Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/33/326131323a653934303a3a2f32392d3438203d3e20323130343334.roa
File:                     326131323a653934303a3a2f32392d3438203d3e20323130343334.roa (raw, json)
Hash identifier:          cjs+p6bMwFGJvDmu5uV2cSSeXnm7lhgpkbrhwUcL60Y=
Subject key identifier:   00:C3:27:CF:BD:47:34:D3:75:63:46:CA:3B:13:62:58:0D:30:45:76
Certificate issuer:       /CN=861a9d357d53d5459484a1f5921704e762641a62
Certificate serial:       4DD503623394054980BDA3DD539584C2B1996228
Authority key identifier: 86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer
Subject info access:      rsync://0.sb/repo/sb/33/326131323a653934303a3a2f32392d3438203d3e20323130343334.roa
Signing time:             Fri 22 Sep 2023 10:19:41 +0000
ROA not before:           Fri 22 Sep 2023 10:14:41 +0000
ROA not after:            Fri 20 Sep 2024 10:19:41 +0000
asID:                     210434
IP address blocks:        2a12:e940::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.crl
                          rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:d5:03:62:33:94:05:49:80:bd:a3:dd:53:95:84:c2:b1:99:62:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=861a9d357d53d5459484a1f5921704e762641a62
        Validity
            Not Before: Sep 22 10:14:41 2023 GMT
            Not After : Sep 20 10:19:41 2024 GMT
        Subject: CN=00C327CFBD4734D3756346CA3B1362580D304576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:72:fa:2a:33:47:09:1f:1d:f9:c0:80:80:d5:
                    2d:5e:c2:1e:09:91:d2:7b:79:4c:98:e4:68:ee:ba:
                    05:8e:c4:7c:0f:96:39:0c:c1:42:bd:a7:15:f4:f0:
                    38:72:d1:ea:11:08:14:19:24:9d:e8:97:31:e6:dd:
                    f0:d8:0d:6f:d2:6b:71:d8:16:c0:cf:00:1f:37:0e:
                    6e:78:5d:78:3f:83:91:c5:1f:54:c5:5d:2f:d5:fa:
                    e6:da:3d:4d:11:75:e8:8a:e4:5c:1a:a0:97:3b:e1:
                    e0:01:7f:16:6f:ba:a7:fa:0c:68:45:a5:79:2d:0a:
                    94:c4:d7:b9:6f:e7:da:e8:9b:6e:6a:e9:be:cf:3c:
                    24:06:10:ef:e0:e6:32:9b:5c:e7:36:45:17:71:3c:
                    cf:50:18:57:14:84:c4:d6:79:b9:e3:01:76:71:bb:
                    90:a7:4c:e7:c7:c7:f6:e0:18:7a:0f:58:03:14:d7:
                    1e:2e:63:dd:26:b0:8f:c3:cf:30:b8:3b:16:e1:45:
                    14:bd:c7:9d:4a:3e:65:0c:92:a2:d1:5f:11:df:a4:
                    d1:e5:e8:92:dd:60:19:e6:6b:97:ae:85:68:93:9d:
                    fc:19:d4:d7:bd:fc:82:da:fb:f7:7c:95:32:7b:9c:
                    30:be:0e:be:cf:be:4b:5a:b0:8d:4e:d1:fb:18:3a:
                    9c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:C3:27:CF:BD:47:34:D3:75:63:46:CA:3B:13:62:58:0D:30:45:76
            X509v3 Authority Key Identifier:
                keyid:86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/33/326131323a653934303a3a2f32392d3438203d3e20323130343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:e940::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:11:ba:dd:35:66:da:d4:f8:56:2b:84:f4:bf:74:28:dc:85:
         b2:f2:e1:e7:18:89:ba:0a:d7:71:fc:0d:ec:e3:e3:4e:94:db:
         cc:ba:1a:f5:1a:df:23:4c:e9:7a:02:1d:cd:f1:30:82:60:7f:
         fa:28:24:9f:2f:f8:9e:bd:64:ae:e0:2d:7e:16:04:3a:4d:1f:
         73:93:c5:10:d5:cb:19:f3:9c:77:29:5f:84:0b:01:c4:e0:97:
         0f:02:6e:7f:da:cb:83:80:d6:70:25:c0:bc:41:34:96:b0:52:
         8e:2c:39:39:81:26:f6:5d:4d:25:db:b3:d9:37:48:dc:27:8a:
         31:79:63:c0:2e:89:37:42:b0:26:9e:f4:04:68:0f:7d:3f:68:
         ea:35:38:4f:c6:6d:13:66:10:69:d1:df:9f:66:fd:76:d2:0f:
         ad:30:8c:bc:0c:07:58:76:96:43:ae:81:a9:da:ba:bf:1f:42:
         15:ce:e1:ce:9b:d0:17:2f:e3:86:15:a3:bb:9d:34:f2:da:36:
         f3:75:65:2a:b5:3a:60:15:0d:2a:40:bd:9b:6e:44:5d:4d:73:
         32:fa:0a:ad:31:fe:d2:6e:32:99:9f:d4:6a:e1:53:4d:a1:5b:
         a2:45:81:9b:45:11:56:1d:27:d3:9d:98:b5:d2:47:e0:7d:84:
         89:47:16:07
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIUTdUDYjOUBUmAvaPdU5WEwrGZYigwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODYxYTlkMzU3ZDUzZDU0NTk0ODRhMWY1OTIxNzA0ZTc2
MjY0MWE2MjAeFw0yMzA5MjIxMDE0NDFaFw0yNDA5MjAxMDE5NDFaMDMxMTAvBgNV
BAMTKDAwQzMyN0NGQkQ0NzM0RDM3NTYzNDZDQTNCMTM2MjU4MEQzMDQ1NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCucvoqM0cJHx35wICA1S1ewh4J
kdJ7eUyY5GjuugWOxHwPljkMwUK9pxX08Dhy0eoRCBQZJJ3olzHm3fDYDW/Sa3HY
FsDPAB83Dm54XXg/g5HFH1TFXS/V+ubaPU0RdeiK5FwaoJc74eABfxZvuqf6DGhF
pXktCpTE17lv59rom25q6b7PPCQGEO/g5jKbXOc2RRdxPM9QGFcUhMTWebnjAXZx
u5CnTOfHx/bgGHoPWAMU1x4uY90msI/DzzC4OxbhRRS9x51KPmUMkqLRXxHfpNHl
6JLdYBnma5euhWiTnfwZ1Ne9/ILa+/d8lTJ7nDC+Dr7PvktasI1O0fsYOpwvAgMB
AAGjggG9MIIBuTAdBgNVHQ4EFgQUAMMnz71HNNN1Y0bKOxNiWA0wRXYwHwYDVR0j
BBgwFoAUhhqdNX1T1UWUhKH1khcE52JkGmIwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzMzLzg2MUE5RDM1N0Q1
M0Q1NDU5NDg0QTFGNTkyMTcwNEU3NjI2NDFBNjIuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9oaHFkTlgxVDFVV1VoS0gxa2hjRTUySmtHbUkuY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzMvMzI2
MTMxMzIzYTY1MzkzNDMwM2EzYTJmMzIzOTJkMzQzODIwM2QzZTIwMzIzMTMwMzQz
MzM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/
BBEwDzANBAIAAjAHAwUDKhLpQDANBgkqhkiG9w0BAQsFAAOCAQEAZBG63TVm2tT4
ViuE9L90KNyFsvLh5xiJugrXcfwN7OPjTpTbzLoa9RrfI0zpegIdzfEwgmB/+igk
ny/4nr1kruAtfhYEOk0fc5PFENXLGfOcdylfhAsBxOCXDwJuf9rLg4DWcCXAvEE0
lrBSjiw5OYEm9l1NJduz2TdI3CeKMXljwC6JN0KwJp70BGgPfT9o6jU4T8ZtE2YQ
adHfn2b9dtIPrTCMvAwHWHaWQ66Bqdq6vx9CFc7hzpvQFy/jhhWju5008to283Vl
KrU6YBUNKkC9m25EXU1zMvoKrTH+0m4ymZ/UauFTTaFbokWBm0URVh0n052YtdJH
4H2EiUcWBw==
-----END CERTIFICATE-----