Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a373a3a2f33322d3438203d3e2038383838.roa
File:                     326131313a373a3a2f33322d3438203d3e2038383838.roa (raw, json)
Hash identifier:          W/xiTUogiEQGwzGYn5HuTbsfsOB/w4ED6uq1XCqxYjw=
Subject key identifier:   A4:F6:80:1C:2F:F8:B4:D7:43:D4:E5:45:4B:48:EA:81:3D:3E:49:0F
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       1A67D63B81D08254E2437C10F2EBE17930826064
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a373a3a2f33322d3438203d3e2038383838.roa
Signing time:             Fri 22 Sep 2023 10:19:44 +0000
ROA not before:           Fri 22 Sep 2023 10:14:44 +0000
ROA not after:            Fri 20 Sep 2024 10:19:44 +0000
asID:                     8888
IP address blocks:        2a11:7::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:67:d6:3b:81:d0:82:54:e2:43:7c:10:f2:eb:e1:79:30:82:60:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Sep 22 10:14:44 2023 GMT
            Not After : Sep 20 10:19:44 2024 GMT
        Subject: CN=A4F6801C2FF8B4D743D4E5454B48EA813D3E490F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bb:b1:c1:55:70:81:4c:ae:2e:a2:45:da:68:
                    d7:9a:3b:f4:02:92:60:fa:18:1f:3b:cc:c8:2c:7d:
                    03:f9:3b:67:51:bd:59:38:90:ee:1f:97:ef:37:31:
                    76:e7:dc:02:67:de:68:00:a1:ca:80:35:b4:bc:13:
                    a6:45:84:25:3a:20:0c:7a:e9:78:4d:ad:ce:ae:9e:
                    0a:b5:26:43:23:fe:88:21:04:18:e5:58:2e:5b:12:
                    8f:b3:f2:93:f9:8e:ad:fe:96:9e:4a:61:8c:9b:8b:
                    2f:4f:9a:eb:2d:3b:67:7e:5b:2b:c4:c3:ae:da:0a:
                    8e:df:dc:d0:73:3d:9e:dd:35:97:18:be:c8:0a:a6:
                    ee:dd:5c:80:28:a9:0f:82:8d:a3:89:1c:c7:a8:92:
                    70:fc:26:60:5c:7f:9e:a2:82:c0:6c:4c:01:20:c0:
                    53:76:9c:2c:15:8f:df:3f:ff:d1:6e:c5:3b:65:05:
                    8a:61:45:ee:df:6a:0f:29:aa:90:a5:4f:99:df:f8:
                    ac:73:fc:99:db:17:fd:42:74:5a:a5:ea:21:aa:66:
                    f0:3c:c5:93:a7:75:4f:55:2e:38:12:89:cb:7b:5e:
                    66:9c:fa:e7:a6:3b:5d:ef:74:2b:ad:54:87:6a:53:
                    30:a9:29:1c:a0:78:65:d2:be:8c:1c:44:70:b8:5c:
                    19:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F6:80:1C:2F:F8:B4:D7:43:D4:E5:45:4B:48:EA:81:3D:3E:49:0F
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a373a3a2f33322d3438203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:5b:03:da:2b:d8:a0:cd:9f:59:4f:2b:5d:75:49:69:82:ed:
         0d:5f:52:9f:55:0f:23:cc:f5:49:0a:be:45:c0:84:26:7e:2b:
         64:59:72:cf:31:18:d0:36:73:e6:70:7e:11:e9:89:f0:e1:28:
         cd:ec:60:e1:eb:94:84:4b:07:a9:46:b5:05:86:29:c3:be:87:
         f2:d0:7e:43:53:b8:68:08:fb:b1:8f:ac:2b:e0:9c:b5:a5:0d:
         82:5f:42:b0:d0:be:5a:fe:4e:fb:98:9d:80:72:b0:16:29:d7:
         b2:b7:4e:d4:7d:94:a2:f9:db:97:81:a3:47:55:cb:91:8f:2e:
         b5:db:01:10:b8:ae:ac:61:10:a3:26:bb:7f:df:d7:a4:02:89:
         67:b1:b6:99:6c:bf:4f:02:c8:f2:84:c9:6b:8f:ed:55:82:b9:
         0c:bc:74:df:62:87:30:f0:1d:a6:ff:6c:47:55:8c:54:06:b6:
         a8:e4:47:8a:4c:99:81:cc:86:54:46:05:aa:74:af:2c:aa:d5:
         d3:45:6e:61:dc:8c:36:8b:2c:52:42:5e:2b:ae:f2:07:5f:f3:
         7f:11:fd:db:14:40:d7:ed:44:b7:8f:a8:b2:a1:ed:02:0f:84:
         51:9d:93:fa:3a:ce:7e:80:11:68:7f:59:02:df:f1:b3:48:b1:
         8b:aa:cb:a2
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIUGmfWO4HQglTiQ3wQ8uvheTCCYGQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yMzA5MjIxMDE0NDRaFw0yNDA5MjAxMDE5NDRaMDMxMTAvBgNV
BAMTKEE0RjY4MDFDMkZGOEI0RDc0M0Q0RTU0NTRCNDhFQTgxM0QzRTQ5MEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClu7HBVXCBTK4uokXaaNeaO/QC
kmD6GB87zMgsfQP5O2dRvVk4kO4fl+83MXbn3AJn3mgAocqANbS8E6ZFhCU6IAx6
6XhNrc6ungq1JkMj/oghBBjlWC5bEo+z8pP5jq3+lp5KYYybiy9PmustO2d+WyvE
w67aCo7f3NBzPZ7dNZcYvsgKpu7dXIAoqQ+CjaOJHMeoknD8JmBcf56igsBsTAEg
wFN2nCwVj98//9FuxTtlBYphRe7fag8pqpClT5nf+Kxz/JnbF/1CdFql6iGqZvA8
xZOndU9VLjgSict7Xmac+uemO13vdCutVIdqUzCpKRygeGXSvowcRHC4XBnDAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQUpPaAHC/4tNdD1OVFS0jqgT0+SQ8wHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwYwYIKwYBBQUH
AQsEVzBVMFMGCCsGAQUFBzALhkdyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzNzNhM2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKhEABzANBgkqhkiG9w0BAQsFAAOCAQEAQFsD2ivYoM2fWU8rXXVJaYLtDV9S
n1UPI8z1SQq+RcCEJn4rZFlyzzEY0DZz5nB+EemJ8OEozexg4euUhEsHqUa1BYYp
w76H8tB+Q1O4aAj7sY+sK+CctaUNgl9CsNC+Wv5O+5idgHKwFinXsrdO1H2Uovnb
l4GjR1XLkY8utdsBELiurGEQoya7f9/XpAKJZ7G2mWy/TwLI8oTJa4/tVYK5DLx0
32KHMPAdpv9sR1WMVAa2qORHikyZgcyGVEYFqnSvLKrV00VuYdyMNossUkJeK67y
B1/zfxH92xRA1+1Et4+osqHtAg+EUZ2T+jrOfoARaH9ZAt/xs0ixi6rLog==
-----END CERTIFICATE-----