Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/39/323430333a616338303a3a2f33322d3438203d3e2034373835.roa
File:                     323430333a616338303a3a2f33322d3438203d3e2034373835.roa (raw, json)
Hash identifier:          KwOnEN3O7Vdr8ofqxfbKIB2eLGC3zXsf6Pwqq9XZOeE=
Subject key identifier:   2A:90:85:42:AC:E7:3A:ED:15:39:49:BD:DA:FF:E9:E6:54:B8:F7:BB
Certificate issuer:       /CN=A91FFE3F0000/serialNumber=52840422D0B72BA9927DE0FF73535FDF163521A4
Certificate serial:       1D34378515A8B4338C090B0AD2C7E9A02AC723F7
Authority key identifier: 52:84:04:22:D0:B7:2B:A9:92:7D:E0:FF:73:53:5F:DF:16:35:21:A4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UoQEItC3K6mSfeD_c1Nf3xY1IaQ.cer
Subject info access:      rsync://0.sb/repo/sb/39/323430333a616338303a3a2f33322d3438203d3e2034373835.roa
Signing time:             Thu 12 Sep 2024 13:50:17 +0000
ROA not before:           Thu 12 Sep 2024 13:45:17 +0000
ROA not after:            Thu 11 Sep 2025 13:50:17 +0000
asID:                     4785
IP address blocks:        2403:ac80::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/39/52840422D0B72BA9927DE0FF73535FDF163521A4.crl
                          rsync://0.sb/repo/sb/39/52840422D0B72BA9927DE0FF73535FDF163521A4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UoQEItC3K6mSfeD_c1Nf3xY1IaQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Nov 2024 08:47:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:34:37:85:15:a8:b4:33:8c:09:0b:0a:d2:c7:e9:a0:2a:c7:23:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FFE3F0000/serialNumber=52840422D0B72BA9927DE0FF73535FDF163521A4
        Validity
            Not Before: Sep 12 13:45:17 2024 GMT
            Not After : Sep 11 13:50:17 2025 GMT
        Subject: CN=2A908542ACE73AED153949BDDAFFE9E654B8F7BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6d:57:af:03:3c:ed:ea:30:49:b2:69:e6:51:
                    23:28:67:b3:3b:d5:41:1b:fd:26:5f:a8:59:cf:0d:
                    6d:3d:10:10:62:55:80:31:24:b6:33:3f:af:9a:a8:
                    f5:96:91:b1:5e:ec:6a:85:37:b2:8c:a8:9a:fa:e2:
                    01:8b:8a:cf:f7:16:00:e8:27:58:d8:e6:0b:96:55:
                    32:77:3b:85:ce:22:ad:8a:73:32:f2:70:d3:69:79:
                    15:4e:a5:02:35:db:d4:a9:84:92:e0:32:72:e8:d5:
                    f8:df:b1:17:16:b3:60:62:79:f0:82:b9:29:e5:8c:
                    16:bb:23:a3:65:cf:23:05:c3:0d:a9:9d:7b:4a:eb:
                    d6:21:53:25:54:b6:55:e4:d0:14:c7:50:f6:03:1f:
                    ab:eb:34:b8:4a:48:f1:2c:96:d5:e2:67:19:30:cc:
                    65:a6:dc:4d:ab:34:8c:33:2a:25:02:4b:fa:cf:ed:
                    04:48:6c:68:f4:61:96:6d:b1:d1:db:3a:e1:2a:7b:
                    c7:a4:50:59:92:87:62:7b:c8:cd:b5:19:10:9f:80:
                    3d:57:fd:e7:8b:cb:58:e6:86:b0:56:a6:46:71:5a:
                    f7:d5:32:32:e0:90:64:80:4d:e0:c9:1b:7b:d1:98:
                    2a:73:b6:14:ad:0f:76:2d:97:f3:dc:a4:83:a3:05:
                    c6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:90:85:42:AC:E7:3A:ED:15:39:49:BD:DA:FF:E9:E6:54:B8:F7:BB
            X509v3 Authority Key Identifier:
                keyid:52:84:04:22:D0:B7:2B:A9:92:7D:E0:FF:73:53:5F:DF:16:35:21:A4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/39/52840422D0B72BA9927DE0FF73535FDF163521A4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UoQEItC3K6mSfeD_c1Nf3xY1IaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/39/323430333a616338303a3a2f33322d3438203d3e2034373835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:ac80::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:b5:f2:d6:58:e9:e1:63:88:3a:3c:54:84:e1:5e:d3:96:a8:
         be:81:af:2d:3e:7a:82:0c:99:a9:89:ff:d2:3d:c6:f3:ef:ec:
         57:b9:47:9d:ee:b4:8b:ac:0e:82:65:c0:61:2e:27:ee:89:98:
         6c:d2:ee:dc:a0:7e:d3:13:9a:f7:aa:f3:4a:c0:d3:99:df:ea:
         fc:1f:a3:ab:27:46:9f:ca:61:43:62:4f:6a:0f:2c:d9:8a:0b:
         74:26:8b:51:10:64:1c:0d:88:e5:e8:0b:5d:6e:82:09:37:1c:
         36:59:fe:17:30:9e:ce:33:cb:ef:55:b3:a2:20:e2:31:ad:37:
         ac:7b:a4:cb:71:30:9a:fa:87:64:fb:19:3d:8a:44:e2:d2:4d:
         84:2c:78:b0:a0:fa:fe:5c:03:55:ab:55:0e:3f:fe:f1:61:db:
         c4:37:5a:a1:1a:fb:8f:b3:90:4e:38:9e:1b:36:09:43:3a:84:
         a1:8b:99:08:15:50:41:23:3b:17:74:3a:d2:f0:09:d3:ba:ac:
         72:3b:d9:2c:2c:5a:05:55:26:53:24:94:8d:6f:f4:58:d3:f1:
         0e:a2:51:ff:66:0b:2a:6c:1e:30:e7:c8:2d:66:85:98:7f:f7:
         cd:09:65:59:47:e9:a6:0b:c6:41:81:11:4b:fc:e1:48:42:d0:
         ab:b1:ad:f4
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUHTQ3hRWotDOMCQsK0sfpoCrHI/cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRkZFM0YwMDAwMTEwLwYDVQQFEyg1Mjg0MDQyMkQw
QjcyQkE5OTI3REUwRkY3MzUzNUZERjE2MzUyMUE0MB4XDTI0MDkxMjEzNDUxN1oX
DTI1MDkxMTEzNTAxN1owMzExMC8GA1UEAxMoMkE5MDg1NDJBQ0U3M0FFRDE1Mzk0
OUJEREFGRkU5RTY1NEI4RjdCQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMRtV68DPO3qMEmyaeZRIyhnszvVQRv9Jl+oWc8NbT0QEGJVgDEktjM/r5qo
9ZaRsV7saoU3soyomvriAYuKz/cWAOgnWNjmC5ZVMnc7hc4irYpzMvJw02l5FU6l
AjXb1KmEkuAycujV+N+xFxazYGJ58IK5KeWMFrsjo2XPIwXDDamde0rr1iFTJVS2
VeTQFMdQ9gMfq+s0uEpI8SyW1eJnGTDMZabcTas0jDMqJQJL+s/tBEhsaPRhlm2x
0ds64Sp7x6RQWZKHYnvIzbUZEJ+APVf954vLWOaGsFamRnFa99UyMuCQZIBN4Mkb
e9GYKnO2FK0Pdi2X89ykg6MFxkUCAwEAAaOCAdMwggHPMB0GA1UdDgQWBBQqkIVC
rOc67RU5Sb3a/+nmVLj3uzAfBgNVHSMEGDAWgBRShAQi0LcrqZJ94P9zU1/fFjUh
pDAOBgNVHQ8BAf8EBAMCB4AwVQYDVR0fBE4wTDBKoEigRoZEcnN5bmM6Ly8wLnNi
L3JlcG8vc2IvMzkvNTI4NDA0MjJEMEI3MkJBOTkyN0RFMEZGNzM1MzVGREYxNjM1
MjFBNC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jw
a2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdD
NzJGRDFGRjIvVW9RRUl0QzNLNm1TZmVEX2MxTmYzeFkxSWFRLmNlcjBqBggrBgEF
BQcBCwReMFwwWgYIKwYBBQUHMAuGTnJzeW5jOi8vMC5zYi9yZXBvL3NiLzM5LzMy
MzQzMDMzM2E2MTYzMzgzMDNhM2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM0MzczODM1
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEw
DzANBAIAAjAHAwUAJAOsgDANBgkqhkiG9w0BAQsFAAOCAQEARrXy1ljp4WOIOjxU
hOFe05aovoGvLT56ggyZqYn/0j3G8+/sV7lHne60i6wOgmXAYS4n7omYbNLu3KB+
0xOa96rzSsDTmd/q/B+jqydGn8phQ2JPag8s2YoLdCaLURBkHA2I5egLXW6CCTcc
Nln+FzCezjPL71WzoiDiMa03rHuky3EwmvqHZPsZPYpE4tJNhCx4sKD6/lwDVatV
Dj/+8WHbxDdaoRr7j7OQTjieGzYJQzqEoYuZCBVQQSM7F3Q60vAJ07qscjvZLCxa
BVUmUySUjW/0WNPxDqJR/2YLKmweMOfILWaFmH/3zQllWUfppgvGQYERS/zhSELQ
q7Gt9A==
-----END CERTIFICATE-----