Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/35/326131323a663234303a3a2f32392d3239203d3e20323130343334.roa
File:                     326131323a663234303a3a2f32392d3239203d3e20323130343334.roa (raw, json)
Hash identifier:          iu+K4NKCvcKjPOTNam3qVyPnypGImSBw1a7aa0Wfgto=
Subject key identifier:   3A:A9:53:2C:29:B6:38:89:45:A0:47:F9:F8:88:DD:3F:5B:1D:F4:F1
Certificate issuer:       /CN=3507d47ee4e97f6bfd3ac4ce07bf99c0554c9a4b
Certificate serial:       3F14B411065FAB77B466868AE1EC854B0D0DB289
Authority key identifier: 35:07:D4:7E:E4:E9:7F:6B:FD:3A:C4:CE:07:BF:99:C0:55:4C:9A:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer
Subject info access:      rsync://0.sb/repo/sb/35/326131323a663234303a3a2f32392d3239203d3e20323130343334.roa
Signing time:             Fri 22 Sep 2023 10:19:36 +0000
ROA not before:           Fri 22 Sep 2023 10:14:36 +0000
ROA not after:            Fri 20 Sep 2024 10:19:36 +0000
asID:                     210434
IP address blocks:        2a12:f240::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.crl
                          rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:14:b4:11:06:5f:ab:77:b4:66:86:8a:e1:ec:85:4b:0d:0d:b2:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3507d47ee4e97f6bfd3ac4ce07bf99c0554c9a4b
        Validity
            Not Before: Sep 22 10:14:36 2023 GMT
            Not After : Sep 20 10:19:36 2024 GMT
        Subject: CN=3AA9532C29B6388945A047F9F888DD3F5B1DF4F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a8:b7:71:6d:7c:20:71:17:8c:14:ab:1b:31:
                    44:a5:1f:3d:1d:7a:27:48:ba:17:c0:13:3d:5d:8e:
                    a7:68:d0:3a:47:c3:92:47:42:0a:ce:66:5d:00:f6:
                    a2:8c:2a:9d:db:a2:62:a8:3c:2e:5f:cb:82:7b:b7:
                    2f:2f:01:4b:12:43:c8:4d:19:47:9a:e4:85:49:83:
                    f3:78:f7:f7:16:93:7e:8b:69:56:4f:8e:c6:9d:19:
                    b7:09:58:9d:87:c1:d0:7c:81:5f:45:7c:80:69:f8:
                    09:49:41:4c:65:6c:e6:a4:ad:22:50:4c:0c:0d:3b:
                    16:d1:c2:a6:0c:a3:ed:e9:f9:a9:99:e6:48:38:25:
                    3d:e4:0d:61:ff:3b:d2:d5:60:31:a2:6e:b2:70:11:
                    e6:ae:e0:1a:2f:40:88:97:94:fd:32:dd:d9:4a:fc:
                    ad:ef:0b:9b:5f:7c:1c:a5:01:af:cb:9b:52:26:b9:
                    58:83:82:a2:ea:56:8e:87:5c:2f:52:ae:b0:2b:d6:
                    f8:f8:30:4f:61:96:85:22:bd:67:8b:b2:0a:7c:cd:
                    b5:27:7b:c1:ab:80:e0:4d:88:4b:04:f0:8b:ce:0f:
                    d3:19:93:7d:52:b4:aa:cf:2f:bb:d1:13:a5:20:f6:
                    52:07:d2:1f:f2:b9:89:21:37:0b:43:52:8a:48:28:
                    f8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:A9:53:2C:29:B6:38:89:45:A0:47:F9:F8:88:DD:3F:5B:1D:F4:F1
            X509v3 Authority Key Identifier:
                keyid:35:07:D4:7E:E4:E9:7F:6B:FD:3A:C4:CE:07:BF:99:C0:55:4C:9A:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/35/326131323a663234303a3a2f32392d3239203d3e20323130343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f240::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:70:94:6d:e8:39:4b:1b:e8:99:39:38:9c:5a:ab:93:b0:8e:
         09:6d:25:72:42:49:14:7f:a3:82:23:d4:3b:ac:2a:7b:78:6a:
         08:5f:fd:b8:22:d1:57:74:72:5d:49:08:13:1b:91:8f:97:49:
         cf:9e:04:be:8d:64:23:45:32:20:c8:3a:66:05:57:17:98:8e:
         f7:83:5c:ca:31:52:f4:6c:be:e0:59:da:2a:af:44:29:57:d3:
         a4:09:5c:35:61:66:b0:44:95:1d:44:ce:78:58:74:36:6b:3f:
         48:fb:a1:b9:61:63:f2:bf:4a:ae:c0:c2:f2:5a:89:1c:0a:ef:
         f6:b3:c5:a6:45:72:6d:81:39:06:e9:b0:1e:2d:3b:b6:43:63:
         16:59:1a:e2:ec:f0:83:c6:3f:1f:ae:de:92:c9:82:b8:68:17:
         5e:a2:b4:31:e2:4c:ff:b9:3e:c0:85:a2:59:bb:d6:87:11:9d:
         0e:47:06:08:f8:3f:13:1e:99:77:42:f2:b9:12:91:ee:93:6a:
         2c:df:4f:62:cf:ad:79:3f:7f:2e:51:bb:f9:7e:a1:2b:3c:a8:
         59:1b:f0:51:5d:81:10:26:3c:35:f9:db:e5:e0:47:85:b4:93:
         f2:95:7b:11:78:db:ad:a7:bc:14:63:92:f2:37:0f:e1:fc:67:
         38:29:05:07
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIUPxS0EQZfq3e0ZoaK4eyFSw0NsokwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzUwN2Q0N2VlNGU5N2Y2YmZkM2FjNGNlMDdiZjk5YzA1
NTRjOWE0YjAeFw0yMzA5MjIxMDE0MzZaFw0yNDA5MjAxMDE5MzZaMDMxMTAvBgNV
BAMTKDNBQTk1MzJDMjlCNjM4ODk0NUEwNDdGOUY4ODhERDNGNUIxREY0RjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZqLdxbXwgcReMFKsbMUSlHz0d
eidIuhfAEz1djqdo0DpHw5JHQgrOZl0A9qKMKp3bomKoPC5fy4J7ty8vAUsSQ8hN
GUea5IVJg/N49/cWk36LaVZPjsadGbcJWJ2HwdB8gV9FfIBp+AlJQUxlbOakrSJQ
TAwNOxbRwqYMo+3p+amZ5kg4JT3kDWH/O9LVYDGibrJwEeau4BovQIiXlP0y3dlK
/K3vC5tffBylAa/Lm1ImuViDgqLqVo6HXC9SrrAr1vj4ME9hloUivWeLsgp8zbUn
e8GrgOBNiEsE8IvOD9MZk31StKrPL7vRE6Ug9lIH0h/yuYkhNwtDUopIKPirAgMB
AAGjggG9MIIBuTAdBgNVHQ4EFgQUOqlTLCm2OIlFoEf5+IjdP1sd9PEwHwYDVR0j
BBgwFoAUNQfUfuTpf2v9OsTOB7+ZwFVMmkswDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzM1LzM1MDdENDdFRTRF
OTdGNkJGRDNBQzRDRTA3QkY5OUMwNTU0QzlBNEIuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9OUWZVZnVUcGYydjlPc1RPQjctWndGVk1ta3MuY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzUvMzI2
MTMxMzIzYTY2MzIzNDMwM2EzYTJmMzIzOTJkMzIzOTIwM2QzZTIwMzIzMTMwMzQz
MzM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/
BBEwDzANBAIAAjAHAwUDKhLyQDANBgkqhkiG9w0BAQsFAAOCAQEASnCUbeg5Sxvo
mTk4nFqrk7COCW0lckJJFH+jgiPUO6wqe3hqCF/9uCLRV3RyXUkIExuRj5dJz54E
vo1kI0UyIMg6ZgVXF5iO94NcyjFS9Gy+4FnaKq9EKVfTpAlcNWFmsESVHUTOeFh0
Nms/SPuhuWFj8r9KrsDC8lqJHArv9rPFpkVybYE5BumwHi07tkNjFlka4uzwg8Y/
H67eksmCuGgXXqK0MeJM/7k+wIWiWbvWhxGdDkcGCPg/Ex6Zd0LyuRKR7pNqLN9P
Ys+teT9/LlG7+X6hKzyoWRvwUV2BECY8Nfnb5eBHhbST8pV7EXjbrae8FGOS8jcP
4fxnOCkFBw==
-----END CERTIFICATE-----