Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a363a3a2f33322d3438203d3e2038383838.roa
File:                     326131313a363a3a2f33322d3438203d3e2038383838.roa (raw, json)
Hash identifier:          vBYPJx00qLVv8CtqPb97mpTIIbclUXpVmgNdOsiewnw=
Subject key identifier:   EC:5B:6C:03:DD:08:40:3B:06:40:25:58:BF:7F:F6:A2:73:A4:95:86
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       43F8CBD0FEDBEBB5E688366F2F4AB07B7F1BEAB4
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a363a3a2f33322d3438203d3e2038383838.roa
Signing time:             Fri 23 Aug 2024 10:47:04 +0000
ROA not before:           Fri 23 Aug 2024 10:42:04 +0000
ROA not after:            Fri 22 Aug 2025 10:47:04 +0000
asID:                     8888
IP address blocks:        2a11:6::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:f8:cb:d0:fe:db:eb:b5:e6:88:36:6f:2f:4a:b0:7b:7f:1b:ea:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Aug 23 10:42:04 2024 GMT
            Not After : Aug 22 10:47:04 2025 GMT
        Subject: CN=EC5B6C03DD08403B06402558BF7FF6A273A49586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:c9:e9:3e:75:fc:b5:1a:73:4d:a6:a4:53:21:
                    7d:42:36:a9:48:0d:0e:19:f0:82:20:a1:54:6d:ea:
                    90:f0:6b:3c:17:89:1f:f4:2c:49:ef:90:71:ca:db:
                    ee:01:67:d8:80:ca:71:82:0e:12:46:7e:7e:17:0f:
                    1c:37:55:18:ef:0a:17:99:0f:aa:96:4b:4d:e1:f8:
                    5d:a0:98:7f:1b:5f:43:6b:b8:5a:47:ea:df:05:8d:
                    f9:cc:bd:bd:ab:2b:20:03:1c:86:14:cd:2d:d6:bf:
                    87:69:98:7e:6b:7f:b7:6e:b9:fc:ba:c1:87:9a:b6:
                    90:3e:9d:e3:32:e3:a8:39:b8:9f:9e:10:3d:02:1a:
                    bb:31:9a:b3:e2:86:26:6e:df:c9:6e:75:db:eb:67:
                    0d:05:01:88:99:cf:e8:e0:e6:d5:45:d8:7f:97:7d:
                    32:4d:5f:4c:cb:a4:7c:a5:c3:18:5c:2a:68:64:3c:
                    af:de:56:6d:97:cd:af:ea:26:ef:60:38:a8:57:bf:
                    db:9a:a3:17:a0:61:52:3e:eb:70:82:82:64:df:e3:
                    cf:fc:99:fa:07:6d:fe:79:b9:c2:87:34:05:56:4b:
                    33:00:02:18:0d:c6:ba:57:66:83:f6:86:61:3b:eb:
                    0c:c3:02:85:4b:74:b1:39:2a:d4:75:7c:3c:94:53:
                    d6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:5B:6C:03:DD:08:40:3B:06:40:25:58:BF:7F:F6:A2:73:A4:95:86
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a363a3a2f33322d3438203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:6::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:2d:c4:0c:43:96:9d:a5:9e:df:d8:e9:54:5b:de:c6:04:23:
         ab:41:d6:a5:77:ac:e3:e6:b0:1f:35:bc:c7:f6:60:76:d4:31:
         cd:1c:a7:2c:c8:6e:32:55:8b:f7:35:96:4e:24:f0:cd:f6:76:
         02:bf:ab:32:28:0f:52:bd:11:ee:b5:0e:80:a7:25:41:67:75:
         79:75:04:c5:4e:2e:5c:98:1a:9b:3e:2a:7d:9f:f5:05:2f:51:
         d7:92:f5:d4:7c:e0:82:6c:71:c4:f0:29:9f:58:9b:ef:6b:c8:
         e7:e2:ac:e9:e1:ad:db:fc:25:30:3e:e5:f7:4d:2f:4a:78:69:
         40:2a:f0:3f:74:0d:25:86:90:9a:54:79:cd:22:64:8a:50:01:
         4d:cd:9b:85:09:9f:0d:ca:e0:88:e1:39:97:10:48:2f:74:c3:
         09:41:23:f6:1e:1d:06:0b:67:41:76:c1:34:bd:ab:57:b6:b2:
         82:62:63:eb:36:41:89:66:a7:25:3c:6b:42:6e:cd:09:45:35:
         1f:f5:19:0d:20:e6:3e:db:9f:0f:e0:18:26:f0:82:72:5d:c9:
         3d:3e:34:81:89:43:9d:5a:14:66:a0:1b:5c:51:d1:39:82:0c:
         17:93:fd:98:93:7f:97:79:20:66:ca:d4:61:a7:12:53:0f:06:
         8e:cb:95:49
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIUQ/jL0P7b67XmiDZvL0qwe38b6rQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yNDA4MjMxMDQyMDRaFw0yNTA4MjIxMDQ3MDRaMDMxMTAvBgNV
BAMTKEVDNUI2QzAzREQwODQwM0IwNjQwMjU1OEJGN0ZGNkEyNzNBNDk1ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsyek+dfy1GnNNpqRTIX1CNqlI
DQ4Z8IIgoVRt6pDwazwXiR/0LEnvkHHK2+4BZ9iAynGCDhJGfn4XDxw3VRjvCheZ
D6qWS03h+F2gmH8bX0NruFpH6t8FjfnMvb2rKyADHIYUzS3Wv4dpmH5rf7duufy6
wYeatpA+neMy46g5uJ+eED0CGrsxmrPihiZu38luddvrZw0FAYiZz+jg5tVF2H+X
fTJNX0zLpHylwxhcKmhkPK/eVm2Xza/qJu9gOKhXv9uaoxegYVI+63CCgmTf48/8
mfoHbf55ucKHNAVWSzMAAhgNxrpXZoP2hmE76wzDAoVLdLE5KtR1fDyUU9ZDAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQU7FtsA90IQDsGQCVYv3/2onOklYYwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwYwYIKwYBBQUH
AQsEVzBVMFMGCCsGAQUFBzALhkdyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzNjNhM2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKhEABjANBgkqhkiG9w0BAQsFAAOCAQEAkS3EDEOWnaWe39jpVFvexgQjq0HW
pXes4+awHzW8x/ZgdtQxzRynLMhuMlWL9zWWTiTwzfZ2Ar+rMigPUr0R7rUOgKcl
QWd1eXUExU4uXJgamz4qfZ/1BS9R15L11HzggmxxxPApn1ib72vI5+Ks6eGt2/wl
MD7l900vSnhpQCrwP3QNJYaQmlR5zSJkilABTc2bhQmfDcrgiOE5lxBIL3TDCUEj
9h4dBgtnQXbBNL2rV7aygmJj6zZBiWanJTxrQm7NCUU1H/UZDSDmPtufD+AYJvCC
cl3JPT40gYlDnVoUZqAbXFHROYIMF5P9mJN/l3kgZsrUYacSUw8GjsuVSQ==
-----END CERTIFICATE-----