Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e203233393539.roa
File:                     3139322e3130392e3233332e302f32342d3234203d3e203233393539.roa (raw, json)
Hash identifier:          TVucx/ahQHEO2LQB95afC04YxVXY1jJcxYdhRpNMutk=
Subject key identifier:   29:76:FB:C0:40:4B:B5:5D:23:30:90:17:82:BF:CB:6F:B5:26:5C:F4
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       4E7D89678321C62D8A94902C1E03F9C9C9D218F3
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e203233393539.roa
Signing time:             Fri 22 Sep 2023 10:19:33 +0000
ROA not before:           Fri 22 Sep 2023 10:14:33 +0000
ROA not after:            Fri 20 Sep 2024 10:19:33 +0000
asID:                     23959
IP address blocks:        192.109.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:7d:89:67:83:21:c6:2d:8a:94:90:2c:1e:03:f9:c9:c9:d2:18:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Sep 22 10:14:33 2023 GMT
            Not After : Sep 20 10:19:33 2024 GMT
        Subject: CN=2976FBC0404BB55D2330901782BFCB6FB5265CF4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7e:80:bd:38:79:23:5d:7e:72:c3:66:11:bc:
                    89:a9:a8:92:25:fd:cc:63:a2:30:75:5e:fb:73:07:
                    47:c6:4c:8e:79:af:16:17:62:89:0b:11:5e:19:56:
                    6a:49:a1:0e:fb:7a:0e:5c:b0:a3:2b:6c:3e:89:18:
                    e8:03:bb:d8:9e:09:70:ce:9f:91:3b:cc:f4:56:58:
                    98:14:09:99:9a:81:b4:e1:e5:0b:08:84:34:c4:ef:
                    35:e2:4e:cc:00:92:85:76:46:63:1a:f6:5c:27:84:
                    39:ae:b5:79:c2:45:3d:b5:97:0d:93:40:f9:ad:5d:
                    e1:d0:a4:4a:c0:57:a8:6b:df:e8:a9:45:a1:3b:f1:
                    89:80:88:bf:4e:0a:2d:5a:bb:11:49:30:57:55:d4:
                    2c:02:68:82:6e:91:86:76:c8:e2:af:17:3e:ba:72:
                    3b:bb:4d:ce:3a:b8:9a:89:40:71:f4:b0:9b:78:64:
                    7c:1a:21:03:ca:5f:c1:d9:9e:95:8b:50:1f:56:f1:
                    6d:c7:28:9e:ea:f1:ff:00:9a:a7:2f:7a:b8:09:df:
                    c8:e3:ba:7f:0e:da:df:cc:e7:86:72:0d:cd:c8:4d:
                    b2:db:f4:d3:a2:47:a3:b8:39:5b:02:4a:ef:16:d0:
                    68:48:93:09:be:8d:ec:91:7d:b9:15:49:04:77:ea:
                    2e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:76:FB:C0:40:4B:B5:5D:23:30:90:17:82:BF:CB:6F:B5:26:5C:F4
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e203233393539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:3c:df:62:1f:3d:4e:19:ec:3b:01:30:00:a7:69:7d:27:c9:
         c3:64:74:bc:e1:c2:7e:3f:94:ff:1c:34:c4:e1:f4:a1:69:9f:
         dc:04:09:89:50:f7:a7:57:99:c8:da:ce:6b:06:14:8d:e1:a9:
         8b:a4:38:01:36:59:4a:c6:7e:ed:ff:92:80:ff:fa:5f:12:50:
         1b:3a:e9:12:56:a1:8a:c0:fd:cf:17:e7:8f:09:5d:2b:a8:6f:
         0e:81:6f:25:94:21:35:c2:36:d7:dd:8f:85:72:5c:4a:f1:9d:
         10:b0:16:ab:2e:55:e3:3f:50:10:46:0b:1d:65:7d:db:45:fc:
         12:33:08:53:3a:69:fc:37:a7:a8:83:52:7f:64:2a:ab:5c:f6:
         91:d8:09:ad:f7:f8:a9:a3:1c:9b:19:23:d6:71:e1:45:ac:0e:
         70:f8:e5:24:76:fc:63:8b:9e:3c:53:5f:3e:72:22:1e:7a:0c:
         64:93:d5:de:4c:87:e1:d8:86:17:30:b0:cc:1e:dc:fb:0b:08:
         34:a4:78:62:c2:4b:a7:71:4d:b1:47:4e:d3:1f:24:8f:d4:db:
         08:bc:0d:34:c9:6e:ef:e2:fd:ac:32:b2:f7:3e:52:14:cc:3e:
         d4:c8:cf:8a:97:2a:ef:55:2a:04:b5:46:cc:cb:a1:e7:85:2e:
         2d:8f:28:1c
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIUTn2JZ4Mhxi2KlJAsHgP5ycnSGPMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yMzA5MjIxMDE0MzNaFw0yNDA5MjAxMDE5MzNaMDMxMTAvBgNV
BAMTKDI5NzZGQkMwNDA0QkI1NUQyMzMwOTAxNzgyQkZDQjZGQjUyNjVDRjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEfoC9OHkjXX5yw2YRvImpqJIl
/cxjojB1XvtzB0fGTI55rxYXYokLEV4ZVmpJoQ77eg5csKMrbD6JGOgDu9ieCXDO
n5E7zPRWWJgUCZmagbTh5QsIhDTE7zXiTswAkoV2RmMa9lwnhDmutXnCRT21lw2T
QPmtXeHQpErAV6hr3+ipRaE78YmAiL9OCi1auxFJMFdV1CwCaIJukYZ2yOKvFz66
cju7Tc46uJqJQHH0sJt4ZHwaIQPKX8HZnpWLUB9W8W3HKJ7q8f8AmqcvergJ38jj
un8O2t/M54ZyDc3ITbLb9NOiR6O4OVsCSu8W0GhIkwm+jeyRfbkVSQR36i4LAgMB
AAGjggG+MIIBujAdBgNVHQ4EFgQUKXb7wEBLtV0jMJAXgr/Lb7UmXPQwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMHAGCCsGAQUF
BwELBGQwYjBgBggrBgEFBQcwC4ZUcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzMzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzMz
OTM1Mzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADAbekwDQYJKoZIhvcNAQELBQADggEBACo832IfPU4Z
7DsBMACnaX0nycNkdLzhwn4/lP8cNMTh9KFpn9wECYlQ96dXmcjazmsGFI3hqYuk
OAE2WUrGfu3/koD/+l8SUBs66RJWoYrA/c8X548JXSuobw6BbyWUITXCNtfdj4Vy
XErxnRCwFqsuVeM/UBBGCx1lfdtF/BIzCFM6afw3p6iDUn9kKqtc9pHYCa33+Kmj
HJsZI9Zx4UWsDnD45SR2/GOLnjxTXz5yIh56DGST1d5Mh+HYhhcwsMwe3PsLCDSk
eGLCS6dxTbFHTtMfJI/U2wi8DTTJbu/i/awysvc+UhTMPtTIz4qXKu9VKgS1RszL
oeeFLi2PKBw=
-----END CERTIFICATE-----