Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/37/38352e3139332e37382e302f32342d3234203d3e20313937373330.roa
File:                     38352e3139332e37382e302f32342d3234203d3e20313937373330.roa (raw, json)
Hash identifier:          95QJUPjCcF8/CwnLBHQROLBkzMI/LingnRL1NDUTdyo=
Subject key identifier:   89:2A:3F:B3:69:BA:44:58:7F:F1:22:D9:10:7D:41:60:B3:40:8A:DE
Certificate issuer:       /CN=c8af62a54d23ce118fceb4a95e614c0b1df60351
Certificate serial:       09DECF6864697B938AF834A1640F4B2EAF6966C8
Authority key identifier: C8:AF:62:A5:4D:23:CE:11:8F:CE:B4:A9:5E:61:4C:0B:1D:F6:03:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer
Subject info access:      rsync://0.sb/repo/sb/37/38352e3139332e37382e302f32342d3234203d3e20313937373330.roa
Signing time:             Tue 05 Dec 2023 05:44:13 +0000
ROA not before:           Tue 05 Dec 2023 05:39:13 +0000
ROA not after:            Tue 03 Dec 2024 05:44:13 +0000
asID:                     197730
IP address blocks:        85.193.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.crl
                          rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 20:23:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:de:cf:68:64:69:7b:93:8a:f8:34:a1:64:0f:4b:2e:af:69:66:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8af62a54d23ce118fceb4a95e614c0b1df60351
        Validity
            Not Before: Dec  5 05:39:13 2023 GMT
            Not After : Dec  3 05:44:13 2024 GMT
        Subject: CN=892A3FB369BA44587FF122D9107D4160B3408ADE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ad:0d:9e:db:31:13:d1:79:cc:f5:fb:07:86:
                    85:5a:f1:67:10:48:c2:89:1d:76:c3:c8:8c:ab:a3:
                    34:f1:5a:26:9a:50:ff:78:04:1e:48:c5:3a:44:e0:
                    8d:bb:9e:5f:b7:c2:a5:0e:12:17:73:3d:92:65:64:
                    cc:31:a0:89:17:66:6d:d4:9f:7e:d6:5a:ad:ce:24:
                    0b:7c:35:b3:86:15:f3:6a:37:bf:f4:fc:8f:a4:29:
                    57:01:6f:28:d0:62:f3:76:83:9c:27:22:4c:72:7c:
                    ce:49:9d:23:7f:dd:99:bc:61:ef:7c:45:0e:38:6d:
                    ea:f3:d1:2e:d1:9b:9a:16:20:c1:6e:f4:b8:f2:b0:
                    12:5f:23:18:04:e6:20:59:cb:1e:dd:68:d3:cd:02:
                    ec:0a:5e:e7:29:91:14:d3:ad:4e:97:c1:1e:e6:38:
                    6a:59:10:67:60:ff:54:0f:ad:bb:45:50:bb:f1:00:
                    eb:52:ea:5c:35:f8:08:b9:df:f6:e9:72:54:53:34:
                    e2:63:a4:77:6d:c8:be:b4:a8:12:99:02:8b:1b:2f:
                    33:f5:f2:ef:cb:d7:e2:32:00:73:66:de:1d:de:1a:
                    b8:23:28:4c:1b:4b:c3:4c:6f:8a:1b:46:e2:5e:d5:
                    22:3e:a0:42:5f:28:8b:3f:a4:64:9c:50:76:bc:ea:
                    e9:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2A:3F:B3:69:BA:44:58:7F:F1:22:D9:10:7D:41:60:B3:40:8A:DE
            X509v3 Authority Key Identifier:
                keyid:C8:AF:62:A5:4D:23:CE:11:8F:CE:B4:A9:5E:61:4C:0B:1D:F6:03:51

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/37/38352e3139332e37382e302f32342d3234203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.193.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:99:26:04:f0:8c:25:64:4b:2b:b1:b8:7c:55:68:7d:32:9a:
         96:8a:b0:d1:a1:5d:8d:d8:ee:12:f3:4d:ba:89:de:88:b0:0a:
         87:00:d9:f3:59:f2:db:8c:3f:54:bd:40:dc:ff:17:1c:51:b4:
         3e:b8:61:4a:24:f4:11:54:57:67:f7:8b:d1:9d:27:b0:cc:de:
         3b:61:87:3b:db:09:40:6d:7e:e2:08:a0:62:d2:d1:13:8e:50:
         4a:41:1f:41:b6:05:b4:6e:40:8c:6d:79:3d:27:d4:08:5f:0f:
         9c:f9:c0:cd:9a:b1:08:7b:36:e4:6b:6e:a0:87:e8:50:38:68:
         ae:60:18:05:22:2a:6d:0c:aa:7b:dc:9b:d5:ab:d4:3e:22:25:
         af:6c:5f:73:a0:21:f9:4a:54:f5:ae:1f:b3:2a:80:88:1b:b4:
         38:e7:99:1d:f4:73:fe:0e:49:4f:ae:d1:a4:77:87:f2:4d:5f:
         45:62:8e:65:fa:15:61:6f:00:55:93:8b:40:e1:4e:74:d7:38:
         49:76:38:a9:37:a0:ef:3c:a7:62:51:4c:96:40:1c:79:ea:b7:
         8d:ec:5f:a8:9e:17:42:9f:56:cb:db:80:f9:1a:1f:d5:e9:ea:
         48:11:48:4e:d2:d7:03:69:2c:b6:b6:eb:d4:1e:28:20:ac:4d:
         a2:7c:05:99
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUCd7PaGRpe5OK+DShZA9LLq9pZsgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzhhZjYyYTU0ZDIzY2UxMThmY2ViNGE5NWU2MTRjMGIx
ZGY2MDM1MTAeFw0yMzEyMDUwNTM5MTNaFw0yNDEyMDMwNTQ0MTNaMDMxMTAvBgNV
BAMTKDg5MkEzRkIzNjlCQTQ0NTg3RkYxMjJEOTEwN0Q0MTYwQjM0MDhBREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZrQ2e2zET0XnM9fsHhoVa8WcQ
SMKJHXbDyIyrozTxWiaaUP94BB5IxTpE4I27nl+3wqUOEhdzPZJlZMwxoIkXZm3U
n37WWq3OJAt8NbOGFfNqN7/0/I+kKVcBbyjQYvN2g5wnIkxyfM5JnSN/3Zm8Ye98
RQ44berz0S7Rm5oWIMFu9LjysBJfIxgE5iBZyx7daNPNAuwKXucpkRTTrU6XwR7m
OGpZEGdg/1QPrbtFULvxAOtS6lw1+Ai53/bpclRTNOJjpHdtyL60qBKZAosbLzP1
8u/L1+IyAHNm3h3eGrgjKEwbS8NMb4obRuJe1SI+oEJfKIs/pGScUHa86umnAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUiSo/s2m6RFh/8SLZEH1BYLNAit4wHwYDVR0j
BBgwFoAUyK9ipU0jzhGPzrSpXmFMCx32A1EwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzM3L0M4QUY2MkE1NEQy
M0NFMTE4RkNFQjRBOTVFNjE0QzBCMURGNjAzNTEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC95SzlpcFUwanpoR1B6clNwWG1GTUN4MzJBMUUuY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzcvMzgz
NTJlMzEzOTMzMmUzNzM4MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzOTM3Mzcz
MzMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAVcFOMA0GCSqGSIb3DQEBCwUAA4IBAQB2mSYE8IwlZEsr
sbh8VWh9MpqWirDRoV2N2O4S8026id6IsAqHANnzWfLbjD9UvUDc/xccUbQ+uGFK
JPQRVFdn94vRnSewzN47YYc72wlAbX7iCKBi0tETjlBKQR9BtgW0bkCMbXk9J9QI
Xw+c+cDNmrEIezbka26gh+hQOGiuYBgFIiptDKp73JvVq9Q+IiWvbF9zoCH5SlT1
rh+zKoCIG7Q455kd9HP+DklPrtGkd4fyTV9FYo5l+hVhbwBVk4tA4U501zhJdjip
N6DvPKdiUUyWQBx56reN7F+onhdCn1bL24D5Gh/V6epIEUhO0tcDaSy2tuvUHigg
rE2ifAWZ
-----END CERTIFICATE-----