Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3233322e302f32342d3234203d3e2034373835.roa
File:                     3139322e3130392e3233322e302f32342d3234203d3e2034373835.roa (raw, json)
Hash identifier:          +5S/dRSTh/JGCLWel4bo2PSOdUPD4g7MCKzNOuH4pss=
Subject key identifier:   81:4E:B1:A9:4F:5C:AC:72:A6:72:9A:D7:6C:AF:E0:02:E0:49:C3:4D
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       389EC0E67310EA494A386B3DB5969C0EB1E92B01
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3233322e302f32342d3234203d3e2034373835.roa
Signing time:             Fri 23 Aug 2024 10:47:07 +0000
ROA not before:           Fri 23 Aug 2024 10:42:07 +0000
ROA not after:            Fri 22 Aug 2025 10:47:07 +0000
asID:                     4785
IP address blocks:        192.109.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:9e:c0:e6:73:10:ea:49:4a:38:6b:3d:b5:96:9c:0e:b1:e9:2b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Aug 23 10:42:07 2024 GMT
            Not After : Aug 22 10:47:07 2025 GMT
        Subject: CN=814EB1A94F5CAC72A6729AD76CAFE002E049C34D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:36:6e:c8:cc:73:4a:0b:ec:18:b3:52:05:93:
                    20:93:b5:c4:ee:f1:97:d6:0a:e1:63:a5:d2:4e:9f:
                    57:8c:6b:be:ed:26:9f:2e:63:9b:08:dc:26:5c:ce:
                    b1:bb:3a:02:18:26:58:34:f6:ea:9e:f6:24:ca:b1:
                    b8:0f:f3:9c:43:0a:da:eb:4f:ec:56:d2:fa:e1:d5:
                    1f:12:f9:e9:37:a7:5f:7a:e0:47:67:d9:d3:b2:a9:
                    85:a0:fb:9f:b6:09:74:76:b3:d9:b7:e5:25:08:6f:
                    ae:9e:35:cb:47:e8:11:98:08:bf:55:eb:37:e2:bb:
                    15:34:1f:b0:6f:29:35:f6:d1:8d:55:ea:08:1c:63:
                    26:c5:55:9e:8c:50:61:17:8b:86:ad:bb:ba:d1:92:
                    77:e3:a4:fd:17:4a:ee:1a:27:be:58:64:17:53:48:
                    93:43:2c:cf:7f:bf:e1:4d:c9:51:a3:85:67:fc:a9:
                    1d:b9:09:bb:60:0b:1d:ec:e5:63:bc:96:69:29:7d:
                    05:eb:df:19:25:5c:6d:a0:24:cb:32:80:27:be:a8:
                    a7:8e:71:a4:81:7c:59:9e:41:28:f0:d1:22:39:dc:
                    d9:35:02:f1:aa:e6:a8:f6:e5:fd:82:75:37:95:10:
                    11:45:b1:aa:af:88:0d:f1:80:e2:63:4f:41:6e:64:
                    b5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:4E:B1:A9:4F:5C:AC:72:A6:72:9A:D7:6C:AF:E0:02:E0:49:C3:4D
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3233322e302f32342d3234203d3e2034373835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:42:9a:a7:0f:8d:3b:1c:b8:1d:7c:1c:08:9a:9c:9a:2b:0a:
         c9:14:3c:bf:b4:f4:a8:75:73:2c:4c:5f:9b:70:3e:39:73:cc:
         80:21:0a:53:50:43:59:32:24:22:45:34:25:4c:b0:52:6f:90:
         aa:48:d9:de:88:5e:49:70:20:82:6a:9f:c9:5a:f2:4d:d2:1b:
         0a:36:be:5f:fb:c8:d3:98:ef:17:c5:e2:0d:41:da:b6:9f:25:
         04:3c:74:c1:83:4c:77:58:bb:d3:aa:be:f3:5d:92:80:de:be:
         6c:0a:d4:b9:f3:2a:41:c9:9a:a8:b1:44:91:b7:5c:db:32:34:
         e0:ab:59:5e:de:cd:9f:e0:af:64:b7:93:0f:70:d8:ce:48:b9:
         42:ad:bc:25:93:36:c5:1f:a6:cd:73:30:f8:c8:c6:e7:d0:69:
         8a:ff:ac:81:e1:2d:bc:ac:1f:cf:08:4c:f2:97:32:e6:db:27:
         09:fc:e4:0a:eb:b5:43:c6:03:01:0e:1e:3b:32:27:4f:45:c6:
         9e:0a:63:de:8c:50:68:f2:70:f8:87:69:88:0b:eb:ad:e6:05:
         17:da:0c:b0:f0:07:0b:d5:c8:a9:4e:00:56:71:3f:89:7b:f4:
         b1:a0:7b:58:24:bc:d8:91:6a:a2:7e:be:a9:23:49:a8:b0:00:
         17:18:1e:40
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUOJ7A5nMQ6klKOGs9tZacDrHpKwEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA4MjMxMDQyMDdaFw0yNTA4MjIxMDQ3MDdaMDMxMTAvBgNV
BAMTKDgxNEVCMUE5NEY1Q0FDNzJBNjcyOUFENzZDQUZFMDAyRTA0OUMzNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDENm7IzHNKC+wYs1IFkyCTtcTu
8ZfWCuFjpdJOn1eMa77tJp8uY5sI3CZczrG7OgIYJlg09uqe9iTKsbgP85xDCtrr
T+xW0vrh1R8S+ek3p1964Edn2dOyqYWg+5+2CXR2s9m35SUIb66eNctH6BGYCL9V
6zfiuxU0H7BvKTX20Y1V6ggcYybFVZ6MUGEXi4atu7rRknfjpP0XSu4aJ75YZBdT
SJNDLM9/v+FNyVGjhWf8qR25CbtgCx3s5WO8lmkpfQXr3xklXG2gJMsygCe+qKeO
caSBfFmeQSjw0SI53Nk1AvGq5qj25f2CdTeVEBFFsaqviA3xgOJjT0FuZLVJAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUgU6xqU9crHKmcprXbK/gAuBJw00wHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzMzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0Mzcz
ODM1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAwG3oMA0GCSqGSIb3DQEBCwUAA4IBAQCvQpqnD407HLgd
fBwImpyaKwrJFDy/tPSodXMsTF+bcD45c8yAIQpTUENZMiQiRTQlTLBSb5CqSNne
iF5JcCCCap/JWvJN0hsKNr5f+8jTmO8XxeINQdq2nyUEPHTBg0x3WLvTqr7zXZKA
3r5sCtS58ypByZqosUSRt1zbMjTgq1le3s2f4K9kt5MPcNjOSLlCrbwlkzbFH6bN
czD4yMbn0GmK/6yB4S28rB/PCEzylzLm2ycJ/OQK67VDxgMBDh47MidPRcaeCmPe
jFBo8nD4h2mIC+ut5gUX2gyw8AcL1cipTgBWcT+Je/SxoHtYJLzYkWqifr6pI0mo
sAAXGB5A
-----END CERTIFICATE-----