Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/3134362e31392e3134352e302f32342d3234203d3e2038383838.roa
File:                     3134362e31392e3134352e302f32342d3234203d3e2038383838.roa (raw, json)
Hash identifier:          pJY2pZUTqfU+Ti3Kj0lT3F8b5Ly3whUMcyUs8w+kM1c=
Subject key identifier:   63:CF:21:F5:BF:65:CB:1C:71:19:6B:CE:F2:78:CB:B6:4E:C0:10:12
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       5671772B457AC4416E8E60096694727C4544B89D
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/3134362e31392e3134352e302f32342d3234203d3e2038383838.roa
Signing time:             Sat 18 Nov 2023 15:52:47 +0000
ROA not before:           Sat 18 Nov 2023 15:47:47 +0000
ROA not after:            Sat 16 Nov 2024 15:52:47 +0000
asID:                     8888
IP address blocks:        146.19.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:71:77:2b:45:7a:c4:41:6e:8e:60:09:66:94:72:7c:45:44:b8:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Nov 18 15:47:47 2023 GMT
            Not After : Nov 16 15:52:47 2024 GMT
        Subject: CN=63CF21F5BF65CB1C71196BCEF278CBB64EC01012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a0:81:26:fc:47:a1:23:97:ad:ee:70:1c:39:
                    f6:df:c5:b0:c1:cc:cc:cf:51:51:e5:43:f6:93:3e:
                    ae:c6:1f:e0:62:3c:12:ac:c7:b8:30:96:78:24:1b:
                    9d:31:df:b5:c4:00:02:da:64:c4:83:a3:12:09:b3:
                    53:9d:1a:b3:2c:b3:92:08:bb:f2:4b:0b:4c:8a:2b:
                    e2:9b:98:05:8d:14:29:13:72:0a:b7:81:82:5f:19:
                    94:51:50:0d:13:4a:b2:52:48:e8:59:2c:93:73:72:
                    33:f1:65:6b:81:45:9e:ad:2a:88:e0:7b:74:c4:58:
                    1d:fe:4f:ff:e1:3d:5b:47:e5:ec:d0:36:d6:7d:e0:
                    1b:88:00:e5:b4:b5:d0:21:ee:01:76:8f:3a:e0:e3:
                    d4:22:89:0c:d4:90:ce:fa:96:1d:d7:d8:b9:81:0f:
                    2a:53:c2:2a:59:00:d4:ef:64:14:50:f0:94:de:0c:
                    fc:b8:73:5b:38:f6:38:9e:db:3b:4e:37:4e:25:e9:
                    c9:35:19:9a:bc:57:6b:68:29:71:c5:ec:aa:49:be:
                    93:18:53:ad:1e:f2:26:1f:13:36:af:a0:c1:47:db:
                    26:88:a6:ba:ab:bd:c9:52:7e:2f:4d:9b:a6:bb:2c:
                    29:0b:0d:a4:e1:fe:ed:c0:05:21:5b:ba:64:2e:52:
                    78:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:CF:21:F5:BF:65:CB:1C:71:19:6B:CE:F2:78:CB:B6:4E:C0:10:12
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/3134362e31392e3134352e302f32342d3234203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:6d:a1:08:b5:dd:40:ec:66:65:52:9e:56:33:bb:cf:67:44:
         96:f8:bc:49:c0:bf:de:3f:cd:8d:9f:a1:bd:eb:85:70:11:7e:
         00:25:9a:83:e3:c8:68:17:f8:ff:10:ca:03:db:95:18:4f:e4:
         e8:12:3e:ce:cb:cd:31:9f:b5:c4:a4:34:02:f6:7c:8d:af:3c:
         1a:25:db:f7:88:1a:28:a1:db:97:56:c4:58:1c:bf:13:ea:1f:
         ae:55:1d:7f:6d:f6:64:77:94:31:e8:70:40:02:9c:df:30:b5:
         06:86:54:6e:59:d8:1c:20:85:d3:13:0c:25:84:ba:59:14:47:
         41:1d:17:1d:9e:08:1e:a9:46:6e:f3:a3:97:b8:37:b8:2a:1a:
         9f:3d:e7:03:f3:f0:d6:1b:a5:ce:b2:57:27:54:c0:ec:c3:a9:
         61:c7:68:99:9e:72:83:ff:0e:fb:ec:ee:01:c0:ba:4a:ca:f5:
         1b:e7:bc:0c:17:9c:2b:3e:fd:94:b8:2c:82:89:ff:a2:b7:a1:
         62:c7:35:6d:a5:b1:19:29:27:7e:c8:21:32:94:b4:fb:d5:06:
         73:04:7c:91:2f:b6:a2:40:65:8c:7d:f1:7c:1f:1c:cd:7b:8d:
         a2:5a:b9:a3:95:df:f8:d7:4a:25:da:fa:58:e9:4b:ac:c8:88:
         b0:20:a7:8d
-----BEGIN CERTIFICATE-----
MIIErjCCA5agAwIBAgIUVnF3K0V6xEFujmAJZpRyfEVEuJ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yMzExMTgxNTQ3NDdaFw0yNDExMTYxNTUyNDdaMDMxMTAvBgNV
BAMTKDYzQ0YyMUY1QkY2NUNCMUM3MTE5NkJDRUYyNzhDQkI2NEVDMDEwMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8oIEm/EehI5et7nAcOfbfxbDB
zMzPUVHlQ/aTPq7GH+BiPBKsx7gwlngkG50x37XEAALaZMSDoxIJs1OdGrMss5II
u/JLC0yKK+KbmAWNFCkTcgq3gYJfGZRRUA0TSrJSSOhZLJNzcjPxZWuBRZ6tKojg
e3TEWB3+T//hPVtH5ezQNtZ94BuIAOW0tdAh7gF2jzrg49QiiQzUkM76lh3X2LmB
DypTwipZANTvZBRQ8JTeDPy4c1s49jie2ztON04l6ck1GZq8V2toKXHF7KpJvpMY
U60e8iYfEzavoMFH2yaIprqrvclSfi9Nm6a7LCkLDaTh/u3ABSFbumQuUngNAgMB
AAGjggG4MIIBtDAdBgNVHQ4EFgQUY88h9b9lyxxxGWvO8njLtk7AEBIwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwawYIKwYBBQUH
AQsEXzBdMFsGCCsGAQUFBzALhk9yc3luYzovLzAuc2IvcmVwby9zYi8xLzMxMzQz
NjJlMzEzOTJlMzEzNDM1MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzODM4Mzgu
cm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAO
MAwEAgABMAYDBACSE5EwDQYJKoZIhvcNAQELBQADggEBAL9toQi13UDsZmVSnlYz
u89nRJb4vEnAv94/zY2fob3rhXARfgAlmoPjyGgX+P8QygPblRhP5OgSPs7LzTGf
tcSkNAL2fI2vPBol2/eIGiih25dWxFgcvxPqH65VHX9t9mR3lDHocEACnN8wtQaG
VG5Z2BwghdMTDCWEulkUR0EdFx2eCB6pRm7zo5e4N7gqGp895wPz8NYbpc6yVydU
wOzDqWHHaJmecoP/Dvvs7gHAukrK9RvnvAwXnCs+/ZS4LIKJ/6K3oWLHNW2lsRkp
J37IITKUtPvVBnMEfJEvtqJAZYx98XwfHM17jaJauaOV3/jXSiXa+ljpS6zIiLAg
p40=
-----END CERTIFICATE-----