Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a3a2f34382d3438203d3e2036323333.roa
File:                     326131313a3a2f34382d3438203d3e2036323333.roa (raw, json)
Hash identifier:          QIKRD6uc5E2Q6j//gyVz6WbLP40cPPvqSm6K0WQ9x4M=
Subject key identifier:   E5:AE:15:F7:EA:D1:A4:63:DD:F4:3B:AA:E1:1E:50:DB:49:B1:43:41
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       41E65E34F704FFE8238DDE63685786A7FB62B60F
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a3a2f34382d3438203d3e2036323333.roa
Signing time:             Fri 22 Sep 2023 10:19:43 +0000
ROA not before:           Fri 22 Sep 2023 10:14:43 +0000
ROA not after:            Fri 20 Sep 2024 10:19:43 +0000
asID:                     6233
IP address blocks:        2a11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:e6:5e:34:f7:04:ff:e8:23:8d:de:63:68:57:86:a7:fb:62:b6:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Sep 22 10:14:43 2023 GMT
            Not After : Sep 20 10:19:43 2024 GMT
        Subject: CN=E5AE15F7EAD1A463DDF43BAAE11E50DB49B14341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:bd:7b:9d:0f:25:d3:29:19:94:d8:69:e3:60:
                    f9:ae:7f:0c:67:09:11:6c:51:6c:4c:19:d1:4e:c4:
                    b0:34:77:1c:fe:7d:78:d4:21:5e:3d:ae:e9:d2:71:
                    d5:d0:53:61:dd:d8:2e:9e:d6:55:0d:af:64:90:32:
                    e6:81:05:8a:c8:15:b5:be:b2:2c:d0:6b:07:ce:bc:
                    5e:6b:fe:86:de:63:ce:c1:26:b2:f8:e8:e1:27:16:
                    86:f7:24:84:07:1f:dc:cf:58:72:d7:ed:a4:31:ec:
                    a0:1f:d6:ba:3e:b6:7f:b8:fa:cc:f3:3e:5f:76:9d:
                    d3:6c:04:8b:ae:4d:7d:a4:70:0b:40:ae:b5:7f:af:
                    14:47:0c:38:9c:44:30:f7:ee:d4:0e:9a:86:fc:f8:
                    c5:db:9e:97:a1:d6:55:37:bd:b8:a0:5a:a7:80:12:
                    aa:fe:7f:5a:70:16:fa:70:ed:31:c4:d1:3e:db:ba:
                    93:76:a0:38:17:4e:30:99:c8:43:ab:0c:ea:36:2c:
                    a3:c9:93:2c:14:02:7a:11:ba:28:41:e6:c0:59:a6:
                    75:e2:a7:61:8f:02:c1:d0:01:40:13:11:05:a9:c0:
                    1d:14:20:d9:20:1f:ca:df:87:48:79:03:8d:3a:f1:
                    e0:af:08:d9:f3:94:d7:26:8d:b1:22:8b:b8:82:1a:
                    40:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:AE:15:F7:EA:D1:A4:63:DD:F4:3B:AA:E1:1E:50:DB:49:B1:43:41
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a3a2f34382d3438203d3e2036323333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:1d:a7:76:54:a9:af:9a:56:17:fa:83:73:89:12:9b:ed:60:
         a2:39:be:d0:29:b1:f3:43:fd:07:16:7b:b2:ab:ea:cb:28:10:
         8a:70:fc:2a:2d:31:f3:99:ab:de:fa:73:9e:a4:ee:df:8e:bf:
         b2:70:53:e1:ec:3e:b4:77:ea:7c:6b:e9:cf:83:e1:6a:ca:44:
         0c:eb:79:66:ff:a1:45:60:ff:7b:3e:5b:a9:7f:46:cf:f7:47:
         88:ff:38:56:e8:73:d6:fb:1a:b1:27:70:de:55:a3:b1:0f:cf:
         95:49:13:a1:20:65:f6:67:2a:16:64:ad:6b:81:7b:5f:24:77:
         6a:51:a4:18:d8:0e:09:68:81:16:d1:51:fd:61:c3:59:3a:1a:
         65:f5:19:e4:d1:3e:42:54:b3:0d:b7:15:b9:3e:1f:66:e7:4c:
         5a:94:4e:3e:60:ba:ff:3a:70:8a:79:49:c1:fe:9f:e4:7a:9f:
         75:7e:13:14:ba:27:d0:2f:d4:85:ae:91:50:98:8a:49:35:90:
         1f:9d:99:8d:c2:df:ac:fc:92:e7:e0:e0:77:b9:63:ca:d9:67:
         68:f1:61:a8:9a:cf:53:bb:7a:f5:64:2b:93:11:d2:e5:bd:08:
         85:4f:1c:37:75:ac:e8:b4:e5:8c:59:9c:26:a7:c6:3a:6a:89:
         06:c2:72:53
-----BEGIN CERTIFICATE-----
MIIEpTCCA42gAwIBAgIUQeZeNPcE/+gjjd5jaFeGp/titg8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yMzA5MjIxMDE0NDNaFw0yNDA5MjAxMDE5NDNaMDMxMTAvBgNV
BAMTKEU1QUUxNUY3RUFEMUE0NjNEREY0M0JBQUUxMUU1MERCNDlCMTQzNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6vXudDyXTKRmU2GnjYPmufwxn
CRFsUWxMGdFOxLA0dxz+fXjUIV49runScdXQU2Hd2C6e1lUNr2SQMuaBBYrIFbW+
sizQawfOvF5r/obeY87BJrL46OEnFob3JIQHH9zPWHLX7aQx7KAf1ro+tn+4+szz
Pl92ndNsBIuuTX2kcAtArrV/rxRHDDicRDD37tQOmob8+MXbnpeh1lU3vbigWqeA
Eqr+f1pwFvpw7THE0T7bupN2oDgXTjCZyEOrDOo2LKPJkywUAnoRuihB5sBZpnXi
p2GPAsHQAUATEQWpwB0UINkgH8rfh0h5A4068eCvCNnzlNcmjbEii7iCGkCXAgMB
AAGjggGvMIIBqzAdBgNVHQ4EFgQU5a4V9+rRpGPd9Duq4R5Q20mxQ0EwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwXwYIKwYBBQUH
AQsEUzBRME8GCCsGAQUFBzALhkNyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzYzMjMzMzMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
EQAAAAAwDQYJKoZIhvcNAQELBQADggEBACwdp3ZUqa+aVhf6g3OJEpvtYKI5vtAp
sfND/QcWe7Kr6ssoEIpw/CotMfOZq976c56k7t+Ov7JwU+HsPrR36nxr6c+D4WrK
RAzreWb/oUVg/3s+W6l/Rs/3R4j/OFboc9b7GrEncN5Vo7EPz5VJE6EgZfZnKhZk
rWuBe18kd2pRpBjYDglogRbRUf1hw1k6GmX1GeTRPkJUsw23Fbk+H2bnTFqUTj5g
uv86cIp5ScH+n+R6n3V+ExS6J9Av1IWukVCYikk1kB+dmY3C36z8kufg4He5Y8rZ
Z2jxYaiaz1O7evVkK5MR0uW9CIVPHDd1rOi05YxZnCanxjpqiQbCclM=
-----END CERTIFICATE-----