Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3132382e3232302e302f32322d3332203d3e2033323538.roa
File:                     34352e3132382e3232302e302f32322d3332203d3e2033323538.roa (raw, json)
Hash identifier:          hyRrVlBKPARALvptCq8b8hZzJNBHkrMIeXvqN59/cLc=
Subject key identifier:   30:25:3A:13:2E:DF:E6:3F:80:D8:1D:75:B9:BB:FB:87:8B:80:DF:D3
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       7C227FD5B4F8157633ED969607482BAFFF2E5970
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3132382e3232302e302f32322d3332203d3e2033323538.roa
Signing time:             Thu 04 Apr 2024 05:35:41 +0000
ROA not before:           Thu 04 Apr 2024 05:30:41 +0000
ROA not after:            Thu 03 Apr 2025 05:35:41 +0000
asID:                     3258
IP address blocks:        45.128.220.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:22:7f:d5:b4:f8:15:76:33:ed:96:96:07:48:2b:af:ff:2e:59:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Apr  4 05:30:41 2024 GMT
            Not After : Apr  3 05:35:41 2025 GMT
        Subject: CN=30253A132EDFE63F80D81D75B9BBFB878B80DFD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:01:ae:51:93:09:b6:ba:e6:d7:b6:ed:ec:ae:
                    70:06:fa:fa:eb:cd:f2:bf:fe:c3:40:2f:59:07:63:
                    d3:9f:58:19:c1:58:72:e4:9e:e3:41:3a:6e:fe:78:
                    34:86:e0:b4:d7:55:17:74:39:9a:be:d7:f1:c1:32:
                    71:27:e3:01:7b:54:a2:d3:72:cc:7d:28:2a:42:53:
                    46:43:48:7e:7a:82:a2:54:33:3e:6d:14:7e:4c:36:
                    fd:bb:4b:34:3a:01:47:7b:44:60:27:07:11:ed:3d:
                    bd:2a:e8:83:81:1b:a3:6a:b8:65:b4:9d:40:c9:10:
                    30:3f:54:29:6a:ae:77:4f:01:1a:bf:0d:b4:96:aa:
                    42:a7:04:10:c4:96:94:9c:53:0e:0b:7c:d0:dc:11:
                    c8:ff:b4:02:08:06:34:aa:96:a7:ec:f4:35:2c:57:
                    cc:4a:5e:c8:fa:b3:22:ad:d5:9e:04:a0:ce:a3:e8:
                    e4:16:17:ef:6d:4d:6e:38:1d:e3:74:d6:a4:94:29:
                    f2:6a:f9:20:bd:4f:f1:76:c7:8d:f9:97:50:d0:b5:
                    d6:c9:eb:65:cb:d0:56:c4:6b:63:3d:83:00:17:1b:
                    53:7d:57:4f:ea:80:b1:cf:d0:da:85:87:96:75:35:
                    ab:e5:f5:8e:76:be:d6:d2:d3:3d:24:2d:09:6c:2e:
                    72:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:25:3A:13:2E:DF:E6:3F:80:D8:1D:75:B9:BB:FB:87:8B:80:DF:D3
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3132382e3232302e302f32322d3332203d3e2033323538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:0a:bc:50:55:c7:6b:3d:f5:83:65:44:f8:aa:52:5a:11:1a:
         10:2b:b7:ee:84:6f:33:8f:73:b2:a6:72:ab:81:a3:c7:13:31:
         12:d8:48:03:66:88:7e:4a:fb:07:05:b8:5e:64:63:e5:a5:5b:
         24:5a:9b:49:d0:b2:be:a3:a9:4d:7a:a7:3c:09:f0:b0:52:5b:
         c8:29:35:87:de:a7:83:07:9c:70:5a:5c:b3:ba:96:cb:dd:80:
         ae:b2:dd:63:4b:4a:19:ac:78:76:78:f9:f8:5c:04:08:a4:f4:
         55:60:7d:f6:29:6d:e9:2b:e5:99:b4:09:f7:35:be:c2:dd:78:
         d3:d1:e7:28:e5:42:a9:48:0c:f4:c7:89:39:9a:30:bf:9f:67:
         2e:58:ef:7d:74:1b:d2:d2:80:e9:4a:2f:31:11:65:af:c9:19:
         e8:d1:37:8d:f4:a0:72:0c:96:47:13:ea:36:57:e5:6f:a2:19:
         e4:32:9f:3d:aa:f0:fa:31:ee:f3:ca:55:98:9c:71:0b:33:39:
         d8:05:00:82:44:67:8c:5e:4d:93:9f:ca:cf:99:11:c9:44:50:
         48:61:cc:6e:d8:16:c6:e4:1c:f3:5a:b4:5f:ea:5b:6e:06:b4:
         94:c8:42:99:75:58:e9:b9:2d:9b:12:7c:da:54:f3:a8:e4:0f:
         27:76:17:99
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUfCJ/1bT4FXYz7ZaWB0grr/8uWXAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA0MDQwNTMwNDFaFw0yNTA0MDMwNTM1NDFaMDMxMTAvBgNV
BAMTKDMwMjUzQTEzMkVERkU2M0Y4MEQ4MUQ3NUI5QkJGQjg3OEI4MERGRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+Aa5Rkwm2uubXtu3srnAG+vrr
zfK//sNAL1kHY9OfWBnBWHLknuNBOm7+eDSG4LTXVRd0OZq+1/HBMnEn4wF7VKLT
csx9KCpCU0ZDSH56gqJUMz5tFH5MNv27SzQ6AUd7RGAnBxHtPb0q6IOBG6NquGW0
nUDJEDA/VClqrndPARq/DbSWqkKnBBDElpScUw4LfNDcEcj/tAIIBjSqlqfs9DUs
V8xKXsj6syKt1Z4EoM6j6OQWF+9tTW44HeN01qSUKfJq+SC9T/F2x435l1DQtdbJ
62XL0FbEa2M9gwAXG1N9V0/qgLHP0NqFh5Z1Navl9Y52vtbS0z0kLQlsLnKxAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUMCU6Ey7f5j+A2B11ubv7h4uA39MwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzMjM4MmUzMjMyMzAyZTMwMmYzMjMyMmQzMzMyMjAzZDNlMjAzMzMyMzUz
OC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAi2A3DANBgkqhkiG9w0BAQsFAAOCAQEAOAq8UFXHaz31g2VE
+KpSWhEaECu37oRvM49zsqZyq4GjxxMxEthIA2aIfkr7BwW4XmRj5aVbJFqbSdCy
vqOpTXqnPAnwsFJbyCk1h96ngweccFpcs7qWy92ArrLdY0tKGax4dnj5+FwECKT0
VWB99ilt6SvlmbQJ9zW+wt1409HnKOVCqUgM9MeJOZowv59nLljvfXQb0tKA6Uov
MRFlr8kZ6NE3jfSgcgyWRxPqNlflb6IZ5DKfParw+jHu88pVmJxxCzM52AUAgkRn
jF5Nk5/Kz5kRyURQSGHMbtgWxuQc81q0X+pbbga0lMhCmXVY6bktmxJ82lTzqOQP
J3YXmQ==
-----END CERTIFICATE-----