Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3133332e3131392e302f32342d3234203d3e203431373230.roa
File:                     34352e3133332e3131392e302f32342d3234203d3e203431373230.roa (raw, json)
Hash identifier:          +NYHi/mhHu8Mh5pZY6nNrrxSKpfHbmtZTc11aXzwTRA=
Subject key identifier:   09:E7:16:36:3B:7A:75:28:CB:DC:C8:B2:10:91:C6:FC:77:24:64:62
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       238E59F0B18A96C68B216EA100CEFDECE89C3677
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3133332e3131392e302f32342d3234203d3e203431373230.roa
Signing time:             Sun 01 Jun 2025 15:14:17 +0000
ROA not before:           Sun 01 Jun 2025 15:09:17 +0000
ROA not after:            Sun 31 May 2026 15:14:17 +0000
asID:                     41720
IP address blocks:        45.133.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:06:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:8e:59:f0:b1:8a:96:c6:8b:21:6e:a1:00:ce:fd:ec:e8:9c:36:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Jun  1 15:09:17 2025 GMT
            Not After : May 31 15:14:17 2026 GMT
        Subject: CN=09E716363B7A7528CBDCC8B21091C6FC77246462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1b:45:53:d5:1c:dd:4d:b7:14:e5:35:21:d3:
                    e4:f9:b8:bb:d7:7a:c5:38:61:8b:db:b6:ce:75:5f:
                    2a:d4:7b:dd:1c:5c:c6:b9:1d:e6:f8:58:7c:d2:44:
                    de:ba:86:70:2e:70:50:ee:9d:e7:c2:ad:1e:68:2f:
                    cb:25:81:e6:9f:4c:ab:6a:d0:b9:e6:47:dc:7c:ab:
                    5b:65:6d:2d:09:45:83:75:c7:09:69:b5:15:db:f8:
                    49:e1:bb:f0:54:5f:eb:1c:f4:50:6a:c9:da:f0:00:
                    61:d8:c0:02:5c:46:1c:cc:4c:82:fe:fd:a9:47:5b:
                    05:cb:8f:f9:81:02:b9:10:1f:0f:c5:c4:36:83:ec:
                    2f:3e:cb:91:10:c6:ef:44:53:d0:9e:bf:41:ae:c7:
                    9f:5f:41:a0:bd:4e:d3:39:e5:0b:7a:29:8b:ff:f4:
                    68:7b:43:60:31:99:bb:79:14:2b:0b:e0:49:a7:2a:
                    e7:38:5d:08:be:9a:43:c4:e6:e9:cc:72:eb:8a:aa:
                    89:ea:df:12:09:ae:89:48:2b:84:da:e7:d7:59:8d:
                    d5:e4:31:8d:8d:df:0d:69:0b:cd:2c:1b:e2:62:c8:
                    36:89:e4:05:7f:16:ec:04:76:8e:ba:08:a0:bb:3b:
                    bc:ba:c4:c3:72:5e:61:00:20:a8:48:b8:14:6b:f6:
                    74:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:E7:16:36:3B:7A:75:28:CB:DC:C8:B2:10:91:C6:FC:77:24:64:62
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3133332e3131392e302f32342d3234203d3e203431373230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:31:8e:fa:ec:12:44:02:1d:a2:ec:7c:82:77:ad:cc:16:33:
         1b:a0:19:f9:8a:92:0d:70:7e:8c:08:b2:75:f5:86:4b:3b:e0:
         04:66:60:14:8c:58:11:ae:49:9d:29:d3:bd:ad:e4:f0:ca:4b:
         8d:49:85:78:eb:e6:02:4f:f9:7c:70:52:a6:52:b9:87:9f:27:
         fb:bf:12:11:f4:53:ae:54:10:47:94:e3:70:a0:86:91:97:c2:
         8f:85:8d:4d:f2:3e:bf:ca:42:e0:59:bd:a9:c9:82:60:4b:bb:
         34:2f:b7:53:f5:25:31:b0:68:cf:75:47:7c:61:26:b4:e7:f3:
         3a:fd:bc:04:0c:62:f2:c2:82:78:1a:53:5b:9d:06:db:d4:84:
         8c:83:ca:25:51:16:a2:a2:77:2d:8f:8b:ed:dc:57:7e:e6:00:
         2b:36:1d:79:4b:30:2c:f5:3f:e2:c9:3e:85:c0:00:89:54:6e:
         60:d3:91:e0:a7:f4:d1:91:b2:18:3a:01:08:7d:97:a2:4b:78:
         ee:e8:c0:5c:a6:85:71:ec:e7:1d:68:0c:bb:fc:c4:1b:d9:7e:
         30:bd:5a:b3:83:3e:79:1e:50:d6:5f:1a:f8:76:3f:1d:87:68:
         42:67:19:fa:a3:f3:e5:ee:50:e9:18:21:a6:f7:cc:a8:5a:86:
         56:4b:33:fa
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUI45Z8LGKlsaLIW6hAM797OicNncwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA2MDExNTA5MTdaFw0yNjA1MzExNTE0MTdaMDMxMTAvBgNV
BAMTKDA5RTcxNjM2M0I3QTc1MjhDQkRDQzhCMjEwOTFDNkZDNzcyNDY0NjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFG0VT1RzdTbcU5TUh0+T5uLvX
esU4YYvbts51XyrUe90cXMa5Heb4WHzSRN66hnAucFDunefCrR5oL8slgeafTKtq
0LnmR9x8q1tlbS0JRYN1xwlptRXb+Enhu/BUX+sc9FBqydrwAGHYwAJcRhzMTIL+
/alHWwXLj/mBArkQHw/FxDaD7C8+y5EQxu9EU9Cev0Gux59fQaC9TtM55Qt6KYv/
9Gh7Q2Axmbt5FCsL4EmnKuc4XQi+mkPE5unMcuuKqonq3xIJrolIK4Ta59dZjdXk
MY2N3w1pC80sG+JiyDaJ5AV/FuwEdo66CKC7O7y6xMNyXmEAIKhIuBRr9nTXAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUCecWNjt6dSjL3MiyEJHG/HckZGIwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzMzMzMmUzMTMxMzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMxMzcz
MjMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQALYV3MA0GCSqGSIb3DQEBCwUAA4IBAQBKMY767BJEAh2i
7HyCd63MFjMboBn5ipINcH6MCLJ19YZLO+AEZmAUjFgRrkmdKdO9reTwykuNSYV4
6+YCT/l8cFKmUrmHnyf7vxIR9FOuVBBHlONwoIaRl8KPhY1N8j6/ykLgWb2pyYJg
S7s0L7dT9SUxsGjPdUd8YSa05/M6/bwEDGLywoJ4GlNbnQbb1ISMg8olURaionct
j4vt3Fd+5gArNh15SzAs9T/iyT6FwACJVG5g05Hgp/TRkbIYOgEIfZeiS3ju6MBc
poVx7OcdaAy7/MQb2X4wvVqzgz55HlDWXxr4dj8dh2hCZxn6o/Pl7lDpGCGm98yo
WoZWSzP6
-----END CERTIFICATE-----