Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e2031303330.roa
File:                     3139322e3130392e3232382e302f32342d3234203d3e2031303330.roa (raw, json)
Hash identifier:          RMZXSSAbO7PB7U2IXNPBn/xL7hRjJhlUPsLDuBiO25M=
Subject key identifier:   09:FD:DD:FB:06:43:3D:9B:A5:9C:C4:36:3D:ED:C0:AD:85:92:28:0D
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       20B013A22A99B2C118C1EBF5C35BAC1006B2AA91
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e2031303330.roa
Signing time:             Fri 22 Sep 2023 10:19:35 +0000
ROA not before:           Fri 22 Sep 2023 10:14:35 +0000
ROA not after:            Fri 20 Sep 2024 10:19:35 +0000
asID:                     1030
IP address blocks:        192.109.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:b0:13:a2:2a:99:b2:c1:18:c1:eb:f5:c3:5b:ac:10:06:b2:aa:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Sep 22 10:14:35 2023 GMT
            Not After : Sep 20 10:19:35 2024 GMT
        Subject: CN=09FDDDFB06433D9BA59CC4363DEDC0AD8592280D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:af:c1:ad:e0:b4:44:86:6c:ea:6e:9c:86:fd:
                    64:f2:86:26:9e:4d:f5:12:a9:1a:29:77:66:00:c4:
                    84:b6:b7:f7:e6:0d:ad:1f:21:b7:af:7e:4a:4b:25:
                    aa:80:78:e1:00:e4:60:05:ea:a6:73:f2:6f:94:f6:
                    79:5f:8e:ec:f5:2f:ea:a9:a5:a1:c0:9a:7a:da:0a:
                    87:48:cc:57:71:78:b8:67:7b:0b:8a:11:f7:da:f7:
                    e1:d7:ab:79:8a:61:f5:66:c7:bb:21:0b:ac:3f:d1:
                    d4:af:f3:60:0a:73:b4:4d:19:54:55:36:e6:d4:27:
                    ac:68:b6:b9:be:94:cb:95:a1:b0:05:c4:b5:c0:f3:
                    5b:47:22:4c:2d:3d:b9:69:b3:28:60:a4:99:b6:1a:
                    89:4e:61:b7:2e:66:36:9d:7c:5c:71:74:0f:06:65:
                    e0:c0:e3:93:b8:cf:d6:16:a1:fb:7e:b1:e7:19:79:
                    2b:09:b4:b7:44:4b:d2:fb:fa:91:08:96:b4:bb:29:
                    51:17:43:4b:dc:0a:b0:d3:e3:f4:06:06:90:bd:85:
                    2f:ca:bb:7c:50:2f:10:bd:ec:73:31:4e:ed:57:65:
                    6f:f3:60:1e:53:87:68:5c:fa:95:e1:3c:8c:4b:8a:
                    36:a6:c0:2e:ce:a8:57:9f:64:7b:7e:18:61:b5:ff:
                    db:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:FD:DD:FB:06:43:3D:9B:A5:9C:C4:36:3D:ED:C0:AD:85:92:28:0D
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e2031303330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:24:03:48:55:1f:55:7e:e4:66:41:a6:08:5e:a7:7f:c6:2d:
         3d:96:a3:51:10:29:26:d1:54:ee:7a:69:a8:b8:20:b3:be:ef:
         5f:6b:ba:a1:98:80:d3:b7:cb:f7:07:26:c1:c8:14:39:fe:8f:
         b6:53:f1:f4:94:0b:a5:a4:a5:40:cc:ac:e7:06:f4:16:09:d7:
         ba:90:5c:2e:7b:31:8b:29:9f:85:e9:33:8c:df:f3:3b:fc:ae:
         10:2c:7e:81:74:4e:4c:5e:cf:d7:aa:fc:d2:70:08:4a:36:57:
         f4:77:dd:6b:6e:50:cb:28:31:ed:8a:3f:40:9f:b2:3b:04:0c:
         fd:91:a2:16:4c:c9:b0:0e:f6:da:d1:bb:c2:65:e5:37:ec:92:
         ae:4a:b9:30:09:05:66:c3:f7:ae:26:e0:8c:c8:d9:43:f3:dc:
         42:3d:36:de:d1:e1:fb:17:b7:1d:1c:6f:fd:e8:5c:12:60:3d:
         72:c0:aa:8c:41:f6:a5:55:8a:a9:5b:ee:ef:54:3e:b3:72:0d:
         12:b7:98:ee:0f:39:e1:fb:79:9c:45:ca:26:d9:9f:c5:b1:a1:
         55:26:51:59:6d:dd:ca:65:f9:c9:aa:9b:24:b5:d9:da:7a:28:
         1c:5f:0f:47:2a:a6:85:52:eb:09:39:c3:a9:dd:00:7f:07:11:
         2e:d0:97:07
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUILAToiqZssEYwev1w1usEAayqpEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yMzA5MjIxMDE0MzVaFw0yNDA5MjAxMDE5MzVaMDMxMTAvBgNV
BAMTKDA5RkREREZCMDY0MzNEOUJBNTlDQzQzNjNERURDMEFEODU5MjI4MEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVr8Gt4LREhmzqbpyG/WTyhiae
TfUSqRopd2YAxIS2t/fmDa0fIbevfkpLJaqAeOEA5GAF6qZz8m+U9nlfjuz1L+qp
paHAmnraCodIzFdxeLhnewuKEffa9+HXq3mKYfVmx7shC6w/0dSv82AKc7RNGVRV
NubUJ6xotrm+lMuVobAFxLXA81tHIkwtPblpsyhgpJm2GolOYbcuZjadfFxxdA8G
ZeDA45O4z9YWoft+secZeSsJtLdES9L7+pEIlrS7KVEXQ0vcCrDT4/QGBpC9hS/K
u3xQLxC97HMxTu1XZW/zYB5Th2hc+pXhPIxLijamwC7OqFefZHt+GGG1/9sZAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUCf3d+wZDPZulnMQ2Pe3ArYWSKA0wHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzAz
MzMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAwG3kMA0GCSqGSIb3DQEBCwUAA4IBAQBbJANIVR9VfuRm
QaYIXqd/xi09lqNRECkm0VTuemmouCCzvu9fa7qhmIDTt8v3BybByBQ5/o+2U/H0
lAulpKVAzKznBvQWCde6kFwuezGLKZ+F6TOM3/M7/K4QLH6BdE5MXs/XqvzScAhK
Nlf0d91rblDLKDHtij9An7I7BAz9kaIWTMmwDvba0bvCZeU37JKuSrkwCQVmw/eu
JuCMyNlD89xCPTbe0eH7F7cdHG/96FwSYD1ywKqMQfalVYqpW+7vVD6zcg0St5ju
Dznh+3mcRcom2Z/FsaFVJlFZbd3KZfnJqpsktdnaeigcXw9HKqaFUusJOcOp3QB/
BxEu0JcH
-----END CERTIFICATE-----