a0:33:5a:fc:c1:34:ed:
                    40:20:3b:a0:ac:d4:2c:9a:49:75:a6:10:6d:a2:bd:
                    fb:b0:6c:f8:57:e8:c7:f9:4f:cb:5b:2f:97:05:12:
                    62:be:89:0e:49:26:53:6d:bf:a2:6e:54:6d:ed:53:
                    ce:36:59:c0:78:51:eb:cd:19:05:4c:f5:8c:99:3a:
                    da:ee:96:fe:1b:a3:5b:02:2b:49:cd:0d:91:40:fc:
                    16:c5:8e:9d:dc:f2:20:3f:5d:18:23:e3:93:5c:0c:
                    c3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:07:71:76:3C:92:A8:3D:13:C5:75:98:89:6B:B9:9B:43:CE:98:C4
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3133332e3131382e302f32342d3234203d3e20323130343239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:e2:37:32:4e:03:9a:45:c9:98:1a:7a:33:82:61:11:14:73:
         d3:81:f7:32:37:e0:16:54:a7:5f:65:61:23:55:bf:57:54:7f:
         aa:d2:e2:2d:08:86:0d:55:a0:14:62:f8:9d:1b:49:d8:5a:47:
         7d:84:5e:72:cd:7e:fb:8a:b5:67:15:78:b6:a9:fa:d7:17:59:
         7e:ff:08:86:f5:97:8e:61:9a:05:25:15:05:78:5d:7c:ad:7f:
         17:22:2a:64:5e:13:dd:1e:dd:6a:85:6a:7b:e6:66:f1:ab:dd:
         38:ae:8a:23:8c:f2:fe:b8:5c:00:52:e1:e0:9f:f1:86:a4:45:
         0c:b3:e3:4a:9a:7b:db:ee:a0:2c:b5:6e:39:6b:3b:13:e4:5b:
         1e:83:5d:de:29:ac:29:d0:ad:c9:19:93:4f:ee:79:84:59:86:
         aa:e6:dd:29:e5:06:82:25:0f:05:3b:83:95:78:fe:d9:ab:23:
         20:ea:44:85:26:c4:26:5a:c9:3c:49:3e:2f:43:52:61:e1:ca:
         2c:a4:51:8f:f8:42:dd:7c:e5:68:7c:d3:15:f5:47:51:fc:ec:
         02:2e:c2:24:a6:f5:99:82:5b:92:87:d6:c9:ad:50:5b:1b:cd:
         63:6b:93:67:bd:f1:16:f6:30:fe:4f:fd:7c:ca:1c:18:e8:a8:
         8d:04:ea:36
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIUYzzH8IXhOYDOCJrTsNqQVzNj6JMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA0MjkxMDQxNTRaFw0yNTA0MjgxMDQ2NTRaMDMxMTAvBgNV
BAMTKDAxMDc3MTc2M0M5MkE4M0QxM0M1NzU5ODg5NkJCOTlCNDNDRTk4QzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvKxjN0zXU19SrpnZ7mI2OMGS/
T4gVZRghzIxIBoD66F4j+1IYWj0yJrscoevQRMvqOGglzL7NM7cbeSwyIdQdIMyv
cI+wRdtK7h/7b8uNAAku+26KHs4tOWU1xjn52BB6amA6VtKCxSB5o6+iYf+hrwzJ
g3UlJp4ypN3FSOrmD3yqc+GU417GQoBdOxP2kil1SVxwEJuN3yDFRfaHoDNa/ME0
7UAgO6Cs1CyaSXWmEG2ivfuwbPhX6Mf5T8tbL5cFEmK+iQ5JJlNtv6JuVG3tU842
WcB4UevNGQVM9YyZOtrulv4bo1sCK0nNDZFA/BbFjp3c8iA/XRgj45NcDMO1AgMB
AAGjggG+MIIBujAdBgNVHQ4EFgQUAQdxdjySqD0TxXWYiWu5m0POmMQwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMHAGCCsGAQUF
BwELBGQwYjBgBggrBgEFBQcwC4ZUcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzMzMzMmUzMTMxMzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzAz
NDMyMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAAthXYwDQYJKoZIhvcNAQELBQADggEBAGniNzJOA5pF
yZgaejOCYREUc9OB9zI34BZUp19lYSNVv1dUf6rS4i0Ihg1VoBRi+J0bSdhaR32E
XnLNfvuKtWcVeLap+tcXWX7/CIb1l45hmgUlFQV4XXytfxciKmReE90e3WqFanvm
ZvGr3TiuiiOM8v64XABS4eCf8YakRQyz40qae9vuoCy1bjlrOxPkWx6DXd4prCnQ
rckZk0/ueYRZhqrm3SnlBoIlDwU7g5V4/tmrIyDqRIUmxCZayTxJPi9DUmHhyiyk
UY/4Qt185Wh80xX1R1H87AIuwiSm9ZmCW5KH1smtUFsbzWNrk2e98Rb2MP5P/XzK
HBjoqI0E6jY=
-----END CERTIFICATE-----