Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e203433393539.roa
File:                     3139322e3130392e3233332e302f32342d3234203d3e203433393539.roa (raw, json)
Hash identifier:          wcT8Iwyn6TzcAhHsEx/FPRzH0vtdvGR0YMcaV0oNUfE=
Subject key identifier:   0B:19:EF:B0:FE:B4:53:9C:E1:A6:15:3D:60:8C:49:40:2D:AB:E6:CE
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       60060E22914EA3A24F7437BB99047C4B6D252A9E
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e203433393539.roa
Signing time:             Fri 23 Aug 2024 10:47:07 +0000
ROA not before:           Fri 23 Aug 2024 10:42:07 +0000
ROA not after:            Fri 22 Aug 2025 10:47:07 +0000
asID:                     43959
IP address blocks:        192.109.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:06:0e:22:91:4e:a3:a2:4f:74:37:bb:99:04:7c:4b:6d:25:2a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Aug 23 10:42:07 2024 GMT
            Not After : Aug 22 10:47:07 2025 GMT
        Subject: CN=0B19EFB0FEB4539CE1A6153D608C49402DABE6CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:10:9b:e5:fc:05:55:3e:a9:30:a9:d6:3e:a8:
                    42:49:f1:2a:a7:e5:8d:aa:57:2a:9a:b3:0d:9b:f4:
                    6f:7b:74:63:d0:70:b9:c0:9f:99:af:1f:0c:dc:0d:
                    f5:54:13:4f:4f:bf:c4:8f:25:5d:b5:e7:f9:3d:bd:
                    48:e8:7c:21:22:bb:13:0d:da:f1:b2:a6:9e:51:06:
                    be:b4:48:b0:40:30:96:f7:64:83:ca:bb:a1:b8:db:
                    5c:3b:bb:eb:8c:15:ee:d6:e6:42:c6:b2:5a:e4:a1:
                    55:d3:fe:01:99:de:8e:0e:ab:0f:ee:94:a3:e2:4e:
                    7b:74:2c:13:cd:d2:da:78:0c:86:e6:f8:e7:71:ee:
                    21:a5:2e:ef:94:9b:61:4e:bd:75:eb:a0:e3:40:fd:
                    33:84:64:52:19:9b:19:6e:88:3e:8c:1d:88:6f:f5:
                    79:18:9c:3f:ff:24:54:e5:aa:b9:18:7d:67:c8:71:
                    f0:ec:fd:bf:fc:85:aa:f6:36:c8:8d:08:0e:29:20:
                    eb:b1:eb:1f:5b:10:85:e2:81:dd:20:02:de:29:0a:
                    94:66:ac:95:a1:f5:9b:19:01:a0:5d:04:01:5b:aa:
                    aa:07:24:85:ad:b3:ba:58:c2:10:c0:09:76:ab:db:
                    66:77:0a:08:76:99:f6:3d:f6:e6:54:90:45:85:b8:
                    5b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:19:EF:B0:FE:B4:53:9C:E1:A6:15:3D:60:8C:49:40:2D:AB:E6:CE
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e203433393539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:86:f1:a6:9d:5c:5c:17:71:0b:75:08:34:c3:c8:6f:8a:34:
         cb:88:f3:cd:52:fd:b9:b8:3e:11:ce:b6:e0:85:81:e0:50:c9:
         67:a3:cf:43:69:77:8a:f5:59:9b:87:0b:d1:ed:b6:e2:fc:57:
         da:79:06:3e:22:ae:a9:62:97:97:93:59:84:23:9f:54:d6:c4:
         ba:c2:4a:27:7f:31:68:a8:00:08:43:37:0a:b9:1a:2d:8d:68:
         77:64:be:e6:0d:14:0f:e6:d6:9d:63:8e:5f:be:2e:11:79:e5:
         31:2f:5d:ad:1d:ae:d4:37:31:1e:c7:22:42:0b:c7:39:15:bd:
         83:cc:f1:e5:9b:50:48:28:cf:e8:7f:76:39:35:89:a8:6f:f2:
         17:65:dd:95:20:2e:f3:5b:b0:00:5b:47:c9:bb:90:70:45:7a:
         f4:3c:e5:fa:48:5a:e2:22:c0:2f:ac:40:cb:4c:7b:fc:8c:c0:
         82:a5:35:5f:1b:17:9f:ac:17:16:0c:f6:00:3a:e1:48:8c:fa:
         4e:6b:14:df:04:90:12:ac:bc:ab:32:cc:aa:59:3f:b9:d0:4e:
         37:21:be:b9:14:6a:bb:d7:c9:5f:86:ef:c0:29:57:3a:8d:28:
         f9:5d:b8:13:10:0a:32:73:be:0f:6c:26:db:dc:6e:01:9f:84:
         20:4e:1d:73
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIUYAYOIpFOo6JPdDe7mQR8S20lKp4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA4MjMxMDQyMDdaFw0yNTA4MjIxMDQ3MDdaMDMxMTAvBgNV
BAMTKDBCMTlFRkIwRkVCNDUzOUNFMUE2MTUzRDYwOEM0OTQwMkRBQkU2Q0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0EJvl/AVVPqkwqdY+qEJJ8Sqn
5Y2qVyqasw2b9G97dGPQcLnAn5mvHwzcDfVUE09Pv8SPJV215/k9vUjofCEiuxMN
2vGypp5RBr60SLBAMJb3ZIPKu6G421w7u+uMFe7W5kLGslrkoVXT/gGZ3o4Oqw/u
lKPiTnt0LBPN0tp4DIbm+Odx7iGlLu+Um2FOvXXroONA/TOEZFIZmxluiD6MHYhv
9XkYnD//JFTlqrkYfWfIcfDs/b/8har2NsiNCA4pIOux6x9bEIXigd0gAt4pCpRm
rJWh9ZsZAaBdBAFbqqoHJIWts7pYwhDACXar22Z3Cgh2mfY99uZUkEWFuFsDAgMB
AAGjggG+MIIBujAdBgNVHQ4EFgQUCxnvsP60U5zhphU9YIxJQC2r5s4wHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMHAGCCsGAQUF
BwELBGQwYjBgBggrBgEFBQcwC4ZUcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzMzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzMz
OTM1Mzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADAbekwDQYJKoZIhvcNAQELBQADggEBAJqG8aadXFwX
cQt1CDTDyG+KNMuI881S/bm4PhHOtuCFgeBQyWejz0Npd4r1WZuHC9HttuL8V9p5
Bj4irqlil5eTWYQjn1TWxLrCSid/MWioAAhDNwq5Gi2NaHdkvuYNFA/m1p1jjl++
LhF55TEvXa0drtQ3MR7HIkILxzkVvYPM8eWbUEgoz+h/djk1iahv8hdl3ZUgLvNb
sABbR8m7kHBFevQ85fpIWuIiwC+sQMtMe/yMwIKlNV8bF5+sFxYM9gA64UiM+k5r
FN8EkBKsvKsyzKpZP7nQTjchvrkUarvXyV+G78ApVzqNKPlduBMQCjJzvg9sJtvc
bgGfhCBOHXM=
-----END CERTIFICATE-----