Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/37/326131323a663463303a3a2f32392d3438203d3e20323130343334.roa
File:                     326131323a663463303a3a2f32392d3438203d3e20323130343334.roa (raw, json)
Hash identifier:          E0q6+eqPPybjkHZYG/wBE8PIQy91kIZk4jWW2ULyuvE=
Subject key identifier:   F9:65:D3:DF:E6:CF:F2:3E:2A:29:6D:6E:C8:3A:56:0F:35:35:55:9D
Certificate issuer:       /CN=c8af62a54d23ce118fceb4a95e614c0b1df60351
Certificate serial:       668F2C7C6773622BA8C219AAFE1CE82557A1288C
Authority key identifier: C8:AF:62:A5:4D:23:CE:11:8F:CE:B4:A9:5E:61:4C:0B:1D:F6:03:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer
Subject info access:      rsync://0.sb/repo/sb/37/326131323a663463303a3a2f32392d3438203d3e20323130343334.roa
Signing time:             Fri 22 Sep 2023 10:19:36 +0000
ROA not before:           Fri 22 Sep 2023 10:14:36 +0000
ROA not after:            Fri 20 Sep 2024 10:19:36 +0000
asID:                     210434
IP address blocks:        2a12:f4c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.crl
                          rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 20:23:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:8f:2c:7c:67:73:62:2b:a8:c2:19:aa:fe:1c:e8:25:57:a1:28:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8af62a54d23ce118fceb4a95e614c0b1df60351
        Validity
            Not Before: Sep 22 10:14:36 2023 GMT
            Not After : Sep 20 10:19:36 2024 GMT
        Subject: CN=F965D3DFE6CFF23E2A296D6EC83A560F3535559D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:23:57:17:0f:2e:88:f9:26:ae:56:21:7d:68:
                    b0:de:61:83:48:8e:39:39:8f:a1:f0:c7:ba:cc:35:
                    61:38:cc:a5:af:e0:23:3b:a5:ac:70:1b:e3:19:3a:
                    29:89:bb:28:10:e6:a7:a8:98:ff:77:90:e4:1b:28:
                    5b:40:26:ec:35:43:15:db:44:16:e6:ad:58:04:cf:
                    40:56:d6:2f:80:76:98:f7:d6:a9:ff:a1:e9:6b:00:
                    67:fd:d6:6e:22:b1:30:42:cd:cc:6a:d7:f9:bc:1a:
                    0a:0e:f3:da:3d:02:a3:75:7e:d6:a5:5e:a6:64:4c:
                    50:47:02:63:11:dd:64:6a:6d:68:80:91:fc:de:68:
                    c1:89:ec:c3:cf:f9:da:f8:50:b2:4e:86:ed:8b:01:
                    d4:d4:f7:ba:38:d4:45:8d:31:a6:be:71:2b:5e:32:
                    45:35:ac:53:36:6b:dd:9e:4b:31:a8:01:92:2b:5f:
                    ec:d3:e1:5f:4f:51:c5:e5:d5:1c:a6:11:01:fd:16:
                    9f:f3:d2:75:5b:0e:e9:c8:06:b3:b9:eb:4a:62:27:
                    1a:b3:0b:e1:dc:79:b4:10:4e:d6:1e:c5:f0:49:63:
                    23:dc:51:5e:1d:f1:5a:b2:22:cb:2a:90:8a:69:86:
                    d1:7e:84:50:20:71:60:95:54:d0:a0:8e:66:82:7c:
                    7b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:65:D3:DF:E6:CF:F2:3E:2A:29:6D:6E:C8:3A:56:0F:35:35:55:9D
            X509v3 Authority Key Identifier:
                keyid:C8:AF:62:A5:4D:23:CE:11:8F:CE:B4:A9:5E:61:4C:0B:1D:F6:03:51

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/37/326131323a663463303a3a2f32392d3438203d3e20323130343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:f9:41:5c:31:23:26:7b:e9:e9:e1:c9:c7:2e:c6:3e:ff:82:
         9c:c2:40:fc:e7:3f:24:e8:7a:a1:10:80:72:bf:cb:16:56:09:
         b1:57:bb:be:90:5f:ce:fb:3d:07:d4:f5:5a:1a:40:c9:2a:08:
         be:8b:e3:22:4e:d3:d8:a2:6c:94:4e:e9:59:31:7c:0b:17:21:
         9b:7b:8d:d4:bf:11:ac:f1:e4:c3:96:f8:84:47:79:d1:d6:e2:
         43:1c:b2:81:15:dc:97:00:85:19:51:2c:ed:42:0b:90:39:ff:
         ed:57:f2:b0:54:8d:53:47:21:61:19:e5:4a:3a:57:3d:fa:57:
         9c:e2:17:d0:14:be:9e:34:00:af:31:ef:a4:19:9a:c1:f6:23:
         89:62:dd:59:7d:b8:34:11:21:1f:f8:99:ea:53:f0:fb:e7:31:
         70:26:20:2b:6b:69:cd:a1:a9:05:16:b9:93:f9:dd:46:81:5a:
         f7:c0:4c:70:da:4b:33:d9:ac:9f:53:6f:56:5a:4c:e5:b2:c7:
         35:be:44:ac:1e:f6:db:1d:83:9f:7a:47:bd:c8:0e:f6:fb:84:
         b8:35:96:4c:78:f3:9b:b1:68:fe:79:ce:bf:a7:bb:3b:d4:03:
         eb:87:34:88:d6:b2:34:54:38:78:e6:09:21:4a:67:7b:75:c0:
         af:d9:a2:33
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIUZo8sfGdzYiuowhmq/hzoJVehKIwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzhhZjYyYTU0ZDIzY2UxMThmY2ViNGE5NWU2MTRjMGIx
ZGY2MDM1MTAeFw0yMzA5MjIxMDE0MzZaFw0yNDA5MjAxMDE5MzZaMDMxMTAvBgNV
BAMTKEY5NjVEM0RGRTZDRkYyM0UyQTI5NkQ2RUM4M0E1NjBGMzUzNTU1OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWI1cXDy6I+SauViF9aLDeYYNI
jjk5j6Hwx7rMNWE4zKWv4CM7paxwG+MZOimJuygQ5qeomP93kOQbKFtAJuw1QxXb
RBbmrVgEz0BW1i+Adpj31qn/oelrAGf91m4isTBCzcxq1/m8GgoO89o9AqN1ftal
XqZkTFBHAmMR3WRqbWiAkfzeaMGJ7MPP+dr4ULJOhu2LAdTU97o41EWNMaa+cSte
MkU1rFM2a92eSzGoAZIrX+zT4V9PUcXl1RymEQH9Fp/z0nVbDunIBrO560piJxqz
C+HcebQQTtYexfBJYyPcUV4d8VqyIssqkIpphtF+hFAgcWCVVNCgjmaCfHvPAgMB
AAGjggG9MIIBuTAdBgNVHQ4EFgQU+WXT3+bP8j4qKW1uyDpWDzU1VZ0wHwYDVR0j
BBgwFoAUyK9ipU0jzhGPzrSpXmFMCx32A1EwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzM3L0M4QUY2MkE1NEQy
M0NFMTE4RkNFQjRBOTVFNjE0QzBCMURGNjAzNTEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC95SzlpcFUwanpoR1B6clNwWG1GTUN4MzJBMUUuY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzcvMzI2
MTMxMzIzYTY2MzQ2MzMwM2EzYTJmMzIzOTJkMzQzODIwM2QzZTIwMzIzMTMwMzQz
MzM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/
BBEwDzANBAIAAjAHAwUDKhL0wDANBgkqhkiG9w0BAQsFAAOCAQEAWvlBXDEjJnvp
6eHJxy7GPv+CnMJA/Oc/JOh6oRCAcr/LFlYJsVe7vpBfzvs9B9T1WhpAySoIvovj
Ik7T2KJslE7pWTF8Cxchm3uN1L8RrPHkw5b4hEd50dbiQxyygRXclwCFGVEs7UIL
kDn/7VfysFSNU0chYRnlSjpXPfpXnOIX0BS+njQArzHvpBmawfYjiWLdWX24NBEh
H/iZ6lPw++cxcCYgK2tpzaGpBRa5k/ndRoFa98BMcNpLM9msn1NvVlpM5bLHNb5E
rB722x2Dn3pHvcgO9vuEuDWWTHjzm7Fo/nnOv6e7O9QD64c0iNayNFQ4eOYJIUpn
e3XAr9miMw==
-----END CERTIFICATE-----