Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3132382e3232302e302f32322d3332203d3e2033323134.roa
File:                     34352e3132382e3232302e302f32322d3332203d3e2033323134.roa (raw, json)
Hash identifier:          4SaKEM5MAMzVaT7HIVR8BV+dk6k1qgY4gPQ7r8zGVO0=
Subject key identifier:   59:D8:98:F9:2F:72:A1:93:C9:40:56:25:94:C0:34:56:DA:B7:98:77
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       1E8C0528178257F3AAF7341933A99213121C4D3E
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3132382e3232302e302f32322d3332203d3e2033323134.roa
Signing time:             Thu 04 Apr 2024 05:35:30 +0000
ROA not before:           Thu 04 Apr 2024 05:30:30 +0000
ROA not after:            Thu 03 Apr 2025 05:35:30 +0000
asID:                     3214
IP address blocks:        45.128.220.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:8c:05:28:17:82:57:f3:aa:f7:34:19:33:a9:92:13:12:1c:4d:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Apr  4 05:30:30 2024 GMT
            Not After : Apr  3 05:35:30 2025 GMT
        Subject: CN=59D898F92F72A193C940562594C03456DAB79877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:39:99:74:26:2b:e6:a3:44:33:71:ec:52:7a:
                    18:13:c7:82:69:0b:38:e9:24:b7:1a:e0:6f:3f:3e:
                    4a:5c:2e:f3:82:35:f0:5e:ba:6c:e6:e2:e5:2c:80:
                    76:d8:77:40:34:34:f6:12:2d:bc:d2:e0:cf:03:4a:
                    5f:42:68:6a:23:a1:86:d0:4d:53:de:c0:d1:f9:00:
                    ed:b3:26:42:75:d3:78:47:21:3e:58:a1:d9:48:db:
                    99:cf:cb:2e:ac:99:96:9c:1e:75:6b:e7:20:df:20:
                    db:f0:e0:d5:58:27:e4:07:ed:09:67:16:9e:10:3b:
                    1b:11:d0:84:5d:ae:69:71:5a:3b:7a:b9:a7:32:ff:
                    e4:4e:c6:c7:7d:a6:15:69:58:13:6a:8c:64:41:c0:
                    b6:03:cb:05:53:ce:14:b7:99:87:20:cf:d4:c3:73:
                    37:c8:11:0a:55:50:80:0d:0b:b7:13:72:d5:db:c8:
                    ab:3b:e0:95:ff:a2:53:82:86:d8:e6:1b:f8:71:e2:
                    31:d1:44:24:ae:e3:7e:de:0d:ed:3b:23:e8:49:55:
                    03:e2:29:aa:43:21:7f:88:d2:06:56:89:3f:9c:62:
                    e0:34:ed:0b:73:d0:57:45:16:fb:57:17:d4:c2:cd:
                    ee:32:78:f7:91:f4:27:26:99:fd:66:47:fa:ab:8c:
                    72:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:D8:98:F9:2F:72:A1:93:C9:40:56:25:94:C0:34:56:DA:B7:98:77
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3132382e3232302e302f32322d3332203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:92:21:bf:06:c7:d5:e4:52:ed:02:8f:25:f4:70:12:9c:f9:
         dc:82:3a:a9:81:a8:ab:cd:43:d2:09:81:30:1b:7b:c3:18:82:
         a0:5d:83:64:f8:18:0e:11:9a:fa:f1:c9:05:06:e0:1d:d5:d1:
         f0:80:37:0b:1a:29:17:79:9b:ec:d5:d0:a5:88:d7:12:bb:78:
         dc:6b:c4:70:47:56:d8:7a:05:0a:22:1a:36:63:c2:5f:d0:dd:
         a7:86:5f:d3:1b:34:3b:66:6e:a1:af:47:1b:50:5a:92:e0:62:
         49:32:53:b9:cc:67:5c:f7:95:a5:e8:ea:de:3a:00:89:03:1e:
         d1:0a:e0:ed:e9:e4:f8:fe:d5:2c:b5:4c:5f:d9:55:b1:cd:f5:
         76:54:bc:f0:e8:0a:d4:9f:c1:2f:2e:c0:44:67:89:71:e0:dc:
         9c:ff:f9:0d:86:07:04:e7:ab:bc:f5:01:fd:8d:cc:e4:7d:40:
         2d:d1:3f:70:8e:fe:8c:6e:14:30:30:87:5f:7e:bf:b2:5b:8e:
         96:70:26:bc:07:3e:a5:2d:a6:bb:0c:cc:65:08:00:46:5d:7c:
         d2:26:bc:52:9d:4b:9a:e9:ec:8c:a1:65:15:6c:7e:1b:1f:51:
         6b:3b:9f:86:07:76:86:4c:b9:ba:aa:ac:d4:46:2f:6d:95:f8:
         ff:d6:c6:3b
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUHowFKBeCV/Oq9zQZM6mSExIcTT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA0MDQwNTMwMzBaFw0yNTA0MDMwNTM1MzBaMDMxMTAvBgNV
BAMTKDU5RDg5OEY5MkY3MkExOTNDOTQwNTYyNTk0QzAzNDU2REFCNzk4NzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmOZl0Jivmo0QzcexSehgTx4Jp
CzjpJLca4G8/PkpcLvOCNfBeumzm4uUsgHbYd0A0NPYSLbzS4M8DSl9CaGojoYbQ
TVPewNH5AO2zJkJ103hHIT5YodlI25nPyy6smZacHnVr5yDfINvw4NVYJ+QH7Qln
Fp4QOxsR0IRdrmlxWjt6uacy/+ROxsd9phVpWBNqjGRBwLYDywVTzhS3mYcgz9TD
czfIEQpVUIANC7cTctXbyKs74JX/olOChtjmG/hx4jHRRCSu437eDe07I+hJVQPi
KapDIX+I0gZWiT+cYuA07Qtz0FdFFvtXF9TCze4yePeR9Ccmmf1mR/qrjHKhAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUWdiY+S9yoZPJQFYllMA0Vtq3mHcwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzMjM4MmUzMjMyMzAyZTMwMmYzMjMyMmQzMzMyMjAzZDNlMjAzMzMyMzEz
NC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAi2A3DANBgkqhkiG9w0BAQsFAAOCAQEAYJIhvwbH1eRS7QKP
JfRwEpz53II6qYGoq81D0gmBMBt7wxiCoF2DZPgYDhGa+vHJBQbgHdXR8IA3Cxop
F3mb7NXQpYjXErt43GvEcEdW2HoFCiIaNmPCX9Ddp4Zf0xs0O2Zuoa9HG1BakuBi
STJTucxnXPeVpejq3joAiQMe0Qrg7enk+P7VLLVMX9lVsc31dlS88OgK1J/BLy7A
RGeJceDcnP/5DYYHBOervPUB/Y3M5H1ALdE/cI7+jG4UMDCHX36/sluOlnAmvAc+
pS2muwzMZQgARl180ia8Up1LmunsjKFlFWx+Gx9Razufhgd2hky5uqqs1EYvbZX4
/9bGOw==
-----END CERTIFICATE-----