Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3134322e3136372e302f32342d3234203d3e2033323538.roa
File:                     34352e3134322e3136372e302f32342d3234203d3e2033323538.roa (raw, json)
Hash identifier:          hY23+NyL8c8QFAvODdvJoBA+2Uqxmqv/bYL3J3quKEQ=
Subject key identifier:   F0:57:AD:37:CB:13:89:73:09:17:CA:72:28:AF:4A:34:69:EC:01:EC
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       089447B326235F32E522F0C4DE99FEA911AE5156
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3134322e3136372e302f32342d3234203d3e2033323538.roa
Signing time:             Fri 11 Apr 2025 08:52:20 +0000
ROA not before:           Fri 11 Apr 2025 08:47:20 +0000
ROA not after:            Fri 10 Apr 2026 08:52:20 +0000
asID:                     3258
IP address blocks:        45.142.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Apr 2025 21:04:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:94:47:b3:26:23:5f:32:e5:22:f0:c4:de:99:fe:a9:11:ae:51:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Apr 11 08:47:20 2025 GMT
            Not After : Apr 10 08:52:20 2026 GMT
        Subject: CN=F057AD37CB1389730917CA7228AF4A3469EC01EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8c:97:6b:2a:ae:0f:74:5b:7b:26:75:40:b8:
                    8a:e1:09:ca:f9:49:93:37:bf:e3:bb:58:0f:84:50:
                    17:61:69:90:4a:65:f0:3d:dc:93:38:37:4f:d1:a4:
                    29:1e:a3:a2:ed:b5:09:28:fb:c5:7c:fe:a0:a8:bb:
                    97:d9:1a:ed:e6:44:14:a9:29:89:7d:bd:f3:49:c1:
                    54:5f:d4:7f:78:08:da:76:9f:7f:5c:86:7c:55:d1:
                    1d:51:03:7e:27:ba:5d:b7:59:71:7a:da:17:e4:8d:
                    01:6b:ef:4e:bb:20:a5:01:d2:0d:a4:c2:c2:6a:68:
                    b5:22:5a:3d:d7:9f:84:d3:12:cb:45:db:a0:85:bd:
                    39:a0:5d:c6:e4:f1:10:b1:cd:62:67:39:c8:cf:46:
                    25:23:89:9f:17:b5:40:7a:16:d8:4e:27:42:06:46:
                    eb:62:ed:2c:36:8a:67:db:71:f6:f1:3d:d4:63:a3:
                    dd:45:47:41:62:42:c5:d6:05:8a:ba:4f:40:c5:e5:
                    56:19:97:be:5b:2e:4e:7f:22:35:5b:4f:97:fe:e0:
                    1d:4a:c5:77:8b:e8:c1:24:cb:25:6b:c1:60:6f:4d:
                    6a:a0:3e:33:4f:f8:86:a3:36:20:0e:18:97:14:bc:
                    0f:5f:66:97:c7:11:d2:81:6c:17:32:6d:6d:6e:fd:
                    74:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:57:AD:37:CB:13:89:73:09:17:CA:72:28:AF:4A:34:69:EC:01:EC
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3134322e3136372e302f32342d3234203d3e2033323538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:55:75:5f:de:1d:db:eb:25:d6:95:27:e9:6d:e4:7c:a1:9e:
         b7:9c:db:83:de:9a:87:c4:84:af:df:e1:67:98:41:7f:05:82:
         c2:ea:40:0e:03:09:e8:fe:d4:98:2f:86:6e:38:1c:8a:1b:cb:
         23:ef:8c:b9:73:0b:c0:21:40:1a:3b:c6:b9:8f:cd:91:12:07:
         1b:8c:82:51:ea:a0:32:67:e7:4f:92:38:21:7a:67:ba:68:fd:
         79:cd:ac:08:11:ce:6a:ff:9c:62:ae:db:43:2f:e9:60:a6:b8:
         0e:ff:d3:f1:f1:73:ca:42:3b:9b:70:b8:01:25:8a:cc:1a:8e:
         c9:20:4d:65:44:60:b0:7b:24:e9:7c:8f:08:76:21:55:0d:da:
         34:12:c8:84:cd:15:7d:bf:2b:1f:30:b3:de:51:59:a9:d1:75:
         a0:b3:8b:77:77:65:80:61:b1:16:65:53:13:1a:4d:b6:0e:60:
         a4:a9:c0:95:bd:a1:4b:6f:64:a8:42:1c:00:76:6c:dc:b1:81:
         31:82:4a:9c:9f:ab:0d:76:64:d7:47:88:c0:b8:94:65:15:b9:
         2e:93:66:65:2e:3f:35:12:39:95:83:7c:8c:cb:ec:3d:c7:b9:
         40:c6:05:ad:1b:0b:a3:ae:e7:2d:4f:6a:91:27:36:15:16:ea:
         41:83:65:00
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUCJRHsyYjXzLlIvDE3pn+qRGuUVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA0MTEwODQ3MjBaFw0yNjA0MTAwODUyMjBaMDMxMTAvBgNV
BAMTKEYwNTdBRDM3Q0IxMzg5NzMwOTE3Q0E3MjI4QUY0QTM0NjlFQzAxRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwjJdrKq4PdFt7JnVAuIrhCcr5
SZM3v+O7WA+EUBdhaZBKZfA93JM4N0/RpCkeo6LttQko+8V8/qCou5fZGu3mRBSp
KYl9vfNJwVRf1H94CNp2n39chnxV0R1RA34nul23WXF62hfkjQFr7067IKUB0g2k
wsJqaLUiWj3Xn4TTEstF26CFvTmgXcbk8RCxzWJnOcjPRiUjiZ8XtUB6FthOJ0IG
Ruti7Sw2imfbcfbxPdRjo91FR0FiQsXWBYq6T0DF5VYZl75bLk5/IjVbT5f+4B1K
xXeL6MEkyyVrwWBvTWqgPjNP+IajNiAOGJcUvA9fZpfHEdKBbBcybW1u/XTPAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQU8FetN8sTiXMJF8pyKK9KNGnsAewwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzNDMyMmUzMTM2MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMyMzUz
OC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAC2OpzANBgkqhkiG9w0BAQsFAAOCAQEAWFV1X94d2+sl1pUn
6W3kfKGet5zbg96ah8SEr9/hZ5hBfwWCwupADgMJ6P7UmC+GbjgcihvLI++MuXML
wCFAGjvGuY/NkRIHG4yCUeqgMmfnT5I4IXpnumj9ec2sCBHOav+cYq7bQy/pYKa4
Dv/T8fFzykI7m3C4ASWKzBqOySBNZURgsHsk6XyPCHYhVQ3aNBLIhM0Vfb8rHzCz
3lFZqdF1oLOLd3dlgGGxFmVTExpNtg5gpKnAlb2hS29kqEIcAHZs3LGBMYJKnJ+r
DXZk10eIwLiUZRW5LpNmZS4/NRI5lYN8jMvsPce5QMYFrRsLo67nLU9qkSc2FRbq
QYNlAA==
-----END CERTIFICATE-----