Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3133332e3131372e302f32342d3234203d3e20323130343239.roa
File:                     34352e3133332e3131372e302f32342d3234203d3e20323130343239.roa (raw, json)
Hash identifier:          bpsOjLOlQ79gShauzwEUBHqoVlf7Hpzq8ai5J1fUG/0=
Subject key identifier:   ED:30:95:C8:A3:18:FA:F3:4F:A5:CD:DF:6F:77:09:EC:F5:09:9A:E3
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       03DBECB6562630BE70C502ACF1418B3A2805AE96
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3133332e3131372e302f32342d3234203d3e20323130343239.roa
Signing time:             Mon 31 Mar 2025 10:52:15 +0000
ROA not before:           Mon 31 Mar 2025 10:47:15 +0000
ROA not after:            Mon 30 Mar 2026 10:52:15 +0000
asID:                     210429
IP address blocks:        45.133.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 01:39:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:db:ec:b6:56:26:30:be:70:c5:02:ac:f1:41:8b:3a:28:05:ae:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Mar 31 10:47:15 2025 GMT
            Not After : Mar 30 10:52:15 2026 GMT
        Subject: CN=ED3095C8A318FAF34FA5CDDF6F7709ECF5099AE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:06:81:dd:8b:4a:92:31:f9:3f:36:05:69:9f:
                    24:13:09:29:ec:ca:bd:1e:dc:88:a0:17:e8:bf:d5:
                    0f:e8:d6:7f:cb:e1:95:6d:c9:0b:5f:8d:c6:e9:6d:
                    b4:f8:ab:2f:be:c5:9a:12:f7:c9:99:11:c5:c4:d5:
                    22:31:da:75:50:84:8c:d6:bb:c3:b7:4e:8b:73:2e:
                    d0:8c:6b:de:3a:90:87:d3:4f:4a:16:b2:d9:d7:97:
                    7c:cc:5d:78:b2:f5:ec:7d:c1:2f:cb:a2:d5:0d:82:
                    9b:bb:e1:2f:b5:07:eb:ed:e3:3a:10:65:85:d0:88:
                    c9:24:dc:1f:bc:52:d4:c2:7f:e9:59:7e:26:7b:54:
                    19:e6:20:ae:ce:22:d0:07:3b:e5:fc:50:98:36:94:
                    33:61:5a:d0:8d:f3:3e:6e:da:a5:95:33:ad:59:3f:
                    1f:17:48:7d:c7:e1:38:75:4d:b5:ad:13:d0:f9:12:
                    fd:12:fa:2e:3c:64:84:41:2a:d0:36:a3:e8:1f:e2:
                    7f:6c:28:1c:d9:6f:85:34:b9:39:eb:c8:77:b3:cc:
                    df:36:9c:a0:73:8e:e4:cf:6e:35:31:91:0d:61:1a:
                    20:00:46:e0:a4:e9:1a:0b:80:b3:0e:17:78:c8:80:
                    a8:6b:00:ae:b6:9f:b1:91:52:3b:fd:47:8a:32:f4:
                    40:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:30:95:C8:A3:18:FA:F3:4F:A5:CD:DF:6F:77:09:EC:F5:09:9A:E3
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3133332e3131372e302f32342d3234203d3e20323130343239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:98:a9:51:84:23:28:78:21:99:2b:a0:e4:06:66:3d:9c:8b:
         f7:c1:34:0a:44:43:3b:48:34:59:cd:53:0f:86:39:50:dd:98:
         36:47:3d:a0:d6:63:e2:89:f5:9f:2a:b2:f2:dd:79:d3:26:b5:
         16:6f:aa:3b:fe:68:a3:13:60:03:2c:d1:65:b7:84:fc:3e:c4:
         7a:d7:df:53:7f:aa:53:74:68:90:11:84:de:89:f3:16:0e:cf:
         13:40:bd:a8:68:17:d9:be:86:24:11:52:d2:5a:96:1b:4a:1b:
         f7:ca:c8:e5:d0:62:b5:03:c0:f2:18:47:0f:2d:04:9d:63:1f:
         6e:5c:cd:c7:ce:3f:12:03:45:e7:99:ab:3a:4b:8f:60:a0:6a:
         56:5c:e3:53:ec:ca:c3:20:9f:73:f3:4f:f8:60:3a:78:18:f0:
         4d:e8:47:a0:3e:53:60:ad:ad:ec:9a:1f:36:b8:ee:c9:20:5c:
         98:a3:d6:9a:45:42:2f:76:42:d3:ae:3f:83:f7:a1:6d:7e:18:
         47:c6:2c:e1:dc:2b:17:86:eb:c5:d3:c8:5f:36:12:be:ec:46:
         ce:c0:fa:bb:98:ed:f6:e2:2c:5f:66:46:ab:b6:e9:17:d0:38:
         03:c5:04:e6:3a:90:84:c3:b8:9a:b7:7d:91:4d:57:cd:8f:7a:
         05:eb:68:40
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIUA9vstlYmML5wxQKs8UGLOigFrpYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTAzMzExMDQ3MTVaFw0yNjAzMzAxMDUyMTVaMDMxMTAvBgNV
BAMTKEVEMzA5NUM4QTMxOEZBRjM0RkE1Q0RERjZGNzcwOUVDRjUwOTlBRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvBoHdi0qSMfk/NgVpnyQTCSns
yr0e3IigF+i/1Q/o1n/L4ZVtyQtfjcbpbbT4qy++xZoS98mZEcXE1SIx2nVQhIzW
u8O3TotzLtCMa946kIfTT0oWstnXl3zMXXiy9ex9wS/LotUNgpu74S+1B+vt4zoQ
ZYXQiMkk3B+8UtTCf+lZfiZ7VBnmIK7OItAHO+X8UJg2lDNhWtCN8z5u2qWVM61Z
Px8XSH3H4Th1TbWtE9D5Ev0S+i48ZIRBKtA2o+gf4n9sKBzZb4U0uTnryHezzN82
nKBzjuTPbjUxkQ1hGiAARuCk6RoLgLMOF3jIgKhrAK62n7GRUjv9R4oy9ED/AgMB
AAGjggG+MIIBujAdBgNVHQ4EFgQU7TCVyKMY+vNPpc3fb3cJ7PUJmuMwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMHAGCCsGAQUF
BwELBGQwYjBgBggrBgEFBQcwC4ZUcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzMzMzMmUzMTMxMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzAz
NDMyMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAAthXUwDQYJKoZIhvcNAQELBQADggEBAF+YqVGEIyh4
IZkroOQGZj2ci/fBNApEQztINFnNUw+GOVDdmDZHPaDWY+KJ9Z8qsvLdedMmtRZv
qjv+aKMTYAMs0WW3hPw+xHrX31N/qlN0aJARhN6J8xYOzxNAvahoF9m+hiQRUtJa
lhtKG/fKyOXQYrUDwPIYRw8tBJ1jH25czcfOPxIDReeZqzpLj2CgalZc41PsysMg
n3PzT/hgOngY8E3oR6A+U2CtreyaHza47skgXJij1ppFQi92QtOuP4P3oW1+GEfG
LOHcKxeG68XTyF82Er7sRs7A+ruY7fbiLF9mRqu26RfQOAPFBOY6kITDuJq3fZFN
V82PegXraEA=
-----END CERTIFICATE-----