Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3134322e3136342e302f32342d3234203d3e20323130343239.roa
File:                     34352e3134322e3136342e302f32342d3234203d3e20323130343239.roa (raw, json)
Hash identifier:          t0bPYuAX501QS6WBLpBxlYqLO8eGHQl27NIkjKSMnc8=
Subject key identifier:   6D:4F:AD:C5:92:B3:8B:A4:D4:5A:B5:E8:9E:FE:23:B3:41:9C:98:FB
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       706C7E0E99E0E0FDBA5861B0D6F0E61ADB7A0AFB
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3134322e3136342e302f32342d3234203d3e20323130343239.roa
Signing time:             Tue 30 Apr 2024 10:46:57 +0000
ROA not before:           Tue 30 Apr 2024 10:41:57 +0000
ROA not after:            Tue 29 Apr 2025 10:46:57 +0000
asID:                     210429
IP address blocks:        45.142.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:6c:7e:0e:99:e0:e0:fd:ba:58:61:b0:d6:f0:e6:1a:db:7a:0a:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Apr 30 10:41:57 2024 GMT
            Not After : Apr 29 10:46:57 2025 GMT
        Subject: CN=6D4FADC592B38BA4D45AB5E89EFE23B3419C98FB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:99:15:99:fd:cb:32:3a:bd:2e:f1:7e:40:ac:
                    30:57:a2:8a:d6:65:1b:de:9f:33:48:dc:50:4b:29:
                    71:9f:5d:d4:64:a1:28:b7:62:42:1f:a5:a4:ad:60:
                    a8:37:45:a6:6f:5c:4c:37:de:54:51:96:e8:f7:5f:
                    f9:97:fb:0d:4e:23:6d:86:41:d5:42:85:05:2c:4f:
                    7c:bd:d1:f1:64:05:11:a0:f2:58:d3:89:84:4b:1d:
                    58:18:52:2e:77:48:46:90:83:ad:20:8e:6b:fd:4d:
                    51:c5:72:c5:4e:c8:50:8f:46:48:06:5a:74:d9:88:
                    ee:00:39:68:b6:39:37:fa:88:a7:6e:3d:26:16:2e:
                    f2:d8:8c:50:5e:37:b0:5e:61:88:7b:a6:7a:97:95:
                    75:5f:71:86:9a:86:dd:bd:a3:72:da:a1:a3:fa:72:
                    f1:a8:40:08:bf:75:7d:e4:de:03:a0:e6:03:58:e1:
                    77:78:f2:4d:ba:d8:1a:80:2d:5d:1c:6d:fa:f8:a8:
                    bf:0e:da:e4:e1:da:01:d5:ca:a1:b0:28:02:26:1d:
                    b3:93:bc:bf:4e:17:63:6d:8c:77:b3:b1:d9:cc:dc:
                    98:8e:29:c7:cf:87:19:4a:0e:48:c3:06:72:39:a0:
                    99:7f:de:bc:5a:74:99:2c:a8:46:92:92:75:65:8c:
                    30:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:4F:AD:C5:92:B3:8B:A4:D4:5A:B5:E8:9E:FE:23:B3:41:9C:98:FB
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3134322e3136342e302f32342d3234203d3e20323130343239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:6f:e6:2d:b0:92:ed:8a:92:97:3c:03:c2:1f:e3:f6:9c:74:
         af:5b:bc:58:12:25:04:bb:a6:8c:3e:bf:b1:15:c3:0e:ec:71:
         80:53:30:a4:21:da:ec:55:91:7f:fb:bc:cb:b9:59:b6:71:87:
         b2:5e:81:32:11:9d:0e:1b:4d:5a:93:c0:5d:8c:72:0b:72:d8:
         fc:d3:28:24:0e:62:9b:93:d6:c2:a9:d9:e8:bb:28:4a:09:1f:
         f7:c6:e2:e8:ad:f6:de:b2:07:c8:a7:60:1d:bb:9b:bb:c8:d9:
         7a:2d:42:63:84:3f:14:fb:18:02:a3:6d:b2:33:a4:1a:19:d0:
         72:ec:9e:93:b0:77:4b:c3:9b:68:08:52:5e:ae:53:8c:fc:f1:
         08:69:03:94:bb:23:52:99:95:6d:fe:4c:59:e4:77:07:f1:0c:
         20:78:ed:3d:b6:35:33:b0:e1:e6:5c:b7:83:ba:78:12:15:f2:
         46:66:c2:ab:b3:e0:f5:51:0b:b2:6e:ea:6b:5f:8a:bd:e8:e2:
         d9:2c:0e:c5:80:49:46:0b:c3:c0:6a:fe:d3:36:30:83:48:2d:
         ef:2c:3f:36:9e:78:be:5d:b1:c7:fa:6a:0a:c8:87:b1:b2:e7:
         3f:11:cf:97:cc:df:c2:b3:c9:92:8e:57:63:5a:22:8f:4a:86:
         63:c6:bd:49
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIUcGx+Dpng4P26WGGw1vDmGtt6CvswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA0MzAxMDQxNTdaFw0yNTA0MjkxMDQ2NTdaMDMxMTAvBgNV
BAMTKDZENEZBREM1OTJCMzhCQTRENDVBQjVFODlFRkUyM0IzNDE5Qzk4RkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqmRWZ/csyOr0u8X5ArDBXoorW
ZRvenzNI3FBLKXGfXdRkoSi3YkIfpaStYKg3RaZvXEw33lRRluj3X/mX+w1OI22G
QdVChQUsT3y90fFkBRGg8ljTiYRLHVgYUi53SEaQg60gjmv9TVHFcsVOyFCPRkgG
WnTZiO4AOWi2OTf6iKduPSYWLvLYjFBeN7BeYYh7pnqXlXVfcYaaht29o3LaoaP6
cvGoQAi/dX3k3gOg5gNY4Xd48k262BqALV0cbfr4qL8O2uTh2gHVyqGwKAImHbOT
vL9OF2NtjHezsdnM3JiOKcfPhxlKDkjDBnI5oJl/3rxadJksqEaSknVljDAbAgMB
AAGjggG+MIIBujAdBgNVHQ4EFgQUbU+txZKzi6TUWrXonv4js0GcmPswHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMHAGCCsGAQUF
BwELBGQwYjBgBggrBgEFBQcwC4ZUcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzNDMyMmUzMTM2MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzAz
NDMyMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAAtjqQwDQYJKoZIhvcNAQELBQADggEBALVv5i2wku2K
kpc8A8If4/acdK9bvFgSJQS7pow+v7EVww7scYBTMKQh2uxVkX/7vMu5WbZxh7Je
gTIRnQ4bTVqTwF2Mcgty2PzTKCQOYpuT1sKp2ei7KEoJH/fG4uit9t6yB8inYB27
m7vI2XotQmOEPxT7GAKjbbIzpBoZ0HLsnpOwd0vDm2gIUl6uU4z88QhpA5S7I1KZ
lW3+TFnkdwfxDCB47T22NTOw4eZct4O6eBIV8kZmwquz4PVRC7Ju6mtfir3o4tks
DsWASUYLw8Bq/tM2MINILe8sPzaeeL5dscf6agrIh7Gy5z8Rz5fM38KzyZKOV2Na
Io9KhmPGvUk=
-----END CERTIFICATE-----