Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a353a3a2f33322d3438203d3e2038383838.roa
File:                     326131313a353a3a2f33322d3438203d3e2038383838.roa (raw, json)
Hash identifier:          PBen+R0swS3EqAcXbZpm/npRHePATD8IaAlZax2MqLk=
Subject key identifier:   29:82:CA:C9:7D:92:F8:28:42:0C:BC:3D:B4:90:E7:3D:70:C7:29:51
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       15592224E06221239CC05D6277FFBD446BB7E575
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a353a3a2f33322d3438203d3e2038383838.roa
Signing time:             Fri 23 Aug 2024 10:47:05 +0000
ROA not before:           Fri 23 Aug 2024 10:42:05 +0000
ROA not after:            Fri 22 Aug 2025 10:47:05 +0000
asID:                     8888
IP address blocks:        2a11:5::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:59:22:24:e0:62:21:23:9c:c0:5d:62:77:ff:bd:44:6b:b7:e5:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Aug 23 10:42:05 2024 GMT
            Not After : Aug 22 10:47:05 2025 GMT
        Subject: CN=2982CAC97D92F828420CBC3DB490E73D70C72951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c5:35:d3:a9:2f:60:42:20:cb:06:a8:87:32:
                    f4:e2:63:8f:01:9f:5f:49:eb:48:dc:80:54:f2:85:
                    49:08:58:b6:3f:7b:68:c7:f8:dd:ff:00:77:68:58:
                    24:a7:59:40:7d:8e:88:2c:8b:1e:20:aa:39:89:e1:
                    b6:44:34:4f:cc:0b:30:3a:15:cc:c2:73:31:bd:78:
                    0b:18:ed:db:d9:20:21:86:e0:1e:08:81:0b:25:5b:
                    5a:30:d3:cc:ee:ee:86:ad:af:36:f9:4a:9a:ec:4f:
                    a1:46:10:8b:ae:e1:6b:05:58:44:97:09:bd:3b:44:
                    a0:44:0f:e7:79:81:53:79:f3:d5:99:41:b0:30:db:
                    33:9b:6a:d1:2d:ec:18:3b:57:38:b1:c1:90:a3:92:
                    98:57:b1:ec:7e:55:df:86:a7:8c:a4:b4:1e:5e:12:
                    da:3f:b0:2d:0e:35:ec:8a:93:37:80:b0:2b:6a:9e:
                    05:cf:1a:1e:ce:77:d4:b3:08:78:93:8c:67:e5:0a:
                    6b:3c:c8:14:c7:2a:46:23:e7:b3:de:d4:81:97:02:
                    ad:8d:f0:69:7e:61:dc:f8:f0:85:b1:03:5e:e0:98:
                    6f:ff:29:9c:d7:d6:a1:71:f0:8d:c1:31:0e:ac:35:
                    7d:34:32:fb:85:96:b5:92:f1:38:5f:64:b8:d6:18:
                    1f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:82:CA:C9:7D:92:F8:28:42:0C:BC:3D:B4:90:E7:3D:70:C7:29:51
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a353a3a2f33322d3438203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:12:45:6f:ef:a1:ca:f7:f3:ad:3f:65:8a:51:e9:8f:f7:f5:
         f0:d4:07:d4:e7:7f:24:de:85:8b:13:e7:e9:45:09:e4:de:10:
         03:61:29:ed:d0:68:e0:15:64:70:06:16:23:46:d7:47:e5:35:
         18:19:d8:f7:29:92:1c:23:1e:ef:4e:10:d1:87:35:6e:df:ea:
         c7:73:5e:48:1e:5f:3d:45:03:38:27:29:38:c3:c4:87:cf:fc:
         11:c1:1a:f3:21:c9:b0:f1:ef:af:48:1b:17:59:61:a2:a2:6d:
         77:2c:bf:93:82:43:31:20:42:3e:38:ad:39:ba:d2:60:48:45:
         5d:d0:60:b6:f7:dc:a3:28:20:f2:3e:67:9d:e9:bd:15:98:d1:
         7c:f2:25:9d:dd:02:03:5d:fe:ae:fb:6b:f5:3e:ca:7d:f3:20:
         6e:05:24:42:c4:54:c0:21:84:74:7e:1d:52:9e:c8:3c:5b:7a:
         70:f1:b3:8f:d9:a5:39:8e:13:34:36:0a:20:96:08:8a:6e:c2:
         03:08:94:71:de:7b:93:65:20:27:a6:ea:b3:a5:24:6e:5e:ed:
         a0:95:8e:8b:e5:ed:d8:33:9a:7e:db:1f:51:e9:05:d8:67:6a:
         06:60:20:11:30:21:c2:7c:6f:35:b9:79:91:f7:9e:26:c5:47:
         05:f2:7c:5d
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIUFVkiJOBiISOcwF1id/+9RGu35XUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yNDA4MjMxMDQyMDVaFw0yNTA4MjIxMDQ3MDVaMDMxMTAvBgNV
BAMTKDI5ODJDQUM5N0Q5MkY4Mjg0MjBDQkMzREI0OTBFNzNENzBDNzI5NTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCxTXTqS9gQiDLBqiHMvTiY48B
n19J60jcgFTyhUkIWLY/e2jH+N3/AHdoWCSnWUB9jogsix4gqjmJ4bZENE/MCzA6
FczCczG9eAsY7dvZICGG4B4IgQslW1ow08zu7oatrzb5SprsT6FGEIuu4WsFWESX
Cb07RKBED+d5gVN589WZQbAw2zObatEt7Bg7VzixwZCjkphXsex+Vd+Gp4yktB5e
Eto/sC0ONeyKkzeAsCtqngXPGh7Od9SzCHiTjGflCms8yBTHKkYj57Pe1IGXAq2N
8Gl+Ydz48IWxA17gmG//KZzX1qFx8I3BMQ6sNX00MvuFlrWS8ThfZLjWGB9JAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQUKYLKyX2S+ChCDLw9tJDnPXDHKVEwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwYwYIKwYBBQUH
AQsEVzBVMFMGCCsGAQUFBzALhkdyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzNTNhM2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKhEABTANBgkqhkiG9w0BAQsFAAOCAQEAIxJFb++hyvfzrT9lilHpj/f18NQH
1Od/JN6FixPn6UUJ5N4QA2Ep7dBo4BVkcAYWI0bXR+U1GBnY9ymSHCMe704Q0Yc1
bt/qx3NeSB5fPUUDOCcpOMPEh8/8EcEa8yHJsPHvr0gbF1lhoqJtdyy/k4JDMSBC
PjitObrSYEhFXdBgtvfcoygg8j5nnem9FZjRfPIlnd0CA13+rvtr9T7KffMgbgUk
QsRUwCGEdH4dUp7IPFt6cPGzj9mlOY4TNDYKIJYIim7CAwiUcd57k2UgJ6bqs6Uk
bl7toJWOi+Xt2DOaftsfUekF2GdqBmAgETAhwnxvNbl5kfeeJsVHBfJ8XQ==
-----END CERTIFICATE-----