Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3134322e3136352e302f32342d3234203d3e2034373835.roa
File:                     34352e3134322e3136352e302f32342d3234203d3e2034373835.roa (raw, json)
Hash identifier:          lB564xtD+/5rzeGrmVywiX1WkioWyFtG3owgt8cI2do=
Subject key identifier:   AE:3A:05:F9:4B:56:E6:B3:C8:B5:CA:F4:78:A5:90:1B:95:02:80:3D
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       0DBDA2DBFA9D3EA5173C3CF51A335F6791E557B3
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3134322e3136352e302f32342d3234203d3e2034373835.roa
Signing time:             Fri 23 Aug 2024 10:47:07 +0000
ROA not before:           Fri 23 Aug 2024 10:42:07 +0000
ROA not after:            Fri 22 Aug 2025 10:47:07 +0000
asID:                     4785
IP address blocks:        45.142.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:bd:a2:db:fa:9d:3e:a5:17:3c:3c:f5:1a:33:5f:67:91:e5:57:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Aug 23 10:42:07 2024 GMT
            Not After : Aug 22 10:47:07 2025 GMT
        Subject: CN=AE3A05F94B56E6B3C8B5CAF478A5901B9502803D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a1:2b:50:67:76:c2:e0:df:fa:8c:b6:dc:c2:
                    4d:cd:59:d7:03:20:7c:77:88:48:d3:41:c1:39:46:
                    bd:54:79:62:e2:48:44:ac:a2:dc:04:39:ff:4f:30:
                    95:a0:b5:99:88:34:5b:4c:23:79:48:b2:b0:dd:e7:
                    7e:8d:09:bb:85:63:c5:ea:6e:22:88:d9:c6:12:6c:
                    15:d9:6c:0b:11:fb:2b:87:9c:d1:9e:68:32:5b:09:
                    d1:73:fc:bd:0a:46:9a:94:61:c8:2a:09:9a:87:4b:
                    7e:8d:fc:a2:d5:73:58:fd:19:f3:07:4e:da:89:c3:
                    a6:27:fe:2a:8c:4d:14:05:81:d5:61:6f:7b:15:91:
                    97:b0:71:de:c9:8d:cb:2b:45:25:bc:5c:9b:37:1b:
                    f8:e2:cd:d5:c6:ac:de:68:76:16:9a:11:44:07:f9:
                    e4:4c:cf:33:4e:c3:0c:01:95:11:c9:41:62:e7:61:
                    ca:1a:d4:c4:a2:08:68:30:f4:b4:46:94:20:98:94:
                    50:30:0f:a0:9b:e5:81:d8:7f:fc:be:02:30:cf:de:
                    6c:c2:8c:aa:bd:61:5f:38:49:22:75:7c:72:4e:f3:
                    54:34:7b:09:81:9a:0f:a0:26:e7:91:9e:92:97:22:
                    40:86:b2:83:0e:1c:bb:d0:28:b8:3c:58:a6:72:4c:
                    8f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:3A:05:F9:4B:56:E6:B3:C8:B5:CA:F4:78:A5:90:1B:95:02:80:3D
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3134322e3136352e302f32342d3234203d3e2034373835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:bc:d3:87:7d:50:90:53:84:67:39:6c:7c:c9:00:94:1d:62:
         f5:1d:d2:3a:68:17:54:ca:68:de:80:b9:2e:e7:18:69:dd:ef:
         bb:80:83:80:d5:0c:c8:bd:8c:3c:4f:c4:c9:71:c1:84:53:fe:
         2e:18:02:6e:38:90:93:b7:6d:9b:8e:86:25:0e:95:13:85:a4:
         d6:27:78:1a:ef:e5:fb:94:8f:f6:4a:fb:4a:8b:49:7b:3b:66:
         9a:35:ec:69:f7:ca:81:01:53:d4:ec:0c:c3:8c:2d:ec:79:45:
         21:cf:cd:9c:74:24:69:4a:a3:4d:06:c8:60:6b:2a:7c:bc:97:
         c2:d2:52:50:1f:e2:b8:39:ce:96:86:cb:c7:d2:5a:5b:58:bd:
         54:f5:86:3a:a5:7a:90:d5:79:df:e6:b0:5d:fc:ec:3d:2e:3e:
         e7:3e:6c:a5:5c:96:63:fb:90:c0:1c:ca:2d:24:7f:d6:71:90:
         1e:37:82:9f:17:a6:23:9c:87:ae:86:40:8e:32:65:0d:b6:26:
         ba:d6:ea:03:62:f0:4d:a0:cb:89:93:90:a7:81:0a:6c:2a:32:
         89:2b:0f:9f:12:8d:ab:a8:c7:63:cf:97:bc:0f:68:6c:d1:7a:
         18:14:fe:0e:4d:75:2e:f7:48:0c:77:49:ee:a9:bb:e4:40:bd:
         47:49:25:83
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUDb2i2/qdPqUXPDz1GjNfZ5HlV7MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA4MjMxMDQyMDdaFw0yNTA4MjIxMDQ3MDdaMDMxMTAvBgNV
BAMTKEFFM0EwNUY5NEI1NkU2QjNDOEI1Q0FGNDc4QTU5MDFCOTUwMjgwM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzoStQZ3bC4N/6jLbcwk3NWdcD
IHx3iEjTQcE5Rr1UeWLiSESsotwEOf9PMJWgtZmINFtMI3lIsrDd536NCbuFY8Xq
biKI2cYSbBXZbAsR+yuHnNGeaDJbCdFz/L0KRpqUYcgqCZqHS36N/KLVc1j9GfMH
TtqJw6Yn/iqMTRQFgdVhb3sVkZewcd7JjcsrRSW8XJs3G/jizdXGrN5odhaaEUQH
+eRMzzNOwwwBlRHJQWLnYcoa1MSiCGgw9LRGlCCYlFAwD6Cb5YHYf/y+AjDP3mzC
jKq9YV84SSJ1fHJO81Q0ewmBmg+gJueRnpKXIkCGsoMOHLvQKLg8WKZyTI+rAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUrjoF+UtW5rPItcr0eKWQG5UCgD0wHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzNDMyMmUzMTM2MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM3Mzgz
NS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAC2OpTANBgkqhkiG9w0BAQsFAAOCAQEAerzTh31QkFOEZzls
fMkAlB1i9R3SOmgXVMpo3oC5LucYad3vu4CDgNUMyL2MPE/EyXHBhFP+LhgCbjiQ
k7dtm46GJQ6VE4Wk1id4Gu/l+5SP9kr7SotJeztmmjXsaffKgQFT1OwMw4wt7HlF
Ic/NnHQkaUqjTQbIYGsqfLyXwtJSUB/iuDnOlobLx9JaW1i9VPWGOqV6kNV53+aw
XfzsPS4+5z5spVyWY/uQwBzKLSR/1nGQHjeCnxemI5yHroZAjjJlDbYmutbqA2Lw
TaDLiZOQp4EKbCoyiSsPnxKNq6jHY8+XvA9obNF6GBT+Dk11LvdIDHdJ7qm75EC9
R0klgw==
-----END CERTIFICATE-----