Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a383038303a3a2f32392d3438203d3e20323130383037.roa
File:                     326131313a383038303a3a2f32392d3438203d3e20323130383037.roa (raw, json)
Hash identifier:          NVMySe2HLYrg4fFP29MzlOZJ+96ZFUohrNztdj89DEg=
Subject key identifier:   F7:88:EF:E2:01:8B:38:F0:64:CA:14:CA:2D:FD:02:2B:28:8F:6E:54
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       5B4AF577CDE0270F3E953337EBF42F3DD050BB42
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a383038303a3a2f32392d3438203d3e20323130383037.roa
Signing time:             Tue 23 Jan 2024 06:35:36 +0000
ROA not before:           Tue 23 Jan 2024 06:30:36 +0000
ROA not after:            Tue 21 Jan 2025 06:35:36 +0000
asID:                     210807
IP address blocks:        2a11:8080::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:4a:f5:77:cd:e0:27:0f:3e:95:33:37:eb:f4:2f:3d:d0:50:bb:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Jan 23 06:30:36 2024 GMT
            Not After : Jan 21 06:35:36 2025 GMT
        Subject: CN=F788EFE2018B38F064CA14CA2DFD022B288F6E54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:bb:c4:a8:af:56:c8:41:ed:59:34:06:68:e2:
                    f5:2a:09:d9:95:d6:c4:d2:67:ae:05:43:7f:05:63:
                    e7:76:46:2f:25:21:af:00:a6:7a:e9:e3:c6:93:9a:
                    7a:e1:af:68:60:d4:d6:d8:b7:85:a3:3d:8e:86:29:
                    ef:76:4a:0f:89:2b:5b:30:64:e2:49:96:51:de:0f:
                    95:ce:a4:59:98:e1:9e:61:91:9e:ea:a1:04:a3:d2:
                    32:41:df:f2:65:c6:0a:6c:eb:86:65:fd:ac:78:21:
                    ce:8f:51:e0:34:70:4e:eb:3e:24:9c:58:14:36:67:
                    84:11:72:5c:e0:fd:b2:0a:4d:b7:15:04:a7:e7:90:
                    28:e3:be:26:de:80:91:ab:82:5e:74:4c:b9:d6:d6:
                    db:b0:71:ef:68:ef:13:00:42:a4:90:3c:18:50:58:
                    a0:35:e0:83:53:a7:85:ea:c5:db:16:61:70:3d:c1:
                    b9:7d:88:f2:c5:27:80:66:7c:0f:fd:9e:8b:18:72:
                    e7:91:b8:44:6b:f2:2a:60:e0:c1:f2:59:c0:d6:f3:
                    08:06:73:0b:07:ee:5f:20:47:94:0c:67:07:70:3d:
                    81:9e:5b:c0:aa:91:a9:10:ed:f0:75:c5:b4:5f:86:
                    d3:02:46:25:9e:b1:f8:b8:b0:a3:5b:bb:b0:82:d4:
                    06:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:88:EF:E2:01:8B:38:F0:64:CA:14:CA:2D:FD:02:2B:28:8F:6E:54
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a383038303a3a2f32392d3438203d3e20323130383037.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8080::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:3f:62:cb:18:48:80:3a:f2:aa:9c:89:63:7a:bf:b5:f6:ea:
         ec:4a:29:ae:ff:0d:06:9a:f4:b7:b3:4d:52:f0:d6:8c:4d:b0:
         e7:ac:ca:82:a7:bc:d2:6f:87:00:f3:e5:34:54:19:2f:97:3f:
         f9:d3:bf:af:4f:d7:48:6f:ac:0e:81:e2:5e:9b:d7:5e:ba:7d:
         c7:a6:99:b1:9c:0d:dc:e6:30:79:93:ae:7f:ae:7d:e0:dc:fe:
         67:93:ea:c3:70:e0:41:3d:7d:e3:45:88:6e:b5:f4:88:df:bd:
         ed:f2:97:bb:13:cb:5e:57:d7:09:56:9b:73:fa:23:3b:4c:dc:
         1d:d0:b0:a3:5e:e8:fa:15:ec:91:ad:b8:47:60:60:f7:0f:a9:
         95:06:6f:ac:90:f3:52:40:29:4a:c9:c8:dc:6e:28:9c:b0:7c:
         19:27:b9:40:e6:2b:1e:36:fa:af:eb:37:45:56:69:2f:9f:a3:
         bc:7d:bd:74:e1:48:71:a2:36:e9:b7:78:c8:17:66:b0:bb:9e:
         04:5c:da:34:0c:7c:0d:0c:9f:c9:8c:e8:a3:c3:d0:43:c8:c0:
         a5:fc:a7:10:99:14:4f:26:98:3f:a1:e3:98:9d:dd:0f:08:19:
         9e:23:aa:08:de:ae:e0:c6:81:af:57:7b:d5:a7:54:7c:94:60:
         2d:2b:f7:52
-----BEGIN CERTIFICATE-----
MIIEsTCCA5mgAwIBAgIUW0r1d83gJw8+lTM36/QvPdBQu0IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yNDAxMjMwNjMwMzZaFw0yNTAxMjEwNjM1MzZaMDMxMTAvBgNV
BAMTKEY3ODhFRkUyMDE4QjM4RjA2NENBMTRDQTJERkQwMjJCMjg4RjZFNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCou8Sor1bIQe1ZNAZo4vUqCdmV
1sTSZ64FQ38FY+d2Ri8lIa8Apnrp48aTmnrhr2hg1NbYt4WjPY6GKe92Sg+JK1sw
ZOJJllHeD5XOpFmY4Z5hkZ7qoQSj0jJB3/Jlxgps64Zl/ax4Ic6PUeA0cE7rPiSc
WBQ2Z4QRclzg/bIKTbcVBKfnkCjjvibegJGrgl50TLnW1tuwce9o7xMAQqSQPBhQ
WKA14INTp4XqxdsWYXA9wbl9iPLFJ4BmfA/9nosYcueRuERr8ipg4MHyWcDW8wgG
cwsH7l8gR5QMZwdwPYGeW8CqkakQ7fB1xbRfhtMCRiWesfi4sKNbu7CC1AavAgMB
AAGjggG7MIIBtzAdBgNVHQ4EFgQU94jv4gGLOPBkyhTKLf0CKyiPblQwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwbQYIKwYBBQUH
AQsEYTBfMF0GCCsGAQUFBzALhlFyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzODMwMzgzMDNhM2EyZjMyMzkyZDM0MzgyMDNkM2UyMDMyMzEzMDM4MzAz
Ny5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQR
MA8wDQQCAAIwBwMFAyoRgIAwDQYJKoZIhvcNAQELBQADggEBAFQ/YssYSIA68qqc
iWN6v7X26uxKKa7/DQaa9LezTVLw1oxNsOesyoKnvNJvhwDz5TRUGS+XP/nTv69P
10hvrA6B4l6b1166fcemmbGcDdzmMHmTrn+ufeDc/meT6sNw4EE9feNFiG619Ijf
ve3yl7sTy15X1wlWm3P6IztM3B3QsKNe6PoV7JGtuEdgYPcPqZUGb6yQ81JAKUrJ
yNxuKJywfBknuUDmKx42+q/rN0VWaS+fo7x9vXThSHGiNum3eMgXZrC7ngRc2jQM
fA0Mn8mM6KPD0EPIwKX8pxCZFE8mmD+h45id3Q8IGZ4jqgjeruDGga9Xe9WnVHyU
YC0r91I=
-----END CERTIFICATE-----