Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a3a2f33322d3438203d3e2038383838.roa
File:                     326131313a3a2f33322d3438203d3e2038383838.roa (raw, json)
Hash identifier:          A/m7W0mN8KhRk24FCG9igrTJSmQtsXBjgW0zNuBI5q4=
Subject key identifier:   59:1B:D4:80:78:04:2A:0D:F9:DF:58:A3:0A:75:CB:E0:09:B3:F8:C3
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       2AAE9150EC0EB8AC1D810377204A0F00877D28BC
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a3a2f33322d3438203d3e2038383838.roa
Signing time:             Fri 22 Sep 2023 10:19:44 +0000
ROA not before:           Fri 22 Sep 2023 10:14:44 +0000
ROA not after:            Fri 20 Sep 2024 10:19:44 +0000
asID:                     8888
IP address blocks:        2a11::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:ae:91:50:ec:0e:b8:ac:1d:81:03:77:20:4a:0f:00:87:7d:28:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Sep 22 10:14:44 2023 GMT
            Not After : Sep 20 10:19:44 2024 GMT
        Subject: CN=591BD48078042A0DF9DF58A30A75CBE009B3F8C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1e:93:9f:1e:f1:7b:75:04:36:72:26:76:bf:
                    2f:b6:61:db:e7:2c:f0:99:1a:db:14:a3:9d:6d:24:
                    dd:a9:fd:61:36:e3:b8:92:cc:be:16:87:ad:93:7e:
                    69:f8:88:6a:4a:22:fa:95:1a:2e:8c:71:e6:02:fe:
                    ce:c3:34:b9:0f:49:8e:43:f9:14:fc:c6:69:78:07:
                    d0:c5:67:3c:02:6c:cf:79:d9:ef:d7:8b:fb:34:69:
                    cb:b3:a8:fe:fc:9b:8b:52:99:ac:7a:9f:be:5f:7a:
                    60:c1:eb:5a:80:c0:e0:ad:ba:5e:f5:72:16:e1:f2:
                    72:a9:ec:3a:95:4a:f0:79:c8:96:06:34:64:64:d8:
                    f6:e4:1d:aa:61:aa:eb:63:6e:a5:e5:cd:44:a6:87:
                    5e:04:f5:15:77:05:13:c4:27:53:36:f8:87:11:5c:
                    67:fa:66:2c:e0:e0:4f:0d:b8:51:c1:cb:d5:8a:0a:
                    f0:33:59:89:54:f6:ff:3e:77:ac:ad:e3:90:01:0a:
                    7f:16:19:81:cc:a9:42:6d:ac:07:2d:5a:1a:54:e9:
                    90:1f:d3:e1:45:ec:28:50:97:30:aa:76:ff:fd:5e:
                    12:72:b9:90:d5:96:53:db:d4:47:e9:25:54:96:f6:
                    ce:7d:4f:6e:a7:1c:29:86:6c:32:ad:09:a1:6d:44:
                    1a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:1B:D4:80:78:04:2A:0D:F9:DF:58:A3:0A:75:CB:E0:09:B3:F8:C3
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a3a2f33322d3438203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11::/32

    Signature Algorithm: sha256WithRSAEncryption
         ac:74:19:ab:e8:17:db:91:f4:e0:5f:76:e8:63:18:79:5d:b3:
         cf:59:af:5d:01:0a:5a:54:73:d5:ef:0e:a7:91:4b:0e:4b:f0:
         38:d8:b1:b7:a3:af:1b:2c:93:d5:24:6c:f2:2a:d4:0b:5b:43:
         bc:fe:ef:a8:21:f8:ff:f2:65:68:11:c0:e9:5a:fc:0b:61:c9:
         1c:ab:e1:a4:6a:23:87:90:42:b8:f4:5f:9d:4e:51:b6:56:7f:
         82:be:99:14:c4:c8:23:bf:6e:5c:25:28:da:79:6d:5e:2d:77:
         97:8d:00:16:15:9e:b4:7e:80:c5:b2:4d:02:25:94:34:ac:82:
         64:37:1f:0d:73:34:9b:97:4b:ce:69:e0:c8:82:f3:a5:ee:2f:
         2e:02:dd:96:47:48:47:d1:21:90:05:d0:4b:eb:82:c3:0d:77:
         47:c9:9e:57:65:10:b0:c0:50:59:da:13:5b:1d:60:69:f0:37:
         5d:22:92:ea:9d:46:e5:b0:c4:24:2e:34:33:9d:1d:b3:c1:a8:
         56:06:c5:f8:ab:8a:75:42:d4:71:6a:7a:86:c4:36:a0:e8:d4:
         9e:19:32:96:3e:b6:1b:b1:e3:de:7e:1e:c3:4e:a2:ba:51:c4:
         e1:91:b5:48:0f:df:7f:43:82:b4:7a:f8:9f:f2:1c:2a:a2:83:
         61:3b:3d:49
-----BEGIN CERTIFICATE-----
MIIEozCCA4ugAwIBAgIUKq6RUOwOuKwdgQN3IEoPAId9KLwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yMzA5MjIxMDE0NDRaFw0yNDA5MjAxMDE5NDRaMDMxMTAvBgNV
BAMTKDU5MUJENDgwNzgwNDJBMERGOURGNThBMzBBNzVDQkUwMDlCM0Y4QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgHpOfHvF7dQQ2ciZ2vy+2Ydvn
LPCZGtsUo51tJN2p/WE247iSzL4Wh62Tfmn4iGpKIvqVGi6MceYC/s7DNLkPSY5D
+RT8xml4B9DFZzwCbM952e/Xi/s0acuzqP78m4tSmax6n75femDB61qAwOCtul71
chbh8nKp7DqVSvB5yJYGNGRk2PbkHaphqutjbqXlzUSmh14E9RV3BRPEJ1M2+IcR
XGf6Zizg4E8NuFHBy9WKCvAzWYlU9v8+d6yt45ABCn8WGYHMqUJtrActWhpU6ZAf
0+FF7ChQlzCqdv/9XhJyuZDVllPb1EfpJVSW9s59T26nHCmGbDKtCaFtRBr1AgMB
AAGjggGtMIIBqTAdBgNVHQ4EFgQUWRvUgHgEKg3531ijCnXL4Amz+MMwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwXwYIKwYBBQUH
AQsEUzBRME8GCCsGAQUFBzALhkNyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzYTJmMzMzMjJkMzQzODIwM2QzZTIwMzgzODM4Mzgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAq
EQAAMA0GCSqGSIb3DQEBCwUAA4IBAQCsdBmr6BfbkfTgX3boYxh5XbPPWa9dAQpa
VHPV7w6nkUsOS/A42LG3o68bLJPVJGzyKtQLW0O8/u+oIfj/8mVoEcDpWvwLYckc
q+GkaiOHkEK49F+dTlG2Vn+CvpkUxMgjv25cJSjaeW1eLXeXjQAWFZ60foDFsk0C
JZQ0rIJkNx8NczSbl0vOaeDIgvOl7i8uAt2WR0hH0SGQBdBL64LDDXdHyZ5XZRCw
wFBZ2hNbHWBp8DddIpLqnUblsMQkLjQznR2zwahWBsX4q4p1QtRxanqGxDag6NSe
GTKWPrYbsePefh7DTqK6UcThkbVID99/Q4K0evif8hwqooNhOz1J
-----END CERTIFICATE-----