Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a343a3a2f33322d3438203d3e2038383838.roa
File:                     326131313a343a3a2f33322d3438203d3e2038383838.roa (raw, json)
Hash identifier:          BYY56AoRrxgnLm9I6DXnIMbVDNZjzGgx+KhPNmJwQo4=
Subject key identifier:   40:E6:E2:FF:61:53:2B:00:00:4E:6A:1F:A1:A3:3F:BA:FA:80:04:8D
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       6AB87F21657E2ADDC9FBA4F5ED78F4A349EAF009
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a343a3a2f33322d3438203d3e2038383838.roa
Signing time:             Fri 23 Aug 2024 10:47:05 +0000
ROA not before:           Fri 23 Aug 2024 10:42:05 +0000
ROA not after:            Fri 22 Aug 2025 10:47:05 +0000
asID:                     8888
IP address blocks:        2a11:4::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:b8:7f:21:65:7e:2a:dd:c9:fb:a4:f5:ed:78:f4:a3:49:ea:f0:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Aug 23 10:42:05 2024 GMT
            Not After : Aug 22 10:47:05 2025 GMT
        Subject: CN=40E6E2FF61532B00004E6A1FA1A33FBAFA80048D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:55:e4:cb:9d:1e:62:a8:3c:cc:83:5a:fc:29:
                    df:ce:0a:1b:49:52:e1:ea:e2:1c:2c:d8:58:ac:1c:
                    b6:25:c3:e4:7d:ca:1d:d7:d2:57:34:69:f1:7b:06:
                    dc:d3:14:c2:73:e8:c8:91:07:23:21:1c:b1:09:0f:
                    ea:37:a5:e0:03:10:fc:d9:30:7d:b3:01:51:73:a5:
                    b9:f1:3f:a9:43:24:73:09:6b:92:83:4d:a5:a9:9f:
                    ee:5c:e1:81:f9:44:15:a3:e9:c8:98:21:84:0a:6b:
                    22:2a:11:98:78:cd:df:55:5b:0b:ab:ac:8d:13:f0:
                    07:6d:d1:2a:fc:25:13:4d:f6:37:5e:18:cf:85:e3:
                    91:27:12:b1:c3:01:ab:af:1a:cb:2f:03:2c:2c:0a:
                    04:be:4b:d2:ef:4d:09:33:88:cc:39:4c:de:09:f2:
                    db:26:01:d3:16:59:1e:1a:cd:19:47:1a:ae:87:01:
                    e6:c0:b9:23:d1:b5:da:19:b1:27:da:a2:5c:43:3e:
                    40:d3:67:58:1e:ec:75:78:bf:98:07:a4:05:20:8c:
                    aa:31:9b:26:77:8f:a7:8d:35:5f:01:3a:8b:d2:2a:
                    9d:11:4e:31:0a:2d:e3:31:f6:bd:07:c4:3c:a9:5e:
                    19:76:30:bf:91:9d:bb:ce:b2:b4:84:dc:2c:6a:c8:
                    4d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:E6:E2:FF:61:53:2B:00:00:4E:6A:1F:A1:A3:3F:BA:FA:80:04:8D
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a343a3a2f33322d3438203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:a2:b3:8b:30:e5:9b:28:84:ea:1a:8a:7b:db:aa:f5:04:a5:
         45:4a:ba:53:38:47:45:c4:57:e1:c5:5d:e7:ed:d3:ea:cd:4f:
         ea:1c:ed:a8:2d:bc:da:55:24:07:fe:7f:fd:19:06:3a:4b:6c:
         0f:2a:99:1d:9d:97:96:7b:a6:c5:6c:bc:68:d5:d7:34:3c:3e:
         d0:d1:11:30:0c:73:17:2b:db:3b:a2:2f:32:b6:05:f0:bd:4d:
         38:f3:ec:2a:e6:58:46:81:7e:9f:71:75:95:50:a2:2b:51:a0:
         a7:e5:4f:57:4f:80:30:50:24:a2:e8:e5:76:5c:31:8c:6f:23:
         81:8e:e9:3f:3b:58:80:fd:cd:61:31:c8:22:06:17:d0:01:30:
         eb:05:7c:9f:70:d4:04:2a:e8:85:54:0c:be:b4:2f:fd:d6:02:
         22:ab:79:b1:8f:71:71:8f:64:e1:87:f5:c5:4d:33:35:3a:cf:
         4d:3c:a6:7d:52:cd:6d:71:c3:fd:51:c5:f8:fe:3e:cc:3d:ca:
         8d:f8:93:fa:f8:71:29:71:ec:dc:98:1b:8e:07:00:c7:2d:ce:
         34:fe:15:a2:ae:61:47:3a:a2:ce:a4:4c:0c:8f:62:12:35:d0:
         a1:28:b9:d9:8a:1e:55:9f:12:3e:fe:c8:6f:c2:2e:02:7d:a8:
         8c:90:e0:69
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIUarh/IWV+Kt3J+6T17Xj0o0nq8AkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yNDA4MjMxMDQyMDVaFw0yNTA4MjIxMDQ3MDVaMDMxMTAvBgNV
BAMTKDQwRTZFMkZGNjE1MzJCMDAwMDRFNkExRkExQTMzRkJBRkE4MDA0OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEVeTLnR5iqDzMg1r8Kd/OChtJ
UuHq4hws2FisHLYlw+R9yh3X0lc0afF7BtzTFMJz6MiRByMhHLEJD+o3peADEPzZ
MH2zAVFzpbnxP6lDJHMJa5KDTaWpn+5c4YH5RBWj6ciYIYQKayIqEZh4zd9VWwur
rI0T8Adt0Sr8JRNN9jdeGM+F45EnErHDAauvGssvAywsCgS+S9LvTQkziMw5TN4J
8tsmAdMWWR4azRlHGq6HAebAuSPRtdoZsSfaolxDPkDTZ1ge7HV4v5gHpAUgjKox
myZ3j6eNNV8BOovSKp0RTjEKLeMx9r0HxDypXhl2ML+RnbvOsrSE3CxqyE3dAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQUQObi/2FTKwAATmofoaM/uvqABI0wHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwYwYIKwYBBQUH
AQsEVzBVMFMGCCsGAQUFBzALhkdyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzNDNhM2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKhEABDANBgkqhkiG9w0BAQsFAAOCAQEAiqKzizDlmyiE6hqKe9uq9QSlRUq6
UzhHRcRX4cVd5+3T6s1P6hztqC282lUkB/5//RkGOktsDyqZHZ2XlnumxWy8aNXX
NDw+0NERMAxzFyvbO6IvMrYF8L1NOPPsKuZYRoF+n3F1lVCiK1Ggp+VPV0+AMFAk
oujldlwxjG8jgY7pPztYgP3NYTHIIgYX0AEw6wV8n3DUBCrohVQMvrQv/dYCIqt5
sY9xcY9k4Yf1xU0zNTrPTTymfVLNbXHD/VHF+P4+zD3KjfiT+vhxKXHs3JgbjgcA
xy3ONP4Voq5hRzqizqRMDI9iEjXQoSi52YoeVZ8SPv7Ib8IuAn2ojJDgaQ==
-----END CERTIFICATE-----