Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a3a2f34382d3438203d3e2036323333.roa
File:                     326131313a3a2f34382d3438203d3e2036323333.roa (raw, json)
Hash identifier:          kI0kbYAdMgWhESDWM0EC5+Mfm3tf/xFT+bxqMRtwQwo=
Subject key identifier:   33:17:8A:1C:B0:61:D1:B5:A6:78:79:E9:80:08:BE:7A:3B:47:EB:B3
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       1EE3E41C0C3478E5E6071302055C628E046A33CE
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a3a2f34382d3438203d3e2036323333.roa
Signing time:             Fri 23 Aug 2024 10:47:04 +0000
ROA not before:           Fri 23 Aug 2024 10:42:04 +0000
ROA not after:            Fri 22 Aug 2025 10:47:04 +0000
asID:                     6233
IP address blocks:        2a11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:e3:e4:1c:0c:34:78:e5:e6:07:13:02:05:5c:62:8e:04:6a:33:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Aug 23 10:42:04 2024 GMT
            Not After : Aug 22 10:47:04 2025 GMT
        Subject: CN=33178A1CB061D1B5A67879E98008BE7A3B47EBB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:82:0d:b9:a2:90:5a:33:29:6f:ff:b9:f9:9e:
                    ba:d2:4d:11:93:6c:b3:25:93:a6:64:9e:45:67:c7:
                    14:37:26:a8:76:65:e4:41:33:cf:06:87:27:c4:69:
                    3b:4b:3b:c8:4d:86:3d:cc:bb:e9:9a:ad:83:6c:c2:
                    cd:94:f6:6f:27:32:bf:ab:cb:a0:16:55:2d:e0:1b:
                    d9:c1:5e:da:13:18:0b:9a:75:dd:b8:90:83:20:ad:
                    be:8f:c5:c4:31:21:1a:a8:a6:dc:ae:3a:a4:64:4b:
                    ea:6a:b0:cd:c5:e6:18:50:e2:c5:27:f8:45:ef:c3:
                    15:91:ad:11:c1:6b:f4:d4:bc:0f:f4:1a:d0:89:e9:
                    46:54:2c:ef:b2:c5:82:ff:17:03:2e:e4:24:52:41:
                    80:1a:b6:1d:c4:4e:5d:39:12:f4:ac:4a:36:4f:6b:
                    8f:ea:06:ff:d0:4e:ad:14:47:e5:42:23:bc:cb:df:
                    67:56:21:e7:b8:e2:02:0a:34:80:68:22:91:95:57:
                    5e:92:c5:87:72:75:7e:1e:e6:ab:31:30:6a:17:59:
                    4f:3e:95:9c:db:85:12:13:41:93:ee:73:78:7e:26:
                    7c:5b:fe:b7:df:08:9a:e1:6e:4f:55:c0:12:68:7d:
                    b5:dc:87:88:00:0e:58:e9:98:55:d0:dc:60:44:a8:
                    9e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:17:8A:1C:B0:61:D1:B5:A6:78:79:E9:80:08:BE:7A:3B:47:EB:B3
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a3a2f34382d3438203d3e2036323333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:8b:5c:aa:b6:3b:8b:9d:56:60:5b:f6:6c:6a:0b:e9:d3:d8:
         8c:af:3c:6e:10:9e:ab:ca:81:43:9d:2b:ef:a0:06:74:b2:37:
         29:b3:94:c9:8b:55:51:5c:f5:8b:36:79:61:9c:09:fd:6b:66:
         ee:2c:2e:ab:f8:dd:cc:e6:38:29:b5:4c:01:a5:a4:2b:1c:b1:
         e3:72:14:c4:19:e2:9b:e3:42:b3:dc:49:9d:7f:e1:08:60:e9:
         98:e9:25:d1:28:86:82:2c:b0:f7:da:93:36:1c:6c:43:3e:61:
         92:f5:d5:ff:1b:09:72:76:94:b8:de:b8:cf:c8:1c:72:4d:6b:
         22:01:f5:54:e6:6f:8f:d4:f4:3e:e6:51:60:74:32:da:ed:9c:
         ea:75:74:d2:8f:ec:df:b0:1a:ae:6f:ee:ef:70:24:76:3a:b9:
         07:c1:ca:1f:37:f8:6b:ec:f3:07:86:ab:23:22:f3:23:32:83:
         e8:1e:e7:87:8a:19:db:a4:d5:63:29:b6:9b:11:0a:40:09:4d:
         d2:4d:02:71:54:ee:e7:92:21:98:b3:36:05:90:b1:76:05:53:
         e3:d9:9e:45:cd:ab:83:8b:8f:7e:dc:0e:8b:69:e2:5d:85:3a:
         47:60:a5:32:c8:4e:3c:1c:bb:8e:e9:3b:b9:37:73:16:89:28:
         c8:de:dc:b7
-----BEGIN CERTIFICATE-----
MIIEpTCCA42gAwIBAgIUHuPkHAw0eOXmBxMCBVxijgRqM84wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yNDA4MjMxMDQyMDRaFw0yNTA4MjIxMDQ3MDRaMDMxMTAvBgNV
BAMTKDMzMTc4QTFDQjA2MUQxQjVBNjc4NzlFOTgwMDhCRTdBM0I0N0VCQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2gg25opBaMylv/7n5nrrSTRGT
bLMlk6ZknkVnxxQ3Jqh2ZeRBM88GhyfEaTtLO8hNhj3Mu+marYNsws2U9m8nMr+r
y6AWVS3gG9nBXtoTGAuadd24kIMgrb6PxcQxIRqoptyuOqRkS+pqsM3F5hhQ4sUn
+EXvwxWRrRHBa/TUvA/0GtCJ6UZULO+yxYL/FwMu5CRSQYAath3ETl05EvSsSjZP
a4/qBv/QTq0UR+VCI7zL32dWIee44gIKNIBoIpGVV16SxYdydX4e5qsxMGoXWU8+
lZzbhRITQZPuc3h+Jnxb/rffCJrhbk9VwBJofbXch4gADljpmFXQ3GBEqJ6fAgMB
AAGjggGvMIIBqzAdBgNVHQ4EFgQUMxeKHLBh0bWmeHnpgAi+ejtH67MwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwXwYIKwYBBQUH
AQsEUzBRME8GCCsGAQUFBzALhkNyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzYzMjMzMzMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
EQAAAAAwDQYJKoZIhvcNAQELBQADggEBALKLXKq2O4udVmBb9mxqC+nT2IyvPG4Q
nqvKgUOdK++gBnSyNymzlMmLVVFc9Ys2eWGcCf1rZu4sLqv43czmOCm1TAGlpCsc
seNyFMQZ4pvjQrPcSZ1/4Qhg6ZjpJdEohoIssPfakzYcbEM+YZL11f8bCXJ2lLje
uM/IHHJNayIB9VTmb4/U9D7mUWB0MtrtnOp1dNKP7N+wGq5v7u9wJHY6uQfByh83
+Gvs8weGqyMi8yMyg+ge54eKGduk1WMptpsRCkAJTdJNAnFU7ueSIZizNgWQsXYF
U+PZnkXNq4OLj37cDotp4l2FOkdgpTLITjwcu47pO7k3cxaJKMje3Lc=
-----END CERTIFICATE-----