Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a333a3a2f33322d3438203d3e2038383838.roa
File:                     326131313a333a3a2f33322d3438203d3e2038383838.roa (raw, json)
Hash identifier:          f6kqNpaouo4IJLz4+TE1CDF9dBY/IV8Tu4wSfLd1JTA=
Subject key identifier:   CC:46:68:2E:F8:86:C7:CB:A7:3D:CC:19:9C:1D:28:06:55:34:77:C6
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       2C3689715FDC3484DE3566FC651A5D5E8E795D4C
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a333a3a2f33322d3438203d3e2038383838.roa
Signing time:             Fri 23 Aug 2024 10:47:04 +0000
ROA not before:           Fri 23 Aug 2024 10:42:04 +0000
ROA not after:            Fri 22 Aug 2025 10:47:04 +0000
asID:                     8888
IP address blocks:        2a11:3::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:36:89:71:5f:dc:34:84:de:35:66:fc:65:1a:5d:5e:8e:79:5d:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Aug 23 10:42:04 2024 GMT
            Not After : Aug 22 10:47:04 2025 GMT
        Subject: CN=CC46682EF886C7CBA73DCC199C1D2806553477C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5b:e6:2e:8b:b5:ef:ad:fe:91:a9:6f:8c:f1:
                    9e:d4:37:05:ec:6b:b7:86:8e:8c:e2:11:f5:db:a2:
                    d1:a6:9c:02:62:12:07:f9:f1:90:d1:2e:13:79:69:
                    8f:f1:85:0d:dc:ac:0f:6f:f9:e6:44:48:25:57:4f:
                    11:de:0b:97:56:f2:f9:b0:0f:40:9d:0b:80:d0:e4:
                    f4:76:a3:63:6e:e7:cc:d4:fc:9d:ee:e6:e5:f3:54:
                    c2:98:bb:54:33:12:1f:94:fb:76:b4:0f:3e:d7:94:
                    2f:6d:27:71:d7:79:a2:4d:13:a0:1d:e6:f1:5a:cc:
                    cf:d2:87:1a:b0:5a:97:66:4f:14:6f:c9:e5:24:26:
                    b3:d3:c2:60:9e:04:8d:81:50:15:a2:65:a1:dc:48:
                    e4:22:39:cb:ae:cb:08:c0:5b:0e:0e:23:cb:58:3f:
                    7c:56:4c:99:01:f2:a6:7b:88:9c:54:c8:81:05:7e:
                    a2:bd:e1:c7:c0:1b:36:19:8a:32:ae:0f:6e:69:3e:
                    4f:d8:d6:54:d0:a9:66:d2:9a:e3:e2:ca:2f:4e:05:
                    9b:7f:41:03:fc:58:a1:cf:f8:5f:53:b7:c6:ec:9d:
                    38:a7:63:d7:37:b8:73:1b:4c:3a:e7:d3:ec:c8:b7:
                    db:71:27:4f:59:c4:9d:64:29:b3:97:48:cd:4d:02:
                    b3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:46:68:2E:F8:86:C7:CB:A7:3D:CC:19:9C:1D:28:06:55:34:77:C6
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a333a3a2f33322d3438203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:3::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:63:43:59:ca:18:e6:40:63:93:7f:72:79:a3:1a:37:f5:f2:
         c9:ab:60:e1:00:31:93:ce:3d:06:41:5a:22:1b:1f:13:c1:af:
         77:68:77:4b:2a:70:23:c6:ba:98:5c:c9:63:43:15:7f:5d:e5:
         0e:83:cd:11:8f:d5:e0:d3:15:bd:d9:8f:77:cc:3a:8a:d4:7e:
         43:c4:fa:f9:9b:2d:3c:19:e1:26:4d:5c:54:09:8f:b6:8c:1f:
         bb:69:be:d9:0b:e2:3c:b9:af:0e:9c:85:7b:bd:0a:bc:62:51:
         35:d1:ed:9b:d8:1f:23:f6:ff:c5:f2:a7:09:ae:3a:20:00:61:
         27:dd:f0:c0:da:eb:5b:f0:86:a5:84:13:28:74:c9:8a:cf:d5:
         31:5c:30:d8:8b:28:9d:de:d0:66:7b:94:08:af:f3:c6:b6:9a:
         f1:f1:5b:5a:90:bc:15:1a:ce:57:6f:c1:be:20:28:c8:a5:84:
         e6:99:ba:16:1d:33:c4:f5:3d:27:df:20:44:9f:f2:df:cb:f9:
         9b:d2:f5:b6:91:63:c8:a0:35:df:7e:30:90:0e:98:6e:76:9b:
         ab:0e:2d:47:05:7e:d9:79:93:11:b7:b9:03:42:93:30:13:4c:
         26:f8:9e:69:90:70:9d:41:66:05:15:54:33:35:a9:8c:2e:2c:
         33:68:93:f9
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIULDaJcV/cNITeNWb8ZRpdXo55XUwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yNDA4MjMxMDQyMDRaFw0yNTA4MjIxMDQ3MDRaMDMxMTAvBgNV
BAMTKENDNDY2ODJFRjg4NkM3Q0JBNzNEQ0MxOTlDMUQyODA2NTUzNDc3QzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/W+Yui7Xvrf6RqW+M8Z7UNwXs
a7eGjoziEfXbotGmnAJiEgf58ZDRLhN5aY/xhQ3crA9v+eZESCVXTxHeC5dW8vmw
D0CdC4DQ5PR2o2Nu58zU/J3u5uXzVMKYu1QzEh+U+3a0Dz7XlC9tJ3HXeaJNE6Ad
5vFazM/ShxqwWpdmTxRvyeUkJrPTwmCeBI2BUBWiZaHcSOQiOcuuywjAWw4OI8tY
P3xWTJkB8qZ7iJxUyIEFfqK94cfAGzYZijKuD25pPk/Y1lTQqWbSmuPiyi9OBZt/
QQP8WKHP+F9Tt8bsnTinY9c3uHMbTDrn0+zIt9txJ09ZxJ1kKbOXSM1NArNvAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQUzEZoLviGx8unPcwZnB0oBlU0d8YwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwYwYIKwYBBQUH
AQsEVzBVMFMGCCsGAQUFBzALhkdyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzMzNhM2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKhEAAzANBgkqhkiG9w0BAQsFAAOCAQEAhWNDWcoY5kBjk39yeaMaN/Xyyatg
4QAxk849BkFaIhsfE8Gvd2h3SypwI8a6mFzJY0MVf13lDoPNEY/V4NMVvdmPd8w6
itR+Q8T6+ZstPBnhJk1cVAmPtowfu2m+2QviPLmvDpyFe70KvGJRNdHtm9gfI/b/
xfKnCa46IABhJ93wwNrrW/CGpYQTKHTJis/VMVww2Isond7QZnuUCK/zxraa8fFb
WpC8FRrOV2/BviAoyKWE5pm6Fh0zxPU9J98gRJ/y38v5m9L1tpFjyKA1334wkA6Y
bnabqw4tRwV+2XmTEbe5A0KTMBNMJvieaZBwnUFmBRVUMzWpjC4sM2iT+Q==
-----END CERTIFICATE-----