Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3133332e3131382e302f32342d3234203d3e20323130343239.roa
File:                     34352e3133332e3131382e302f32342d3234203d3e20323130343239.roa (raw, json)
Hash identifier:          EkltdQkj0P/OeRid/obAqHP06Y6ydztULItutQzOvkE=
Subject key identifier:   24:80:22:62:D8:66:03:7A:CA:88:09:6F:09:90:7E:68:97:55:3A:90
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       4EF2F3E9B18CAB4E063F5C0750629FAC0586CCE6
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3133332e3131382e302f32342d3234203d3e20323130343239.roa
Signing time:             Mon 31 Mar 2025 10:52:15 +0000
ROA not before:           Mon 31 Mar 2025 10:47:15 +0000
ROA not after:            Mon 30 Mar 2026 10:52:15 +0000
asID:                     210429
IP address blocks:        45.133.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 14:06:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:f2:f3:e9:b1:8c:ab:4e:06:3f:5c:07:50:62:9f:ac:05:86:cc:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Mar 31 10:47:15 2025 GMT
            Not After : Mar 30 10:52:15 2026 GMT
        Subject: CN=24802262D866037ACA88096F09907E6897553A90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f8:81:2b:93:75:c7:6e:90:b4:13:10:85:48:
                    08:2d:0b:a2:73:c1:76:aa:f7:6e:7f:fc:32:42:14:
                    19:ef:53:86:56:08:24:35:02:a4:a1:7d:e6:5e:d0:
                    bf:4e:85:16:b8:b4:c3:bf:1c:69:fe:2b:3f:24:8d:
                    e1:64:9c:dd:eb:f7:c0:ff:94:58:24:6d:ee:11:6a:
                    ce:6f:26:04:bd:dc:1e:cd:01:2c:d8:6b:af:c3:8f:
                    fc:48:56:fb:e2:45:59:16:b1:ce:b1:c5:68:e7:c9:
                    54:33:89:f0:09:7d:83:61:75:a3:c0:a8:32:78:d2:
                    13:67:b3:cc:1a:05:2c:a4:a5:66:b0:13:08:54:1a:
                    5b:71:97:a5:94:5c:ad:4b:03:64:23:ae:31:b4:4c:
                    6c:d1:a4:aa:2b:6d:16:8d:48:60:a8:73:60:07:13:
                    28:2e:b7:a1:8b:f6:58:97:68:ad:3c:0a:55:b7:75:
                    c9:10:9b:f6:69:5d:05:ee:6e:2f:62:e4:97:05:0e:
                    ed:e8:5d:b0:a7:19:9b:9b:d5:1d:21:52:33:72:4f:
                    7b:68:25:e5:01:fe:af:94:43:4c:a4:62:a7:34:a2:
                    83:df:d3:2d:34:9a:31:12:b4:c0:73:35:8b:ae:ea:
                    74:bd:09:6d:1a:c9:c4:2c:13:82:94:ad:43:10:f3:
                    4a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:80:22:62:D8:66:03:7A:CA:88:09:6F:09:90:7E:68:97:55:3A:90
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3133332e3131382e302f32342d3234203d3e20323130343239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:c6:5e:23:3d:23:61:29:ad:2d:f1:9d:1b:74:81:09:42:e1:
         68:55:3b:1d:46:69:3d:4a:64:0e:13:64:df:26:35:df:83:0a:
         c7:b4:b1:7b:df:b5:ab:fa:f3:dd:4a:aa:65:68:eb:42:ef:8c:
         f4:fb:54:92:d9:73:b9:d3:f3:3c:ca:68:53:39:35:5e:af:f1:
         88:96:ca:e2:9d:08:32:40:a0:73:d1:05:dd:3e:41:b5:87:45:
         94:27:4a:23:a7:37:32:33:7f:f7:42:cf:3f:b2:8d:39:b9:6c:
         55:5c:fa:c4:49:f2:83:b4:40:4e:f9:b7:de:38:f8:13:94:18:
         4a:6a:03:5f:83:db:69:59:91:fd:26:5e:75:5d:af:8c:e3:bc:
         a5:d1:67:10:e3:84:e9:0b:96:ae:a7:aa:1d:af:4d:74:f4:6d:
         ac:ea:80:62:fa:5a:40:3b:6a:fa:36:8a:d9:58:2c:10:a2:a7:
         5e:5e:85:1c:9b:f3:83:1e:65:0e:c1:6d:ae:88:07:bf:11:f1:
         70:86:1b:e0:f3:52:c7:88:25:30:00:d3:79:11:c6:84:77:a9:
         d7:89:00:82:89:a2:19:56:16:6f:11:5a:62:ed:eb:ee:27:f4:
         a2:ff:df:f0:4f:ae:0a:0e:49:10:56:ba:cd:fb:a6:d0:58:3e:
         af:3f:8d:28
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIUTvLz6bGMq04GP1wHUGKfrAWGzOYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTAzMzExMDQ3MTVaFw0yNjAzMzAxMDUyMTVaMDMxMTAvBgNV
BAMTKDI0ODAyMjYyRDg2NjAzN0FDQTg4MDk2RjA5OTA3RTY4OTc1NTNBOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC+IErk3XHbpC0ExCFSAgtC6Jz
wXaq925//DJCFBnvU4ZWCCQ1AqShfeZe0L9OhRa4tMO/HGn+Kz8kjeFknN3r98D/
lFgkbe4Ras5vJgS93B7NASzYa6/Dj/xIVvviRVkWsc6xxWjnyVQzifAJfYNhdaPA
qDJ40hNns8waBSykpWawEwhUGltxl6WUXK1LA2QjrjG0TGzRpKorbRaNSGCoc2AH
Eygut6GL9liXaK08ClW3dckQm/ZpXQXubi9i5JcFDu3oXbCnGZub1R0hUjNyT3to
JeUB/q+UQ0ykYqc0ooPf0y00mjEStMBzNYuu6nS9CW0aycQsE4KUrUMQ80qRAgMB
AAGjggG+MIIBujAdBgNVHQ4EFgQUJIAiYthmA3rKiAlvCZB+aJdVOpAwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMHAGCCsGAQUF
BwELBGQwYjBgBggrBgEFBQcwC4ZUcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzMzMzMmUzMTMxMzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzAz
NDMyMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAAthXYwDQYJKoZIhvcNAQELBQADggEBAH/GXiM9I2Ep
rS3xnRt0gQlC4WhVOx1GaT1KZA4TZN8mNd+DCse0sXvftav6891KqmVo60LvjPT7
VJLZc7nT8zzKaFM5NV6v8YiWyuKdCDJAoHPRBd0+QbWHRZQnSiOnNzIzf/dCzz+y
jTm5bFVc+sRJ8oO0QE75t944+BOUGEpqA1+D22lZkf0mXnVdr4zjvKXRZxDjhOkL
lq6nqh2vTXT0bazqgGL6WkA7avo2itlYLBCip15ehRyb84MeZQ7Bba6IB78R8XCG
G+DzUseIJTAA03kRxoR3qdeJAIKJohlWFm8RWmLt6+4n9KL/3/BPrgoOSRBWus37
ptBYPq8/jSg=
-----END CERTIFICATE-----