Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/22/326131323a346538303a3a2f32392d3438203d3e20323130343334.roa
File:                     326131323a346538303a3a2f32392d3438203d3e20323130343334.roa (raw, json)
Hash identifier:          G/S1hbk8plA+NQ55+AksZDxyuRatlWHzyC4Camze5+Y=
Subject key identifier:   A8:36:01:FA:8D:F9:29:0D:A0:64:54:F5:F8:57:22:07:36:E4:2B:93
Certificate issuer:       /CN=322056fd080c9cdacb18a9c427eb01033b2d0854
Certificate serial:       20AF63DAC2970321AEFF3D0A0DD231CB75EC464A
Authority key identifier: 32:20:56:FD:08:0C:9C:DA:CB:18:A9:C4:27:EB:01:03:3B:2D:08:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MiBW_QgMnNrLGKnEJ-sBAzstCFQ.cer
Subject info access:      rsync://0.sb/repo/sb/22/326131323a346538303a3a2f32392d3438203d3e20323130343334.roa
Signing time:             Fri 23 Aug 2024 10:47:04 +0000
ROA not before:           Fri 23 Aug 2024 10:42:04 +0000
ROA not after:            Fri 22 Aug 2025 10:47:04 +0000
asID:                     210434
IP address blocks:        2a12:4e80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/22/322056FD080C9CDACB18A9C427EB01033B2D0854.crl
                          rsync://0.sb/repo/sb/22/322056FD080C9CDACB18A9C427EB01033B2D0854.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MiBW_QgMnNrLGKnEJ-sBAzstCFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:af:63:da:c2:97:03:21:ae:ff:3d:0a:0d:d2:31:cb:75:ec:46:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=322056fd080c9cdacb18a9c427eb01033b2d0854
        Validity
            Not Before: Aug 23 10:42:04 2024 GMT
            Not After : Aug 22 10:47:04 2025 GMT
        Subject: CN=A83601FA8DF9290DA06454F5F857220736E42B93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:87:3e:c1:50:d7:01:fa:c0:92:72:37:0a:55:
                    de:7d:b0:18:d9:8f:18:8e:66:9e:65:84:4b:0c:ed:
                    c1:e4:9d:bf:d5:68:fe:36:09:0c:95:79:38:ca:88:
                    81:22:e1:6e:44:06:55:31:f3:2a:b0:c7:6b:a2:97:
                    10:a7:01:b0:14:0e:f9:1a:92:60:19:ee:20:1e:8f:
                    16:cc:a7:8c:ae:4d:ca:08:5a:5d:37:78:71:3c:04:
                    41:1e:e6:22:8f:11:c3:81:9b:ff:9f:28:46:f6:ec:
                    5d:a4:42:98:5d:58:8f:e9:70:31:19:78:aa:17:9d:
                    8c:cb:29:0c:2a:e0:12:75:ee:f9:54:a8:32:bd:94:
                    62:a5:1f:47:64:b0:40:f9:b0:68:48:52:3f:2e:fe:
                    d2:d3:c5:7a:94:16:3d:b8:f6:fc:28:04:26:29:b8:
                    e7:83:69:71:98:1a:79:77:c2:d9:fe:c3:41:dc:7d:
                    5b:47:66:38:99:ee:43:cd:23:cd:4a:40:5e:16:3d:
                    da:18:cc:74:75:ba:0b:91:67:9a:6b:42:c6:fe:cd:
                    3e:6c:3c:e1:ca:4f:e5:df:d7:01:68:63:86:70:1e:
                    16:4d:2c:8f:8c:98:35:7d:99:ce:f1:c7:66:79:09:
                    0d:c2:dc:d2:7f:eb:83:14:4c:ac:84:bc:9b:43:ba:
                    f4:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:36:01:FA:8D:F9:29:0D:A0:64:54:F5:F8:57:22:07:36:E4:2B:93
            X509v3 Authority Key Identifier:
                keyid:32:20:56:FD:08:0C:9C:DA:CB:18:A9:C4:27:EB:01:03:3B:2D:08:54

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/22/322056FD080C9CDACB18A9C427EB01033B2D0854.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MiBW_QgMnNrLGKnEJ-sBAzstCFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/22/326131323a346538303a3a2f32392d3438203d3e20323130343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:5c:ae:14:86:34:68:19:c4:f9:29:c1:27:ab:d6:72:74:bb:
         50:eb:bd:6d:f9:61:ac:e6:4d:64:92:40:1f:91:e2:bc:c6:07:
         86:37:34:4c:64:84:08:81:02:9a:41:5f:c8:df:7e:1e:19:6f:
         b8:77:06:b6:df:c8:39:94:a9:cb:d6:18:fc:cb:f9:f9:54:a1:
         40:31:fc:ff:4c:f2:26:b5:9d:0c:73:50:d4:7f:09:35:b2:65:
         ef:b0:98:b9:a9:7b:d0:f7:da:6a:7c:17:38:18:ff:c8:67:8b:
         b2:0d:f6:a2:6d:01:e7:8d:1c:8d:25:15:3e:13:85:d4:d1:39:
         fd:21:36:65:5e:eb:87:02:f9:fd:0d:48:8f:5f:61:4a:71:75:
         14:1f:7c:86:c8:f0:16:4b:05:71:57:b2:4b:2a:6b:7a:ae:ff:
         86:49:e2:56:18:e1:17:e8:75:1f:bc:eb:71:cf:d6:9e:ff:23:
         29:15:80:4e:35:19:b2:89:0f:00:9e:e6:83:18:6a:d2:a5:4d:
         34:96:64:7a:34:80:2a:f1:f1:42:34:42:de:76:93:ba:0a:87:
         64:78:3b:35:a5:6e:74:07:b7:57:5e:9a:2f:87:6b:60:3c:21:
         f7:87:ce:d6:e8:0f:a9:55:7b:64:4a:2c:e7:82:71:c4:f3:c1:
         5f:6b:50:9d
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIUIK9j2sKXAyGu/z0KDdIxy3XsRkowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzIyMDU2ZmQwODBjOWNkYWNiMThhOWM0MjdlYjAxMDMz
YjJkMDg1NDAeFw0yNDA4MjMxMDQyMDRaFw0yNTA4MjIxMDQ3MDRaMDMxMTAvBgNV
BAMTKEE4MzYwMUZBOERGOTI5MERBMDY0NTRGNUY4NTcyMjA3MzZFNDJCOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjhz7BUNcB+sCScjcKVd59sBjZ
jxiOZp5lhEsM7cHknb/VaP42CQyVeTjKiIEi4W5EBlUx8yqwx2uilxCnAbAUDvka
kmAZ7iAejxbMp4yuTcoIWl03eHE8BEEe5iKPEcOBm/+fKEb27F2kQphdWI/pcDEZ
eKoXnYzLKQwq4BJ17vlUqDK9lGKlH0dksED5sGhIUj8u/tLTxXqUFj249vwoBCYp
uOeDaXGYGnl3wtn+w0HcfVtHZjiZ7kPNI81KQF4WPdoYzHR1uguRZ5prQsb+zT5s
POHKT+Xf1wFoY4ZwHhZNLI+MmDV9mc7xx2Z5CQ3C3NJ/64MUTKyEvJtDuvTxAgMB
AAGjggG9MIIBuTAdBgNVHQ4EFgQUqDYB+o35KQ2gZFT1+FciBzbkK5MwHwYDVR0j
BBgwFoAUMiBW/QgMnNrLGKnEJ+sBAzstCFQwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIyLzMyMjA1NkZEMDgw
QzlDREFDQjE4QTlDNDI3RUIwMTAzM0IyRDA4NTQuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9NaUJXX1FnTW5OckxHS25FSi1zQkF6c3RDRlEuY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjIvMzI2
MTMxMzIzYTM0NjUzODMwM2EzYTJmMzIzOTJkMzQzODIwM2QzZTIwMzIzMTMwMzQz
MzM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/
BBEwDzANBAIAAjAHAwUDKhJOgDANBgkqhkiG9w0BAQsFAAOCAQEAe1yuFIY0aBnE
+SnBJ6vWcnS7UOu9bflhrOZNZJJAH5HivMYHhjc0TGSECIECmkFfyN9+HhlvuHcG
tt/IOZSpy9YY/Mv5+VShQDH8/0zyJrWdDHNQ1H8JNbJl77CYual70PfaanwXOBj/
yGeLsg32om0B540cjSUVPhOF1NE5/SE2ZV7rhwL5/Q1Ij19hSnF1FB98hsjwFksF
cVeySypreq7/hkniVhjhF+h1H7zrcc/Wnv8jKRWATjUZsokPAJ7mgxhq0qVNNJZk
ejSAKvHxQjRC3naTugqHZHg7NaVudAe3V16aL4drYDwh94fO1ugPqVV7ZEos54Jx
xPPBX2tQnQ==
-----END CERTIFICATE-----