Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/326131313a3a2f34382d3438203d3e2036323333.roa
File:                     326131313a3a2f34382d3438203d3e2036323333.roa (raw, json)
Hash identifier:          9SZbM1JQOn55ti5Slj3CD0Xi3Y00lbhjZ5ffOoVpANw=
Subject key identifier:   E8:A0:DA:CB:25:37:8B:2F:C0:9E:FF:89:31:10:BB:FB:33:F8:7C:30
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       74483EA4C62D7F9DE48E6459BC770948153A9519
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/326131313a3a2f34382d3438203d3e2036323333.roa
Signing time:             Fri 25 Jul 2025 10:52:38 +0000
ROA not before:           Fri 25 Jul 2025 10:47:38 +0000
ROA not after:            Fri 24 Jul 2026 10:52:38 +0000
asID:                     6233
IP address blocks:        2a11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 05:47:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:48:3e:a4:c6:2d:7f:9d:e4:8e:64:59:bc:77:09:48:15:3a:95:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Jul 25 10:47:38 2025 GMT
            Not After : Jul 24 10:52:38 2026 GMT
        Subject: CN=E8A0DACB25378B2FC09EFF893110BBFB33F87C30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:21:c2:0c:17:d4:13:a0:51:ce:1a:95:b2:da:
                    39:59:ad:fd:e4:92:f6:5c:56:c6:77:ce:0c:4b:94:
                    da:21:0b:e7:27:96:bc:81:9a:ee:97:fa:de:e2:07:
                    61:b6:f4:c3:75:09:36:6e:c1:d5:0e:9f:62:d9:d6:
                    73:91:8e:83:1f:3e:f9:a7:bc:5f:19:55:24:e1:18:
                    06:d6:d4:1d:7c:0d:1e:db:b0:7a:a9:52:b5:21:60:
                    6f:f9:9b:0e:8b:67:10:54:2c:7d:b7:cd:65:c9:58:
                    94:5a:db:5a:80:87:0c:53:90:22:e2:f4:f4:8d:12:
                    a6:3e:20:c3:84:9c:27:3b:8f:5f:ec:8a:c5:5a:31:
                    83:00:0c:52:0d:1a:26:d9:94:6e:ac:5b:35:a0:6f:
                    e7:60:cf:78:d0:5c:7e:bc:22:55:1e:e5:04:2b:62:
                    85:56:76:8d:7b:d3:c8:bc:e2:2a:3d:a3:9c:30:24:
                    96:f4:a5:92:48:3d:94:cb:7a:5e:46:66:b7:d8:c8:
                    50:13:23:5e:80:3b:75:24:41:a5:9e:4a:d8:f4:ff:
                    86:88:6f:31:5b:32:37:f7:6d:0c:f1:fe:b7:d9:86:
                    f8:e4:8c:89:61:ec:1c:6d:2a:88:e6:fa:a5:10:8d:
                    23:69:20:94:f8:0b:cb:f1:ba:f6:08:76:4d:45:4f:
                    5e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A0:DA:CB:25:37:8B:2F:C0:9E:FF:89:31:10:BB:FB:33:F8:7C:30
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/326131313a3a2f34382d3438203d3e2036323333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:49:5e:11:af:e0:f4:51:12:b6:e1:69:2e:2c:7f:e9:3f:30:
         95:2c:40:f1:e8:5c:42:74:4e:f5:ac:fe:c2:1c:e0:76:28:47:
         3d:66:bc:00:5d:46:c2:3a:34:44:a2:7c:df:34:bb:df:6e:85:
         db:96:35:e5:cb:0b:ba:f6:21:69:f7:74:80:dc:a1:3e:27:69:
         46:07:91:e6:16:37:1a:3f:8f:8f:8c:84:17:2c:d9:45:84:f4:
         b6:81:77:9e:94:53:1e:b0:8b:a4:4a:8b:7b:c9:a6:c8:68:d6:
         3e:52:17:41:4c:0a:54:31:0f:85:de:dd:0b:ce:31:62:df:15:
         4e:23:94:e9:9a:5b:de:cc:c4:68:27:83:88:21:2e:b6:4c:fb:
         3e:d2:4a:28:54:82:0b:22:96:9e:ef:39:d1:ff:ce:83:38:c8:
         be:81:03:70:de:79:0e:43:e3:73:8f:f8:2d:c8:3b:7f:90:a4:
         39:c4:7d:53:8d:2b:46:53:cb:1c:7c:a9:db:a9:90:b7:6c:c8:
         81:c7:db:83:19:29:0f:b1:5c:f6:8e:16:36:bf:14:e6:17:0a:
         da:11:9a:c8:31:85:c4:89:68:db:95:7b:1a:ed:b7:b8:17:ae:
         9c:db:c2:a0:c8:16:7b:62:3b:e1:6d:dd:13:9e:83:f4:8e:fc:
         51:97:51:96
-----BEGIN CERTIFICATE-----
MIIEpTCCA42gAwIBAgIUdEg+pMYtf53kjmRZvHcJSBU6lRkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yNTA3MjUxMDQ3MzhaFw0yNjA3MjQxMDUyMzhaMDMxMTAvBgNV
BAMTKEU4QTBEQUNCMjUzNzhCMkZDMDlFRkY4OTMxMTBCQkZCMzNGODdDMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKIcIMF9QToFHOGpWy2jlZrf3k
kvZcVsZ3zgxLlNohC+cnlryBmu6X+t7iB2G29MN1CTZuwdUOn2LZ1nORjoMfPvmn
vF8ZVSThGAbW1B18DR7bsHqpUrUhYG/5mw6LZxBULH23zWXJWJRa21qAhwxTkCLi
9PSNEqY+IMOEnCc7j1/sisVaMYMADFINGibZlG6sWzWgb+dgz3jQXH68IlUe5QQr
YoVWdo1708i84io9o5wwJJb0pZJIPZTLel5GZrfYyFATI16AO3UkQaWeStj0/4aI
bzFbMjf3bQzx/rfZhvjkjIlh7BxtKojm+qUQjSNpIJT4C8vxuvYIdk1FT17XAgMB
AAGjggGvMIIBqzAdBgNVHQ4EFgQU6KDayyU3iy/Anv+JMRC7+zP4fDAwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwXwYIKwYBBQUH
AQsEUzBRME8GCCsGAQUFBzALhkNyc3luYzovLzAuc2IvcmVwby9zYi8xLzMyNjEz
MTMxM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzYzMjMzMzMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAq
EQAAAAAwDQYJKoZIhvcNAQELBQADggEBAMdJXhGv4PRRErbhaS4sf+k/MJUsQPHo
XEJ0TvWs/sIc4HYoRz1mvABdRsI6NESifN80u99uhduWNeXLC7r2IWn3dIDcoT4n
aUYHkeYWNxo/j4+MhBcs2UWE9LaBd56UUx6wi6RKi3vJpsho1j5SF0FMClQxD4Xe
3QvOMWLfFU4jlOmaW97MxGgng4ghLrZM+z7SSihUggsilp7vOdH/zoM4yL6BA3De
eQ5D43OP+C3IO3+QpDnEfVONK0ZTyxx8qdupkLdsyIHH24MZKQ+xXPaOFja/FOYX
CtoRmsgxhcSJaNuVexrtt7gXrpzbwqDIFntiO+Ft3ROeg/SO/FGXUZY=
-----END CERTIFICATE-----