Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3132382e3232322e302f32342d3234203d3e203535393333.roa
File:                     34352e3132382e3232322e302f32342d3234203d3e203535393333.roa (raw, json)
Hash identifier:          Qcigtg+J/imf3eBLNWyT9tPc8FWLUIbuZ5jSUGwGLgg=
Subject key identifier:   B7:99:E6:4C:A5:2D:4D:A6:D0:87:23:18:C0:7A:9B:E5:21:F7:AF:98
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       12DB80099A2DA0C56DF94FDB7BEE293BAD21194E
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3132382e3232322e302f32342d3234203d3e203535393333.roa
Signing time:             Thu 04 Apr 2024 05:36:09 +0000
ROA not before:           Thu 04 Apr 2024 05:31:09 +0000
ROA not after:            Thu 03 Apr 2025 05:36:09 +0000
asID:                     55933
IP address blocks:        45.128.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:db:80:09:9a:2d:a0:c5:6d:f9:4f:db:7b:ee:29:3b:ad:21:19:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Apr  4 05:31:09 2024 GMT
            Not After : Apr  3 05:36:09 2025 GMT
        Subject: CN=B799E64CA52D4DA6D0872318C07A9BE521F7AF98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ef:9f:c2:a6:a2:21:56:d4:a6:0f:05:5e:7a:
                    e0:78:fa:91:b2:8f:eb:b5:ce:4c:8b:fc:c8:2c:33:
                    c3:ed:e9:54:92:ff:96:ee:61:9f:ed:e8:6c:c0:1d:
                    01:ab:b5:24:a2:5b:a1:25:a2:71:23:42:6e:b0:f2:
                    ce:09:a2:25:2f:dc:0b:d3:07:82:d1:e3:08:20:bd:
                    b4:41:29:2c:3b:91:97:46:24:e7:64:aa:e0:2d:24:
                    76:24:df:46:d2:c5:bd:1c:c9:4c:b0:94:10:96:9e:
                    41:fe:a3:6d:a8:0e:6d:6c:8e:ac:7b:22:68:7e:f8:
                    09:a1:07:c9:ff:3a:85:af:99:e4:17:78:b0:e1:92:
                    b5:c9:fc:61:d5:bf:8e:42:ae:e8:7b:c1:39:9e:b3:
                    df:2d:5a:b3:63:82:d5:2c:dc:68:ea:f1:02:3d:75:
                    32:89:60:1e:4e:eb:48:b1:24:f7:7f:f4:9a:fa:ff:
                    ad:fe:3c:de:66:9b:e0:a3:67:fb:ff:d4:a4:55:c1:
                    55:c7:6d:b7:05:86:f0:89:61:49:af:64:f9:01:d4:
                    79:a1:39:8b:8f:28:d7:0b:7d:ff:23:f4:d4:2c:fb:
                    eb:08:94:07:a6:74:66:cb:45:73:32:8f:87:1a:cc:
                    1a:ec:7c:e8:e9:88:ea:c2:63:ce:b3:2b:ac:92:3c:
                    65:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:99:E6:4C:A5:2D:4D:A6:D0:87:23:18:C0:7A:9B:E5:21:F7:AF:98
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3132382e3232322e302f32342d3234203d3e203535393333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:10:ee:27:98:5c:53:a7:2f:61:69:3b:75:dc:c5:7a:fb:01:
         e7:f2:b5:00:a3:ad:c1:7f:db:b0:a6:7a:ad:5a:51:ab:c7:f6:
         8d:62:e0:d7:c8:91:96:9f:8d:36:4b:0e:7a:5f:07:08:03:ca:
         6a:ad:b5:71:30:ad:66:74:4d:4e:62:22:cc:0e:8d:85:cc:3f:
         e5:a7:45:f8:57:17:c6:c4:3e:72:2c:c3:e9:da:37:d9:19:92:
         da:e0:5b:43:3f:5d:09:c7:7e:4a:4e:0f:ff:ac:f0:5b:67:58:
         44:70:f5:2c:ce:2a:0c:85:e7:28:46:0b:d1:15:53:0a:ff:46:
         d2:aa:05:0f:07:e6:11:dc:4a:57:47:ba:fb:17:20:93:73:0b:
         89:60:3d:3a:3b:86:d8:0b:9b:79:02:95:c0:c1:d9:de:5f:6a:
         b2:2d:e6:48:b4:0d:37:4b:5e:a0:a9:d4:bf:22:6a:17:5c:61:
         f9:41:d3:63:de:ab:41:16:08:ab:a9:59:9a:53:81:55:45:4b:
         9c:26:a2:ec:85:ab:37:b7:83:cc:cc:88:07:2e:a8:d1:75:60:
         55:a6:10:e4:4c:13:10:15:f2:e8:26:9d:70:f3:cb:38:70:13:
         9e:5e:07:f8:66:04:7c:26:ae:d4:43:42:90:33:b0:d5:4b:cc:
         94:b7:23:f7
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUEtuACZotoMVt+U/be+4pO60hGU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA0MDQwNTMxMDlaFw0yNTA0MDMwNTM2MDlaMDMxMTAvBgNV
BAMTKEI3OTlFNjRDQTUyRDREQTZEMDg3MjMxOEMwN0E5QkU1MjFGN0FGOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx75/CpqIhVtSmDwVeeuB4+pGy
j+u1zkyL/MgsM8Pt6VSS/5buYZ/t6GzAHQGrtSSiW6ElonEjQm6w8s4JoiUv3AvT
B4LR4wggvbRBKSw7kZdGJOdkquAtJHYk30bSxb0cyUywlBCWnkH+o22oDm1sjqx7
Imh++AmhB8n/OoWvmeQXeLDhkrXJ/GHVv45Cruh7wTmes98tWrNjgtUs3Gjq8QI9
dTKJYB5O60ixJPd/9Jr6/63+PN5mm+CjZ/v/1KRVwVXHbbcFhvCJYUmvZPkB1Hmh
OYuPKNcLff8j9NQs++sIlAemdGbLRXMyj4cazBrsfOjpiOrCY86zK6ySPGUlAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUt5nmTKUtTabQhyMYwHqb5SH3r5gwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzMjM4MmUzMjMyMzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTM1Mzkz
MzMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQALYDeMA0GCSqGSIb3DQEBCwUAA4IBAQCSEO4nmFxTpy9h
aTt13MV6+wHn8rUAo63Bf9uwpnqtWlGrx/aNYuDXyJGWn402Sw56XwcIA8pqrbVx
MK1mdE1OYiLMDo2FzD/lp0X4VxfGxD5yLMPp2jfZGZLa4FtDP10Jx35KTg//rPBb
Z1hEcPUszioMhecoRgvRFVMK/0bSqgUPB+YR3EpXR7r7FyCTcwuJYD06O4bYC5t5
ApXAwdneX2qyLeZItA03S16gqdS/ImoXXGH5QdNj3qtBFgirqVmaU4FVRUucJqLs
has3t4PMzIgHLqjRdWBVphDkTBMQFfLoJp1w88s4cBOeXgf4ZgR8Jq7UQ0KQM7DV
S8yUtyP3
-----END CERTIFICATE-----