Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/20/323430373a396534303a3a2f33322d3438203d3e2038383838.roa
File:                     323430373a396534303a3a2f33322d3438203d3e2038383838.roa (raw, json)
Hash identifier:          bgZLx9D4yDAqnvRUS+LNhuBpH5hKCWNHHuxB7IgA2e0=
Subject key identifier:   4F:15:98:ED:9D:98:36:B9:AD:8D:3C:6E:58:33:62:AF:4B:F9:B9:1B
Certificate issuer:       /CN=A91C44A00000/serialNumber=E3098182BCB9AA102ECB2221A767B98E6ECCC310
Certificate serial:       6A09C405D44B6890C3A672521229D72CF979CE66
Authority key identifier: E3:09:81:82:BC:B9:AA:10:2E:CB:22:21:A7:67:B9:8E:6E:CC:C3:10
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4wmBgry5qhAuyyIhp2e5jm7MwxA.cer
Subject info access:      rsync://0.sb/repo/sb/20/323430373a396534303a3a2f33322d3438203d3e2038383838.roa
Signing time:             Fri 22 Sep 2023 10:19:40 +0000
ROA not before:           Fri 22 Sep 2023 10:14:40 +0000
ROA not after:            Fri 20 Sep 2024 10:19:40 +0000
asID:                     8888
IP address blocks:        2407:9e40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/20/E3098182BCB9AA102ECB2221A767B98E6ECCC310.crl
                          rsync://0.sb/repo/sb/20/E3098182BCB9AA102ECB2221A767B98E6ECCC310.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4wmBgry5qhAuyyIhp2e5jm7MwxA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 09 May 2024 19:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:09:c4:05:d4:4b:68:90:c3:a6:72:52:12:29:d7:2c:f9:79:ce:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C44A00000/serialNumber=E3098182BCB9AA102ECB2221A767B98E6ECCC310
        Validity
            Not Before: Sep 22 10:14:40 2023 GMT
            Not After : Sep 20 10:19:40 2024 GMT
        Subject: CN=4F1598ED9D9836B9AD8D3C6E583362AF4BF9B91B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:2e:e9:c1:8b:89:99:b9:2f:5a:bd:58:d3:47:
                    52:86:01:f9:91:4a:5d:42:7c:bb:ca:b3:d0:0f:d9:
                    b5:6b:24:ea:2a:6b:55:46:94:80:e5:9e:bd:74:83:
                    60:5a:10:cf:44:e6:3c:bc:9a:ea:6b:c1:18:20:32:
                    3a:a5:b1:dc:6f:94:46:a0:9c:77:a8:80:12:e5:3f:
                    ac:70:a5:03:88:55:ca:de:3e:aa:04:ac:83:84:86:
                    e0:b9:7f:b1:3f:12:ec:5b:d2:6c:da:11:45:ff:40:
                    59:6b:a1:dd:2d:97:f1:28:f4:2f:c4:7f:7a:23:39:
                    b0:36:df:be:56:78:ed:55:16:a4:7e:fb:93:87:f1:
                    4d:cb:60:6a:fa:4f:56:7c:ce:87:a3:4d:c3:c6:ea:
                    8b:02:f5:8e:17:41:02:5a:a5:7b:f7:d2:05:81:2e:
                    86:be:d5:8c:1c:70:a0:23:2f:49:24:48:34:2e:0e:
                    50:9b:51:02:d1:3c:18:a6:fa:bb:16:d4:80:9c:46:
                    1a:61:6f:85:29:56:1b:94:c7:b8:d1:bf:e6:a0:5d:
                    1b:d5:35:f4:5b:c2:06:c8:67:a1:3f:b8:dd:49:ab:
                    90:aa:4a:3e:d9:6c:52:e2:31:2c:de:67:72:ca:68:
                    88:ec:9b:19:5b:bb:0f:b0:72:1d:6b:ef:15:8c:ab:
                    9c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:15:98:ED:9D:98:36:B9:AD:8D:3C:6E:58:33:62:AF:4B:F9:B9:1B
            X509v3 Authority Key Identifier:
                keyid:E3:09:81:82:BC:B9:AA:10:2E:CB:22:21:A7:67:B9:8E:6E:CC:C3:10

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/20/E3098182BCB9AA102ECB2221A767B98E6ECCC310.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4wmBgry5qhAuyyIhp2e5jm7MwxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/20/323430373a396534303a3a2f33322d3438203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:9e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:a9:f6:8c:41:f0:ab:3f:f8:7c:27:89:f6:c3:68:bc:3d:15:
         f4:41:f4:5c:79:d0:ec:36:82:b0:7e:df:1c:61:19:1b:f2:3e:
         03:5d:02:ce:cb:b8:1e:02:8a:e6:d9:ae:77:d3:43:53:f1:30:
         8b:f2:14:0a:87:c3:74:dc:f1:9c:ec:50:36:05:f7:55:cf:0d:
         ea:cc:89:64:2e:c7:41:ce:dd:62:f5:45:7f:04:2e:6d:71:5c:
         e3:8e:bd:7e:4e:4e:53:e7:e8:2d:b0:9f:66:21:91:d8:c3:5f:
         d0:d2:0c:78:1c:f2:35:c7:19:b6:fe:a7:59:a8:6f:0e:b6:30:
         86:8d:e1:35:64:ee:14:76:0c:49:1a:22:66:56:10:86:48:2a:
         34:12:0d:e3:da:e2:9f:4c:f9:e7:9c:78:ce:d6:50:3d:d7:16:
         95:5b:87:44:b6:59:de:58:f7:29:40:83:c6:80:47:28:fd:99:
         51:62:cc:da:19:14:d8:95:fe:1a:9c:f9:91:d2:60:8b:3a:74:
         1e:4d:e1:90:d5:7e:82:11:76:9e:5d:32:3c:ef:ae:46:90:8c:
         6d:a2:95:22:67:d7:90:e0:cb:b6:b5:c2:b5:32:aa:e1:be:fa:
         60:5b:48:20:59:57:48:fc:94:7e:ba:4f:a7:52:2e:42:15:1d:
         df:18:95:50
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUagnEBdRLaJDDpnJSEinXLPl5zmYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQzQ0QTAwMDAwMTEwLwYDVQQFEyhFMzA5ODE4MkJD
QjlBQTEwMkVDQjIyMjFBNzY3Qjk4RTZFQ0NDMzEwMB4XDTIzMDkyMjEwMTQ0MFoX
DTI0MDkyMDEwMTk0MFowMzExMC8GA1UEAxMoNEYxNTk4RUQ5RDk4MzZCOUFEOEQz
QzZFNTgzMzYyQUY0QkY5QjkxQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANsu6cGLiZm5L1q9WNNHUoYB+ZFKXUJ8u8qz0A/ZtWsk6iprVUaUgOWevXSD
YFoQz0TmPLya6mvBGCAyOqWx3G+URqCcd6iAEuU/rHClA4hVyt4+qgSsg4SG4Ll/
sT8S7FvSbNoRRf9AWWuh3S2X8Sj0L8R/eiM5sDbfvlZ47VUWpH77k4fxTctgavpP
VnzOh6NNw8bqiwL1jhdBAlqle/fSBYEuhr7VjBxwoCMvSSRINC4OUJtRAtE8GKb6
uxbUgJxGGmFvhSlWG5THuNG/5qBdG9U19FvCBshnoT+43UmrkKpKPtlsUuIxLN5n
cspoiOybGVu7D7ByHWvvFYyrnKkCAwEAAaOCAdMwggHPMB0GA1UdDgQWBBRPFZjt
nZg2ua2NPG5YM2KvS/m5GzAfBgNVHSMEGDAWgBTjCYGCvLmqEC7LIiGnZ7mObszD
EDAOBgNVHQ8BAf8EBAMCB4AwVQYDVR0fBE4wTDBKoEigRoZEcnN5bmM6Ly8wLnNi
L3JlcG8vc2IvMjAvRTMwOTgxODJCQ0I5QUExMDJFQ0IyMjIxQTc2N0I5OEU2RUND
QzMxMC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jw
a2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdD
NzJGRDFGRjIvNHdtQmdyeTVxaEF1eXlJaHAyZTVqbTdNd3hBLmNlcjBqBggrBgEF
BQcBCwReMFwwWgYIKwYBBQUHMAuGTnJzeW5jOi8vMC5zYi9yZXBvL3NiLzIwLzMy
MzQzMDM3M2EzOTY1MzQzMDNhM2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM4MzgzODM4
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEw
DzANBAIAAjAHAwUAJAeeQDANBgkqhkiG9w0BAQsFAAOCAQEAcqn2jEHwqz/4fCeJ
9sNovD0V9EH0XHnQ7DaCsH7fHGEZG/I+A10Czsu4HgKK5tmud9NDU/Ewi/IUCofD
dNzxnOxQNgX3Vc8N6syJZC7HQc7dYvVFfwQubXFc4469fk5OU+foLbCfZiGR2MNf
0NIMeBzyNccZtv6nWahvDrYwho3hNWTuFHYMSRoiZlYQhkgqNBIN49rin0z555x4
ztZQPdcWlVuHRLZZ3lj3KUCDxoBHKP2ZUWLM2hkU2JX+Gpz5kdJgizp0Hk3hkNV+
ghF2nl0yPO+uRpCMbaKVImfXkODLtrXCtTKq4b76YFtIIFlXSPyUfrpPp1IuQhUd
3xiVUA==
-----END CERTIFICATE-----