Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2036323333.roa
File:                     3139322e3130392e3232382e302f32332d3234203d3e2036323333.roa (raw, json)
Hash identifier:          ehli7TMiB2I8RQZ7vxMqOSg8/ILbCRnwE3/fvggePDk=
Subject key identifier:   FD:20:B3:91:83:56:88:B9:AB:AC:B8:7A:EE:DC:18:F7:E4:64:D3:79
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       5F552CB797610E8AADE142F3FBD152707DAD1AD0
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2036323333.roa
Signing time:             Thu 12 Sep 2024 13:50:18 +0000
ROA not before:           Thu 12 Sep 2024 13:45:18 +0000
ROA not after:            Thu 11 Sep 2025 13:50:18 +0000
asID:                     6233
IP address blocks:        192.109.228.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:55:2c:b7:97:61:0e:8a:ad:e1:42:f3:fb:d1:52:70:7d:ad:1a:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Sep 12 13:45:18 2024 GMT
            Not After : Sep 11 13:50:18 2025 GMT
        Subject: CN=FD20B391835688B9ABACB87AEEDC18F7E464D379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:38:c7:fc:d6:4d:cc:27:a8:de:9c:ec:dd:83:
                    bc:cd:70:cf:22:82:8e:bc:aa:db:6d:7e:b5:2f:69:
                    44:6c:77:b6:1b:ac:f8:43:77:35:ca:fd:8d:c8:3d:
                    e4:9d:99:36:4f:ee:1f:4c:ec:02:21:5f:d1:0b:15:
                    fa:a9:ec:e8:b0:f8:97:8e:4f:7c:d7:17:65:68:52:
                    5a:c7:a2:bc:c2:95:63:9c:1f:d1:7e:58:1b:0c:a5:
                    b6:f1:2d:65:03:7a:04:5d:d6:5d:fa:31:25:70:a3:
                    e2:34:85:35:22:0f:95:6c:98:aa:2f:a6:03:f2:89:
                    03:9d:25:d0:00:6d:cd:39:8c:d5:9a:85:da:cd:82:
                    ce:97:6e:76:b3:0f:05:75:dd:fd:89:6f:ba:d0:fc:
                    8a:66:2c:79:98:f8:76:8f:98:7e:f3:20:83:34:ee:
                    bb:64:a8:d2:6c:fa:12:81:65:de:eb:c5:6e:90:53:
                    aa:7d:16:11:71:98:b5:d0:1a:8b:35:74:25:25:73:
                    76:84:9c:b9:c8:4f:bd:41:2d:7a:e6:95:0f:28:68:
                    d2:cc:b6:1c:76:19:77:95:d2:d4:b6:4b:7e:47:02:
                    6b:a0:1e:f4:b7:26:91:ea:36:92:3a:d1:9f:86:4a:
                    72:7a:05:1b:5d:b5:ba:cb:79:b1:59:9e:c5:87:e7:
                    78:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:20:B3:91:83:56:88:B9:AB:AC:B8:7A:EE:DC:18:F7:E4:64:D3:79
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2036323333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:9b:80:4d:37:0b:36:66:78:48:35:7c:46:a1:0c:fa:97:4c:
         e1:22:c0:4b:a2:6f:79:08:03:92:1d:72:e6:5b:87:2d:10:66:
         28:72:7a:a5:b1:d2:62:b6:33:9c:68:51:5d:b2:e0:c4:7d:eb:
         df:d2:5f:9d:01:76:dc:1d:00:68:4a:f8:e2:93:bc:cd:53:9b:
         e9:a7:ff:0f:72:19:25:0e:b8:94:31:5e:07:09:5a:08:94:3c:
         30:7d:8d:d2:2d:b4:2b:76:f9:9a:40:fb:d8:52:91:01:cf:49:
         cc:03:53:22:9a:3e:99:91:2e:89:d9:bf:fe:d0:55:fa:e9:e2:
         fd:e1:db:ce:c1:de:02:a7:e8:6f:f0:8c:2f:20:f9:d0:29:a9:
         f0:bc:b3:4b:16:68:7d:71:32:76:9c:e8:db:82:73:df:42:45:
         cd:f9:5d:25:6e:59:8e:c5:90:b2:76:0b:d5:92:c9:b4:1d:01:
         e9:c4:67:4b:d8:4f:50:d9:a2:95:11:bf:f0:23:bb:2b:34:b0:
         8f:0b:c8:a5:9c:fb:97:79:e7:a1:dd:31:d9:ae:b4:51:5c:b6:
         05:6c:5f:b5:1d:82:c8:2b:52:81:1b:d9:9e:e2:3c:9c:83:27:
         63:ca:c8:4a:f1:77:19:17:c7:c3:0a:da:1f:dc:79:a9:1f:8f:
         d8:27:f4:c4
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUX1Ust5dhDoqt4ULz+9FScH2tGtAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA5MTIxMzQ1MThaFw0yNTA5MTExMzUwMThaMDMxMTAvBgNV
BAMTKEZEMjBCMzkxODM1Njg4QjlBQkFDQjg3QUVFREMxOEY3RTQ2NEQzNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuOMf81k3MJ6jenOzdg7zNcM8i
go68qtttfrUvaURsd7YbrPhDdzXK/Y3IPeSdmTZP7h9M7AIhX9ELFfqp7Oiw+JeO
T3zXF2VoUlrHorzClWOcH9F+WBsMpbbxLWUDegRd1l36MSVwo+I0hTUiD5VsmKov
pgPyiQOdJdAAbc05jNWahdrNgs6XbnazDwV13f2Jb7rQ/IpmLHmY+HaPmH7zIIM0
7rtkqNJs+hKBZd7rxW6QU6p9FhFxmLXQGos1dCUlc3aEnLnIT71BLXrmlQ8oaNLM
thx2GXeV0tS2S35HAmugHvS3JpHqNpI60Z+GSnJ6BRtdtbrLebFZnsWH53jdAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQU/SCzkYNWiLmrrLh67twY9+Rk03kwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzODJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM2MzIz
MzMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQBwG3kMA0GCSqGSIb3DQEBCwUAA4IBAQAum4BNNws2ZnhI
NXxGoQz6l0zhIsBLom95CAOSHXLmW4ctEGYocnqlsdJitjOcaFFdsuDEfevf0l+d
AXbcHQBoSvjik7zNU5vpp/8PchklDriUMV4HCVoIlDwwfY3SLbQrdvmaQPvYUpEB
z0nMA1Mimj6ZkS6J2b/+0FX66eL94dvOwd4Cp+hv8IwvIPnQKanwvLNLFmh9cTJ2
nOjbgnPfQkXN+V0lblmOxZCydgvVksm0HQHpxGdL2E9Q2aKVEb/wI7srNLCPC8il
nPuXeeeh3THZrrRRXLYFbF+1HYLIK1KBG9me4jycgydjyshK8XcZF8fDCtof3Hmp
H4/YJ/TE
-----END CERTIFICATE-----