Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a333a3a2f33322d3438203d3e2038383838.roa
File:                     326131313a333a3a2f33322d3438203d3e2038383838.roa (raw, json)
Hash identifier:          3VAInAQMbxff9RItF+z5mGPTlyTzFjs85Hm7aO0A6CI=
Subject key identifier:   41:F2:9A:7C:5F:4A:C9:64:E0:19:96:E7:81:DF:2C:7C:64:05:FE:5B
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       28B5BDF7B42E16955E0B924C4BA88B04C82DAD59
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a333a3a2f33322d3438203d3e2038383838.roa
Signing time:             Fri 22 Sep 2023 10:19:44 +0000
ROA not before:           Fri 22 Sep 2023 10:14:44 +0000
ROA not after:            Fri 20 Sep 2024 10:19:44 +0000
asID:                     8888
IP address blocks:        2a11:3::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:b5:bd:f7:b4:2e:16:95:5e:0b:92:4c:4b:a8:8b:04:c8:2d:ad:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Sep 22 10:14:44 2023 GMT
            Not After : Sep 20 10:19:44 2024 GMT
        Subject: CN=41F29A7C5F4AC964E01996E781DF2C7C6405FE5B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bb:54:4f:78:f7:93:6c:e2:ce:9e:b8:a5:bf:
                    cd:fa:cc:6a:36:0e:d8:c7:67:f0:54:b4:be:e5:c0:
                    44:29:56:4a:26:84:6d:61:bb:32:89:37:3a:9b:40:
                    9b:30:db:ca:09:4b:da:09:66:81:bc:08:da:10:25:
                    c1:d8:71:17:ef:97:2b:97:a5:6a:07:e4:b4:be:69:
                    c6:f7:a6:54:c7:77:0d:e8:88:09:e8:ef:e9:3e:6d:
                    02:e3:53:a6:ed:67:9f:51:b5:72:a4:ca:bc:fe:71:
                    36:b7:3d:43:e0:2c:41:13:76:3b:db:8f:99:ad:2c:
                    3b:3d:db:5d:98:d6:14:c5:e7:f0:a8:3d:d0:f3:3f:
                    bd:12:de:b6:90:81:5b:95:7c:1b:ca:09:85:2f:15:
                    37:13:a6:ca:c5:82:80:12:f9:e1:f9:2b:d5:f1:6c:
                    9c:ff:08:bb:54:3e:52:75:83:48:9e:7e:14:74:bc:
                    dc:00:cd:96:0d:f3:c2:c1:98:da:24:ad:ff:7e:52:
                    55:4c:a1:74:25:ad:e9:0e:a1:e6:08:67:a5:24:33:
                    95:1b:9b:d2:f9:2d:04:34:4e:8c:73:9e:fb:e0:84:
                    fd:2e:54:35:3e:1f:d3:dd:a0:dc:ec:e4:35:c4:0a:
                    a0:e0:76:f7:63:87:76:6c:0e:de:22:e5:6b:30:e4:
                    8f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F2:9A:7C:5F:4A:C9:64:E0:19:96:E7:81:DF:2C:7C:64:05:FE:5B
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a333a3a2f33322d3438203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:3::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:f9:1b:5a:5f:10:40:93:9f:b5:d3:a0:5a:d1:ab:2d:6f:a4:
         a2:23:25:3a:58:0b:0d:30:b4:00:27:12:a2:21:bd:4d:27:99:
         c7:5e:cc:44:6c:00:02:ec:c1:e2:19:c3:13:19:53:64:45:3e:
         3a:68:3e:85:f5:f7:97:33:ca:42:70:9f:37:cb:10:3f:bc:f6:
         ae:c1:de:94:b1:38:5c:43:61:ca:25:c4:a3:e0:6b:b4:bb:1b:
         b7:c6:39:03:99:ae:75:c9:60:9e:9b:34:83:de:c8:d5:43:d9:
         53:8c:82:12:30:62:e0:c9:c8:0c:1c:fa:72:57:ce:58:62:a2:
         4a:41:7f:67:07:fd:08:e8:2b:45:44:d6:2e:6e:a5:65:d1:2a:
         8c:7d:4e:d4:51:3a:bc:5e:22:97:91:34:59:f9:65:ab:d1:ff:
         c4:18:da:90:1a:cb:54:e9:65:fb:89:17:ff:2d:61:80:f5:ce:
         06:c2:a8:28:67:12:c8:8c:f2:04:9a:9f:9c:bf:09:c7:31:85:
         58:96:ac:1f:29:85:a8:37:33:7b:8e:54:e9:5a:1d:4f:e5:0e:
         1a:69:fe:05:4b:e5:54:c2:17:4c:d7:bf:f2:c5:76:5b:76:71:
         34:b8:db:7e:6b:90:61:8b:3d:ce:99:f7:b5:41:eb:d4:70:88:
         8b:4b:0a:23
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIUKLW997QuFpVeC5JMS6iLBMgtrVkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yMzA5MjIxMDE0NDRaFw0yNDA5MjAxMDE5NDRaMDMxMTAvBgNV
BAMTKDQxRjI5QTdDNUY0QUM5NjRFMDE5OTZFNzgxREYyQzdDNjQwNUZFNUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNu1RPePeTbOLOnrilv836zGo2
DtjHZ/BUtL7lwEQpVkomhG1huzKJNzqbQJsw28oJS9oJZoG8CNoQJcHYcRfvlyuX
pWoH5LS+acb3plTHdw3oiAno7+k+bQLjU6btZ59RtXKkyrz+cTa3PUPgLEETdjvb
j5mtLDs9212Y1hTF5/CoPdDzP70S3raQgVuVfBvKCYUvFTcTpsrFgoAS+eH5K9Xx
bJz/CLtUPlJ1g0iefhR0vNwAzZYN88LBmNokrf9+UlVMoXQlrekOoeYIZ6UkM5Ub
m9L5LQQ0ToxznvvghP0uVDU+H9PdoNzs5DXECqDgdvdjh3ZsDt4i5Wsw5I9VAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQUQfKafF9KyWTgGZbngd8sfGQF/lswHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwYwYIKwYBBQUH
AQsEVzBVMFMGCCsGAQUFBzALhkdyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzMzNhM2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKhEAAzANBgkqhkiG9w0BAQsFAAOCAQEAjfkbWl8QQJOftdOgWtGrLW+koiMl
OlgLDTC0ACcSoiG9TSeZx17MRGwAAuzB4hnDExlTZEU+Omg+hfX3lzPKQnCfN8sQ
P7z2rsHelLE4XENhyiXEo+BrtLsbt8Y5A5mudclgnps0g97I1UPZU4yCEjBi4MnI
DBz6clfOWGKiSkF/Zwf9COgrRUTWLm6lZdEqjH1O1FE6vF4il5E0Wfllq9H/xBja
kBrLVOll+4kX/y1hgPXOBsKoKGcSyIzyBJqfnL8JxzGFWJasHymFqDcze45U6Vod
T+UOGmn+BUvlVMIXTNe/8sV2W3ZxNLjbfmuQYYs9zpn3tUHr1HCIi0sKIw==
-----END CERTIFICATE-----