Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a353a3a2f33322d3438203d3e2038383838.roa
File:                     326131313a353a3a2f33322d3438203d3e2038383838.roa (raw, json)
Hash identifier:          l/M5vxVHJraJJquOUp447WdJa8JrB1Yb96LanQ1u/4U=
Subject key identifier:   C1:3D:E8:88:8A:37:12:EF:0E:1C:2B:4C:5D:38:C3:98:6A:35:4F:83
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       65D5A15D93CE0620270CA2FC841D1D9BDFB0B2C7
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a353a3a2f33322d3438203d3e2038383838.roa
Signing time:             Fri 25 Jul 2025 10:52:39 +0000
ROA not before:           Fri 25 Jul 2025 10:47:39 +0000
ROA not after:            Fri 24 Jul 2026 10:52:39 +0000
asID:                     8888
IP address blocks:        2a11:5::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 05:47:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:d5:a1:5d:93:ce:06:20:27:0c:a2:fc:84:1d:1d:9b:df:b0:b2:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Jul 25 10:47:39 2025 GMT
            Not After : Jul 24 10:52:39 2026 GMT
        Subject: CN=C13DE8888A3712EF0E1C2B4C5D38C3986A354F83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cc:0b:7a:c2:27:5c:e1:15:05:a7:57:ea:dd:
                    ec:94:0b:0e:88:27:7b:60:ec:e2:1d:79:2a:65:9d:
                    81:62:74:08:78:a2:d0:ef:67:06:7f:36:75:d7:e7:
                    df:08:65:db:55:13:3a:ac:7b:32:25:76:7e:5e:49:
                    eb:9d:50:5f:9d:a8:ff:30:f7:f0:ba:33:d5:b0:87:
                    d1:ff:b5:e0:25:40:91:f3:e2:81:01:87:93:73:34:
                    53:a0:2b:08:f0:f2:a5:08:53:9d:a2:c7:f7:e7:ce:
                    3e:a1:54:d5:bb:67:21:7a:fc:2e:c0:9c:b4:a5:8d:
                    2d:f9:12:52:92:cf:a9:53:6f:6e:6e:b2:af:74:dd:
                    1f:ee:c1:bb:c8:86:3b:89:83:7f:ba:99:00:17:82:
                    85:30:f0:d6:d7:98:fb:cf:b9:80:52:32:f5:ca:79:
                    0e:c1:11:d7:35:9c:cf:5d:3e:cc:06:ee:f5:f3:90:
                    54:9a:45:60:25:51:b1:fc:00:da:f9:5e:e7:d4:1a:
                    b1:08:f4:2f:a5:15:40:60:b4:00:e9:f7:ef:7d:0b:
                    5a:18:1d:b2:72:e0:2b:b2:d1:79:4f:c1:0b:f9:64:
                    07:cd:45:35:d6:70:17:80:ce:b6:e3:40:3a:f0:a1:
                    c8:97:6f:4d:cf:2a:e5:4b:d0:47:d4:b0:6f:12:c2:
                    cf:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:3D:E8:88:8A:37:12:EF:0E:1C:2B:4C:5D:38:C3:98:6A:35:4F:83
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a353a3a2f33322d3438203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:73:4c:72:1f:55:92:7f:5b:64:af:20:73:25:ba:fd:15:97:
         45:b5:91:da:08:36:e9:06:e0:09:35:54:7c:67:be:07:13:1f:
         3c:47:fa:c9:d5:9d:55:e0:97:6b:65:fe:01:f2:3c:0c:38:9f:
         10:04:a6:4d:44:28:e8:ff:a2:c3:3e:77:4c:75:16:b4:c4:da:
         85:26:1a:de:9c:e5:01:b5:41:65:7f:e1:e9:9d:e1:9a:c5:dd:
         55:e6:56:f1:a0:35:e6:97:75:13:34:12:60:09:48:51:fb:84:
         91:83:42:a6:ea:dd:4b:31:2d:6d:a5:53:65:5d:5e:1f:96:78:
         09:03:6a:60:cb:71:f7:79:41:46:29:e9:72:2a:b6:c3:9e:2b:
         36:8a:5a:73:11:33:27:44:3d:12:6b:3a:1e:08:b7:4b:b4:ca:
         4e:0a:15:a8:83:ee:8d:be:a5:d4:99:14:18:28:34:90:35:5b:
         cd:cb:82:f7:fd:49:45:cb:a6:c5:62:bc:fb:37:3a:31:02:0d:
         67:84:4f:8e:28:e2:ee:cd:dd:44:1a:4e:b3:de:9a:95:3f:e1:
         b2:e2:27:63:08:96:99:9a:a9:49:f8:73:5f:2c:2f:7b:58:72:
         d1:f9:73:bf:e5:c7:81:f6:c6:bb:39:f6:ec:3e:ac:27:67:8c:
         03:2e:94:b4
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIUZdWhXZPOBiAnDKL8hB0dm9+wsscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yNTA3MjUxMDQ3MzlaFw0yNjA3MjQxMDUyMzlaMDMxMTAvBgNV
BAMTKEMxM0RFODg4OEEzNzEyRUYwRTFDMkI0QzVEMzhDMzk4NkEzNTRGODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrzAt6widc4RUFp1fq3eyUCw6I
J3tg7OIdeSplnYFidAh4otDvZwZ/NnXX598IZdtVEzqsezIldn5eSeudUF+dqP8w
9/C6M9Wwh9H/teAlQJHz4oEBh5NzNFOgKwjw8qUIU52ix/fnzj6hVNW7ZyF6/C7A
nLSljS35ElKSz6lTb25usq903R/uwbvIhjuJg3+6mQAXgoUw8NbXmPvPuYBSMvXK
eQ7BEdc1nM9dPswG7vXzkFSaRWAlUbH8ANr5XufUGrEI9C+lFUBgtADp9+99C1oY
HbJy4Cuy0XlPwQv5ZAfNRTXWcBeAzrbjQDrwociXb03PKuVL0EfUsG8Sws/zAgMB
AAGjggGxMIIBrTAdBgNVHQ4EFgQUwT3oiIo3Eu8OHCtMXTjDmGo1T4MwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwYwYIKwYBBQUH
AQsEVzBVMFMGCCsGAQUFBzALhkdyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzNTNhM2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM4MzgzODM4LnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAKhEABTANBgkqhkiG9w0BAQsFAAOCAQEAZXNMch9Vkn9bZK8gcyW6/RWXRbWR
2gg26QbgCTVUfGe+BxMfPEf6ydWdVeCXa2X+AfI8DDifEASmTUQo6P+iwz53THUW
tMTahSYa3pzlAbVBZX/h6Z3hmsXdVeZW8aA15pd1EzQSYAlIUfuEkYNCpurdSzEt
baVTZV1eH5Z4CQNqYMtx93lBRinpciq2w54rNopacxEzJ0Q9Ems6Hgi3S7TKTgoV
qIPujb6l1JkUGCg0kDVbzcuC9/1JRcumxWK8+zc6MQINZ4RPjiji7s3dRBpOs96a
lT/hsuInYwiWmZqpSfhzXywve1hy0flzv+XHgfbGuzn27D6sJ2eMAy6UtA==
-----END CERTIFICATE-----