Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3134382e36302e302f32322d3234203d3e20323130343239.roa
File:                     34352e3134382e36302e302f32322d3234203d3e20323130343239.roa (raw, json)
Hash identifier:          9Ym0ZUVUMjg/UPFYo1sCN7jySw1S6c/zE9Wr7GRSbYY=
Subject key identifier:   F0:BA:45:37:A7:23:AA:70:D4:61:53:29:EA:CA:0E:D8:2D:B6:73:C2
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       3A2D597C0AD940623504B4A69B7C68570FD1DA28
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3134382e36302e302f32322d3234203d3e20323130343239.roa
Signing time:             Mon 29 Apr 2024 10:46:55 +0000
ROA not before:           Mon 29 Apr 2024 10:41:55 +0000
ROA not after:            Mon 28 Apr 2025 10:46:55 +0000
asID:                     210429
IP address blocks:        45.148.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:2d:59:7c:0a:d9:40:62:35:04:b4:a6:9b:7c:68:57:0f:d1:da:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Apr 29 10:41:55 2024 GMT
            Not After : Apr 28 10:46:55 2025 GMT
        Subject: CN=F0BA4537A723AA70D4615329EACA0ED82DB673C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:46:ea:0f:85:89:9e:1e:fc:cf:7c:71:1e:e5:
                    5f:4b:27:17:a3:41:0a:c1:97:25:47:c5:56:20:67:
                    f5:9a:19:78:83:28:97:3d:60:dc:bb:b8:30:e7:41:
                    9b:f1:bc:77:e6:c3:4a:0c:fa:85:60:a9:b9:e7:f4:
                    9b:97:9d:62:9f:35:b0:b6:87:d6:1d:34:11:b0:e6:
                    c4:4e:c8:2f:6f:c7:fc:6d:f0:09:1c:0e:c9:bc:15:
                    ff:67:e9:3e:74:e5:a9:4a:05:b9:07:19:86:41:b6:
                    c1:e1:fa:77:0b:04:36:d3:15:5a:27:19:22:5e:ea:
                    c4:f2:cc:51:a1:d6:5b:45:38:ba:56:c6:6b:8f:4d:
                    ca:a4:94:5f:6f:82:22:ed:a5:d4:af:1e:80:44:08:
                    bb:ba:c6:da:04:05:a6:dd:28:a0:ed:e3:5f:36:3a:
                    90:d3:80:96:f8:9a:7e:99:56:73:af:99:27:86:6a:
                    82:84:d7:f1:6f:c7:f4:11:49:1c:ac:e3:a5:4f:42:
                    fe:cb:c1:ec:64:f5:e4:0e:d3:66:11:d5:97:5a:70:
                    51:b1:4d:de:0b:1b:ad:29:38:b0:8c:d2:8d:1e:4c:
                    52:ec:ca:09:81:fa:3a:42:a3:43:4f:b4:d2:68:39:
                    55:cb:54:97:62:15:2f:88:15:0d:19:78:51:5d:d0:
                    76:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:BA:45:37:A7:23:AA:70:D4:61:53:29:EA:CA:0E:D8:2D:B6:73:C2
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3134382e36302e302f32322d3234203d3e20323130343239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:e0:5a:46:37:45:87:27:eb:0b:f7:a2:c3:f3:d1:86:8d:71:
         cb:96:79:1e:26:99:c2:02:bd:22:4c:ea:f4:6f:aa:de:75:0d:
         32:70:18:a8:6e:1e:f6:ad:45:c3:13:90:bb:c3:88:68:7e:24:
         2a:57:75:b0:23:41:d7:e8:50:7f:c2:3c:a1:a2:63:a2:a7:43:
         db:b4:93:4b:a7:3c:d3:50:dc:ed:46:95:e0:dc:6a:48:cc:bc:
         bb:c4:9f:8d:aa:06:57:07:19:99:90:69:c6:a8:d5:0f:8f:32:
         66:ed:a1:4b:59:75:9c:00:d5:c0:2a:4e:e1:46:dc:27:28:e2:
         7d:ea:36:8d:04:23:12:54:67:78:9d:a1:24:a4:5b:59:a6:94:
         a7:e5:09:e6:30:3c:72:89:53:78:a5:0a:55:d4:9a:20:21:5a:
         67:fa:9f:8b:f8:81:a2:fb:29:58:1c:e6:36:b5:cf:fd:b2:62:
         cd:60:66:31:eb:94:00:79:82:44:3d:b5:b1:7a:61:8d:22:00:
         6a:f9:1c:8e:3b:f4:32:67:bb:7e:6e:f3:be:3f:a1:5e:b8:42:
         a3:02:26:1d:c0:05:77:0c:34:12:ef:91:3d:77:41:51:7f:c2:
         f4:cc:0d:20:82:d6:8b:08:49:c1:a3:26:d2:28:07:6e:08:45:
         4c:e1:ff:2e
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUOi1ZfArZQGI1BLSmm3xoVw/R2igwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA0MjkxMDQxNTVaFw0yNTA0MjgxMDQ2NTVaMDMxMTAvBgNV
BAMTKEYwQkE0NTM3QTcyM0FBNzBENDYxNTMyOUVBQ0EwRUQ4MkRCNjczQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBRuoPhYmeHvzPfHEe5V9LJxej
QQrBlyVHxVYgZ/WaGXiDKJc9YNy7uDDnQZvxvHfmw0oM+oVgqbnn9JuXnWKfNbC2
h9YdNBGw5sROyC9vx/xt8AkcDsm8Ff9n6T505alKBbkHGYZBtsHh+ncLBDbTFVon
GSJe6sTyzFGh1ltFOLpWxmuPTcqklF9vgiLtpdSvHoBECLu6xtoEBabdKKDt4182
OpDTgJb4mn6ZVnOvmSeGaoKE1/Fvx/QRSRys46VPQv7Lwexk9eQO02YR1ZdacFGx
Td4LG60pOLCM0o0eTFLsygmB+jpCo0NPtNJoOVXLVJdiFS+IFQ0ZeFFd0HbvAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQU8LpFN6cjqnDUYVMp6soO2C22c8IwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzNDM4MmUzNjMwMmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzMTMwMzQz
MjM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQCLZQ8MA0GCSqGSIb3DQEBCwUAA4IBAQCd4FpGN0WHJ+sL
96LD89GGjXHLlnkeJpnCAr0iTOr0b6redQ0ycBiobh72rUXDE5C7w4hofiQqV3Ww
I0HX6FB/wjyhomOip0PbtJNLpzzTUNztRpXg3GpIzLy7xJ+NqgZXBxmZkGnGqNUP
jzJm7aFLWXWcANXAKk7hRtwnKOJ96jaNBCMSVGd4naEkpFtZppSn5QnmMDxyiVN4
pQpV1JogIVpn+p+L+IGi+ylYHOY2tc/9smLNYGYx65QAeYJEPbWxemGNIgBq+RyO
O/QyZ7t+bvO+P6FeuEKjAiYdwAV3DDQS75E9d0FRf8L0zA0ggtaLCEnBoybSKAdu
CEVM4f8u
-----END CERTIFICATE-----