Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3233322e302f32342d3234203d3e2034373835.roa
File:                     3139322e3130392e3233322e302f32342d3234203d3e2034373835.roa (raw, json)
Hash identifier:          En345J2Xam7AzyQ0smT8gvhGxYcVrrVJMezfgTPhQkw=
Subject key identifier:   EF:CF:A6:5B:81:6D:5E:7A:EB:D5:5E:1F:FD:8E:D3:54:7E:1F:1D:52
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       39D1CE5D4D07D6D3663E731F4F1C6B3D85A33767
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3233322e302f32342d3234203d3e2034373835.roa
Signing time:             Fri 22 Sep 2023 10:19:34 +0000
ROA not before:           Fri 22 Sep 2023 10:14:34 +0000
ROA not after:            Fri 20 Sep 2024 10:19:34 +0000
asID:                     4785
IP address blocks:        192.109.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:d1:ce:5d:4d:07:d6:d3:66:3e:73:1f:4f:1c:6b:3d:85:a3:37:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Sep 22 10:14:34 2023 GMT
            Not After : Sep 20 10:19:34 2024 GMT
        Subject: CN=EFCFA65B816D5E7AEBD55E1FFD8ED3547E1F1D52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:aa:a4:dd:9c:73:1d:c6:ef:13:76:d8:81:ce:
                    40:ef:9a:43:26:9a:f6:04:86:54:49:af:ba:cd:83:
                    ee:66:9d:1e:c5:40:d7:75:89:d8:22:24:f7:8c:96:
                    65:b1:63:61:ea:f1:57:b1:54:06:33:5e:fb:37:3a:
                    45:06:22:50:3c:d2:f1:2f:c8:cb:32:83:e3:f6:f0:
                    ce:7c:f0:de:ad:3c:b9:ee:6b:14:b0:b7:10:c9:02:
                    6d:e9:6f:9c:f8:ff:c0:ac:e1:d2:f1:2c:06:fe:50:
                    22:af:80:ae:8a:4d:dd:e3:89:05:5c:34:3b:d1:71:
                    06:e0:72:d5:8c:66:8d:9f:49:22:35:94:ca:21:71:
                    8f:59:a8:e8:3f:88:bc:64:e4:bf:43:0b:61:2c:bb:
                    62:5e:d8:28:09:8e:0a:74:e0:c8:c2:f3:fe:a0:9d:
                    39:52:8c:01:5e:31:6a:1a:3e:9f:70:cf:b9:32:65:
                    4b:57:5c:d3:2b:f6:c3:90:95:77:e4:fa:d9:f2:97:
                    cc:4d:fc:b9:3e:7b:86:6e:00:df:b9:1f:55:dc:dc:
                    3e:f5:50:97:f7:5f:bb:f5:ed:b7:8a:88:3e:cb:19:
                    84:a0:96:64:14:c9:48:bc:fc:b3:64:6c:6d:c5:5b:
                    19:a7:9f:5f:f4:f1:3a:3d:67:f0:b8:0b:37:49:4b:
                    91:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:CF:A6:5B:81:6D:5E:7A:EB:D5:5E:1F:FD:8E:D3:54:7E:1F:1D:52
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3233322e302f32342d3234203d3e2034373835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:6f:2a:be:7b:b3:86:da:70:db:50:a9:d3:fb:89:4e:88:4e:
         90:83:c3:89:19:e0:23:d1:4f:94:c3:45:cc:1b:7e:8d:fd:5a:
         08:04:26:86:b4:02:cc:c2:9e:5a:2b:d5:3e:f4:14:4e:54:4a:
         8e:03:eb:cc:e1:5e:3a:d3:55:63:f1:b0:dd:29:81:76:c9:cc:
         53:63:7e:dd:f1:11:d1:b2:ab:f1:32:49:3d:35:1f:05:01:ed:
         b1:63:e1:ab:76:4d:0e:c5:73:97:51:48:b2:b7:0b:b6:f3:7a:
         5e:17:31:d4:91:c6:1c:70:b8:56:ee:71:ae:bf:7a:bc:66:8b:
         ea:42:4a:78:dd:91:d9:56:aa:cf:7c:b0:45:a7:4f:94:4b:bd:
         7c:fa:12:ba:4e:b7:de:6e:3d:b5:08:77:1d:8e:7b:d0:7b:25:
         17:01:0d:ec:67:2c:45:be:2f:2e:ce:51:70:57:c0:d5:20:af:
         12:48:51:b4:80:58:a9:39:d2:82:ac:ff:9f:e9:84:e6:34:1b:
         dd:a6:e4:86:c0:cf:d6:69:a3:a6:f1:73:12:70:11:f0:a8:5b:
         ad:db:b3:65:f7:b9:31:b5:9f:99:c9:af:8b:fc:96:43:3a:0b:
         d0:a3:0c:40:75:14:3c:f0:90:73:c2:da:2f:c9:ba:32:a3:ba:
         c2:16:8a:17
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUOdHOXU0H1tNmPnMfTxxrPYWjN2cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yMzA5MjIxMDE0MzRaFw0yNDA5MjAxMDE5MzRaMDMxMTAvBgNV
BAMTKEVGQ0ZBNjVCODE2RDVFN0FFQkQ1NUUxRkZEOEVEMzU0N0UxRjFENTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrqqTdnHMdxu8TdtiBzkDvmkMm
mvYEhlRJr7rNg+5mnR7FQNd1idgiJPeMlmWxY2Hq8VexVAYzXvs3OkUGIlA80vEv
yMsyg+P28M588N6tPLnuaxSwtxDJAm3pb5z4/8Cs4dLxLAb+UCKvgK6KTd3jiQVc
NDvRcQbgctWMZo2fSSI1lMohcY9ZqOg/iLxk5L9DC2Esu2Je2CgJjgp04MjC8/6g
nTlSjAFeMWoaPp9wz7kyZUtXXNMr9sOQlXfk+tnyl8xN/Lk+e4ZuAN+5H1Xc3D71
UJf3X7v17beKiD7LGYSglmQUyUi8/LNkbG3FWxmnn1/08To9Z/C4CzdJS5GBAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQU78+mW4FtXnrr1V4f/Y7TVH4fHVIwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzMzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0Mzcz
ODM1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAwG3oMA0GCSqGSIb3DQEBCwUAA4IBAQBJbyq+e7OG2nDb
UKnT+4lOiE6Qg8OJGeAj0U+Uw0XMG36N/VoIBCaGtALMwp5aK9U+9BROVEqOA+vM
4V4601Vj8bDdKYF2ycxTY37d8RHRsqvxMkk9NR8FAe2xY+Grdk0OxXOXUUiytwu2
83peFzHUkcYccLhW7nGuv3q8ZovqQkp43ZHZVqrPfLBFp0+US718+hK6Trfebj21
CHcdjnvQeyUXAQ3sZyxFvi8uzlFwV8DVIK8SSFG0gFipOdKCrP+f6YTmNBvdpuSG
wM/WaaOm8XMScBHwqFut27Nl97kxtZ+Zya+L/JZDOgvQowxAdRQ88JBzwtovyboy
o7rCFooX
-----END CERTIFICATE-----