Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a363a3a2f33322d3438203d3e2038383838.roa
File:                     326131313a363a3a2f33322d3438203d3e2038383838.roa (raw, json)
Hash identifier:          CzjVALYVQwCArbR6Y3mgT7JcEckP6arKuLIST+1w708=
Subject key identifier:   D6:5E:21:56:68:96:DC:A5:1A:F6:3B:46:7D:F6:58:AE:CA:74:B3:3A
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       2B1721A20463250C079010843A5A48CE1A44C4E0
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a363a3a2f33322d3438203d3e2038383838.roa
Signing time:             Fri 22 Sep 2023 10:19:44 +0000
ROA not before:           Fri 22 Sep 2023 10:14:44 +0000
ROA not after:            Fri 20 Sep 2024 10:19:44 +0000
asID:                     8888
IP address blocks:        2a11:6::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:17:21:a2:04:63:25:0c:07:90:10:84:3a:5a:48:ce:1a:44:c4:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Sep 22 10:14:44 2023 GMT
            Not After : Sep 20 10:19:44 2024 GMT
        Subject: CN=D65E21566896DCA51AF63B467DF658AECA74B33A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:73:05:1c:66:a9:d3:59:86:8f:a8:14:ee:a6:
                    59:6f:ea:c0:0a:82:d0:63:41:17:40:d0:19:50:f8:
                    d3:07:78:21:fe:07:f7:3a:ce:15:9d:18:d0:d1:71:
                    77:ac:00:e9:c3:b5:40:cd:8b:ce:bd:10:55:02:9f:
                    a6:bf:54:dd:df:47:0d:b6:e9:27:c2:88:41:e5:91:
                    1e:24:00:46:f5:82:15:1c:25:91:c7:33:70:b4:72:
                    54:3d:29:c1:1f:ba:36:f3:b2:fb:9c:8f:53:f0:2f:
                    df:44:e9:27:94:11:36:3d:85:d2:08:ce:32:a5:b0:
                    c3:bc:82:06:41:cc:8c:50:97:80:92:92:68:30:6a:
                    f1:c7:43:43:da:c6:59:42:4f:6c:c1:41:4c:3f:01:
                    18:8e:2b:e2:cd:74:ca:d8:b7:99:e1:46:7b:54:9a:
                    aa:94:21:c9:ba:59:bf:58:7b:84:48:d6:79:95:18:
                    61:0c:6a:68:b4:6f:31:c1:b3:07:e4:cf:9f:5f:68:
                    2c:23:cb:51:3c:ca:67:e7:f2:ba:8c:27:ae:ad:0c:
                    fa:4a:05:a3:5c:ce:84:d3:c8:12:ed:87:93:cc:0a:
                    6d:0a:47:b9:26:69:0e:2a:71:b0:95:0c:6e:d9:9a:
                    12:c3:ed:6e:d7:7e:29:ea:c9:32:61:0c:c1:51:d3:
                    37:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:5E:21:56:68:96:DC:A5:1A:F6:3B:46:7D:F6:58:AE:CA:74:B3:3A
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a363a3a2f33322d3438203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:6::/32

    Signature Algorithm: sha256WithRSAEncryption
         bc:0d:92:61:84:bc:ee:4b:65:f4:20:5e:cb:95:f4:94:a2:e2:
         67:ea:36:74:38:82:bd:32:3a:43:bc:1c:39:c3:91:10:f6:4a:
         4c:7d:bf:1a:f5:7a:1f:0d:b9:62:dc:7d:b7:d4:c9:2c:5a:c6:
         de:27:d0:92:72:52:9b:35:fa:25:9a:13:30:b8:a1:4e:9e:c9:
         87:e8:c4:ae:7a:bb:a4:2d:fe:98:da:c2:ad:84:21:70:17:6e:
         28:00:d8:46:5a:24:00:d9:cf:d5:c1:d3:b6:3a:ba:ed:6e:5b:
         86:27:03:9b:37:68:04:cc:22:0d:4d:45:e4:c4:c4:98:cd:05:
         9a:52:cc:71:0b:0f:9a:df:2a:a4:3e:f3:95:b7:20:4d:60:32:
         0e:17:4d:4f:d3:0a:4b:d5:23:85:be:47:7e:6e:9c:74:99:97:
         52:e4:b0:25:22:57:29:74:57:48:da:ce:12:e0:76:67:03:92:
         aa:33:bc:1e:4a:53:b4:ac:a7:74:5e:66:c2:2b:52:c8:ed:48:
         06:c9:99:20:0e:28:3a:3b:52:e8:89:58:b9:74:d7:e4:41:cf:
         e9:d5:de:67:bb:49:1e:8e:ac:78:05:a8:02:a1:db:29:0a:c3:
         c5:5a:96:3a:d2:de:34:ff:32:0a:1c:17:95:91:93:0d:ea:e5:
         7f:49:1f:c9
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIUKxchogRjJQwHkBCEOlpIzhpExOAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yMzA5MjIxMDE0NDRaFw0yNDA5MjAxMDE5NDRaMDMxMTAvBgNV
BAMTKEQ2NUUyMTU2Njg5NkRDQTUxQUY2M0I0NjdERjY1OEFFQ0E3NEIzM0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrcwUcZqnTWYaPqBTupllv6sAK
gtBjQRdA0BlQ+NMHeCH+B/c6zhWdGNDRcXesAOnDtUDNi869EFUCn6a/VN3fRw22
6SfCiEHlkR4kAEb1ghUcJZHHM3C0clQ9KcEfujbzsvucj1PwL99E6SeUETY9hdII
zjKlsMO8ggZBzIxQl4CSkmgwavHHQ0PaxllCT2zBQUw/ARiOK+LNdMrYt5nhRntU
mqqUIcm6Wb9Ye4RI1nmVGGEMami0bzHBswfkz59faCwjy1E8ymfn8rqMJ66tDPpK
BaNczoTTyBLth5PMCm0KR7kmaQ4qcbCVDG7ZmhLD7W7XfinqyTJhDMFR0zeHAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQU1l4hVmiW3KUa9jtGffZYrsp0szowHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwYwYIKwYBBQUH
AQsEVzBVMFMGCCsGAQUFBzALhkdyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzNjNhM2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKhEABjANBgkqhkiG9w0BAQsFAAOCAQEAvA2SYYS87ktl9CBey5X0lKLiZ+o2
dDiCvTI6Q7wcOcOREPZKTH2/GvV6Hw25Ytx9t9TJLFrG3ifQknJSmzX6JZoTMLih
Tp7Jh+jErnq7pC3+mNrCrYQhcBduKADYRlokANnP1cHTtjq67W5bhicDmzdoBMwi
DU1F5MTEmM0FmlLMcQsPmt8qpD7zlbcgTWAyDhdNT9MKS9Ujhb5Hfm6cdJmXUuSw
JSJXKXRXSNrOEuB2ZwOSqjO8HkpTtKyndF5mwitSyO1IBsmZIA4oOjtS6IlYuXTX
5EHP6dXeZ7tJHo6seAWoAqHbKQrDxVqWOtLeNP8yChwXlZGTDerlf0kfyQ==
-----END CERTIFICATE-----