Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a373a3a2f33322d3438203d3e2038383838.roa
File:                     326131313a373a3a2f33322d3438203d3e2038383838.roa (raw, json)
Hash identifier:          CD2wxjYSfRPVv1P3NM9gPcAzfmPv7Txt4DQakbWTg6k=
Subject key identifier:   E0:1A:7D:67:C5:0B:F6:05:03:44:10:01:C4:7C:6C:3B:49:2A:B8:60
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       75B7B22A71AB52013962C388E9D748BA6691CF4E
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a373a3a2f33322d3438203d3e2038383838.roa
Signing time:             Fri 23 Aug 2024 10:47:05 +0000
ROA not before:           Fri 23 Aug 2024 10:42:05 +0000
ROA not after:            Fri 22 Aug 2025 10:47:05 +0000
asID:                     8888
IP address blocks:        2a11:7::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:b7:b2:2a:71:ab:52:01:39:62:c3:88:e9:d7:48:ba:66:91:cf:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Aug 23 10:42:05 2024 GMT
            Not After : Aug 22 10:47:05 2025 GMT
        Subject: CN=E01A7D67C50BF60503441001C47C6C3B492AB860
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:84:3b:f9:bf:aa:1b:19:31:16:4a:0b:8d:41:
                    08:3a:7e:b3:dd:a3:5d:fa:b6:2a:20:99:47:41:69:
                    9f:9c:46:0a:64:11:a4:c4:39:09:b3:c8:17:bd:c0:
                    97:f7:a5:f5:b9:31:24:bc:ef:ec:b6:aa:e9:04:bc:
                    6c:21:44:d8:ce:54:4e:53:c7:29:71:30:ca:eb:09:
                    a8:f9:8e:86:df:de:58:73:3e:21:dd:2f:c6:75:c0:
                    3c:aa:df:90:44:28:65:c1:7c:79:92:49:4a:42:1a:
                    2f:a6:3f:35:1c:cc:0b:a4:46:03:a4:0f:ed:2c:9a:
                    70:79:b6:ff:67:08:ce:b4:45:a5:9c:6c:ee:05:93:
                    6f:7e:2a:b7:54:05:b1:0f:e6:5d:9a:43:3c:f9:a7:
                    25:3d:a4:ca:90:7a:f0:ca:b9:fa:a2:95:27:54:e3:
                    06:2a:b3:76:e2:04:b2:05:b4:c3:44:8b:64:15:2e:
                    29:a2:0e:18:31:bc:fd:53:cf:91:44:e4:18:5d:ea:
                    bb:90:0a:8d:47:35:e1:bd:93:de:a4:8f:66:13:28:
                    6d:a4:35:23:d9:99:17:1c:3e:ee:8b:7b:11:dc:6f:
                    27:73:ce:e9:6f:d6:d5:3e:7d:42:39:fb:2d:79:2e:
                    e8:a8:1b:fb:73:9e:7d:56:f4:77:a9:58:4d:d6:82:
                    e8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:1A:7D:67:C5:0B:F6:05:03:44:10:01:C4:7C:6C:3B:49:2A:B8:60
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a373a3a2f33322d3438203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:00:d8:18:e1:50:7d:bd:54:9e:b7:b4:81:c1:9d:09:72:2b:
         50:66:0b:e8:6b:e5:7c:62:46:0c:9d:99:f0:ac:6b:ea:8f:a0:
         2f:23:73:46:d9:4f:f5:eb:65:17:78:a2:24:fc:4f:13:5d:ce:
         66:32:7f:a4:b0:33:83:55:02:5c:58:4e:2c:ed:2d:42:fe:4c:
         93:c9:90:9a:11:f5:eb:e9:af:5b:05:d8:02:da:f1:29:ff:90:
         c9:75:d6:f9:34:97:e4:0e:c0:03:e1:19:73:70:a2:68:eb:ab:
         cc:84:10:21:b5:36:19:bc:08:f3:3e:2c:57:fe:36:55:73:a8:
         5b:fb:c8:94:5c:7b:bc:6d:0f:e3:f9:bf:78:87:fc:02:7c:14:
         b9:22:25:78:43:18:2f:f2:86:a4:01:aa:dc:a8:ca:a4:ce:a4:
         7e:5d:f2:1f:49:ba:45:f6:51:68:b5:f5:81:0e:86:e7:61:75:
         17:93:98:7c:2f:d4:5e:ab:6b:c2:f1:11:54:6e:22:00:b1:51:
         67:31:29:2e:d2:6d:f1:00:9d:a9:52:51:45:3d:76:e4:5e:5e:
         b5:d9:03:64:0e:b4:bd:1f:6c:f2:4d:cc:55:79:30:f7:e3:79:
         00:f1:fd:05:34:55:62:44:7a:d5:94:9d:ca:2d:f4:15:f0:2b:
         8a:45:1c:65
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIUdbeyKnGrUgE5YsOI6ddIumaRz04wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yNDA4MjMxMDQyMDVaFw0yNTA4MjIxMDQ3MDVaMDMxMTAvBgNV
BAMTKEUwMUE3RDY3QzUwQkY2MDUwMzQ0MTAwMUM0N0M2QzNCNDkyQUI4NjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7hDv5v6obGTEWSguNQQg6frPd
o136tiogmUdBaZ+cRgpkEaTEOQmzyBe9wJf3pfW5MSS87+y2qukEvGwhRNjOVE5T
xylxMMrrCaj5jobf3lhzPiHdL8Z1wDyq35BEKGXBfHmSSUpCGi+mPzUczAukRgOk
D+0smnB5tv9nCM60RaWcbO4Fk29+KrdUBbEP5l2aQzz5pyU9pMqQevDKufqilSdU
4wYqs3biBLIFtMNEi2QVLimiDhgxvP1Tz5FE5Bhd6ruQCo1HNeG9k96kj2YTKG2k
NSPZmRccPu6LexHcbydzzulv1tU+fUI5+y15LuioG/tznn1W9HepWE3WgughAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQU4Bp9Z8UL9gUDRBABxHxsO0kquGAwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwYwYIKwYBBQUH
AQsEVzBVMFMGCCsGAQUFBzALhkdyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzNzNhM2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKhEABzANBgkqhkiG9w0BAQsFAAOCAQEAdQDYGOFQfb1Unre0gcGdCXIrUGYL
6GvlfGJGDJ2Z8Kxr6o+gLyNzRtlP9etlF3iiJPxPE13OZjJ/pLAzg1UCXFhOLO0t
Qv5Mk8mQmhH16+mvWwXYAtrxKf+QyXXW+TSX5A7AA+EZc3CiaOurzIQQIbU2GbwI
8z4sV/42VXOoW/vIlFx7vG0P4/m/eIf8AnwUuSIleEMYL/KGpAGq3KjKpM6kfl3y
H0m6RfZRaLX1gQ6G52F1F5OYfC/UXqtrwvERVG4iALFRZzEpLtJt8QCdqVJRRT12
5F5etdkDZA60vR9s8k3MVXkw9+N5APH9BTRVYkR61ZSdyi30FfArikUcZQ==
-----END CERTIFICATE-----