Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/34352e3134322e3136372e302f32342d3234203d3e203233393539.roa
File:                     34352e3134322e3136372e302f32342d3234203d3e203233393539.roa (raw, json)
Hash identifier:          CeOfiiRH4A9irSg0hFkGdre9FLh4pJaw9usjdvx35Lg=
Subject key identifier:   A9:12:2C:BE:BA:9B:40:F1:63:F4:BA:6E:47:47:44:AF:DF:61:B9:B1
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       0F61CAA668C1FBC3568BD2F7FC7D90AA39D5915C
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/34352e3134322e3136372e302f32342d3234203d3e203233393539.roa
Signing time:             Fri 23 Aug 2024 10:47:07 +0000
ROA not before:           Fri 23 Aug 2024 10:42:07 +0000
ROA not after:            Fri 22 Aug 2025 10:47:07 +0000
asID:                     23959
IP address blocks:        45.142.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 12:27:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:61:ca:a6:68:c1:fb:c3:56:8b:d2:f7:fc:7d:90:aa:39:d5:91:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Aug 23 10:42:07 2024 GMT
            Not After : Aug 22 10:47:07 2025 GMT
        Subject: CN=A9122CBEBA9B40F163F4BA6E474744AFDF61B9B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:8c:7a:17:8f:70:ae:a1:05:77:a0:3d:2c:78:
                    51:81:52:f8:ba:92:11:e1:61:a5:a7:4c:53:bd:a8:
                    bf:12:d8:a0:90:ad:9f:48:b6:d5:79:8e:67:26:f3:
                    2c:3e:69:21:2b:aa:c5:3e:2b:2f:8a:d4:be:a8:91:
                    18:4c:89:59:1a:ce:f4:c7:62:38:09:f0:a9:0a:68:
                    19:95:75:0e:48:76:04:93:14:09:ef:87:df:69:b9:
                    00:98:37:3e:94:67:34:a8:3f:95:25:23:73:35:a6:
                    7a:51:6a:ec:84:18:70:15:8b:82:e7:90:f4:a7:6b:
                    88:49:1f:df:68:e4:35:a8:03:fc:6b:31:17:91:ef:
                    01:c9:19:56:49:2c:6d:53:f3:ae:1e:d7:3d:ff:b3:
                    6d:fd:5c:89:9b:fe:0e:3c:91:b8:6d:ed:23:14:db:
                    9a:a6:8d:b3:0a:69:92:c7:9f:c4:3e:ef:d0:2b:e5:
                    9e:7a:34:8b:00:2c:ae:e0:55:1c:e9:74:1e:90:a5:
                    09:94:fd:a5:96:09:7c:ee:b2:d7:ce:11:04:51:92:
                    fa:ee:d0:fe:b9:bc:5f:5b:94:8e:ca:47:f9:9a:a8:
                    4d:5a:90:a1:af:d4:f8:78:62:7e:5d:9e:4f:c7:47:
                    ea:ae:45:b6:7c:d8:22:06:6b:c2:f1:d0:c3:49:eb:
                    5f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:12:2C:BE:BA:9B:40:F1:63:F4:BA:6E:47:47:44:AF:DF:61:B9:B1
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/34352e3134322e3136372e302f32342d3234203d3e203233393539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:4f:64:8b:45:bb:2d:70:25:95:eb:f5:78:1a:08:b6:3f:a2:
         c0:5d:72:fe:e9:f7:02:67:6f:d6:05:c3:aa:89:72:93:8c:58:
         b3:f2:62:54:c4:aa:62:78:da:a3:1c:e3:96:ae:03:3a:2b:2d:
         04:d2:dc:bd:89:66:e4:0e:b5:15:1a:32:c9:59:a4:79:d6:df:
         b6:5a:dd:3c:4b:7f:6c:6d:7e:5c:b8:8c:16:af:42:df:53:18:
         42:7e:4e:fe:dc:5a:2f:c8:9c:7c:bf:1b:45:8a:8c:b9:ae:4a:
         62:16:45:1a:73:85:e7:05:b7:88:f3:bd:4d:de:d8:87:94:e6:
         60:d6:30:75:91:3c:ad:4a:c7:a4:8d:e8:2b:24:16:63:63:fe:
         b1:1e:bb:24:2b:a5:24:6a:88:67:3e:56:f1:bb:4d:d4:0b:a5:
         55:bd:6d:4b:46:4a:70:5e:ee:bc:80:e6:2a:3e:73:7e:b5:e6:
         7f:da:2a:a5:07:6f:3a:a7:16:46:c0:3c:1d:71:3c:dc:52:2f:
         3f:8a:88:54:1c:d0:72:8b:95:18:08:d8:18:c0:d7:92:f4:3e:
         a3:f4:87:e7:54:cf:3c:3a:4a:ff:3e:ab:10:0d:f1:80:14:64:
         17:bf:2e:00:b6:42:8b:62:6a:36:bb:f6:c3:5e:5d:3f:ca:71:
         7f:60:2c:95
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUD2HKpmjB+8NWi9L3/H2QqjnVkVwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA4MjMxMDQyMDdaFw0yNTA4MjIxMDQ3MDdaMDMxMTAvBgNV
BAMTKEE5MTIyQ0JFQkE5QjQwRjE2M0Y0QkE2RTQ3NDc0NEFGREY2MUI5QjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXjHoXj3CuoQV3oD0seFGBUvi6
khHhYaWnTFO9qL8S2KCQrZ9IttV5jmcm8yw+aSErqsU+Ky+K1L6okRhMiVkazvTH
YjgJ8KkKaBmVdQ5IdgSTFAnvh99puQCYNz6UZzSoP5UlI3M1pnpRauyEGHAVi4Ln
kPSna4hJH99o5DWoA/xrMReR7wHJGVZJLG1T864e1z3/s239XImb/g48kbht7SMU
25qmjbMKaZLHn8Q+79Ar5Z56NIsALK7gVRzpdB6QpQmU/aWWCXzustfOEQRRkvru
0P65vF9blI7KR/maqE1akKGv1Ph4Yn5dnk/HR+quRbZ82CIGa8Lx0MNJ619XAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUqRIsvrqbQPFj9LpuR0dEr99hubEwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzQz
NTJlMzEzNDMyMmUzMTM2MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMzMzkz
NTM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQALY6nMA0GCSqGSIb3DQEBCwUAA4IBAQAlT2SLRbstcCWV
6/V4Ggi2P6LAXXL+6fcCZ2/WBcOqiXKTjFiz8mJUxKpieNqjHOOWrgM6Ky0E0ty9
iWbkDrUVGjLJWaR51t+2Wt08S39sbX5cuIwWr0LfUxhCfk7+3FovyJx8vxtFioy5
rkpiFkUac4XnBbeI871N3tiHlOZg1jB1kTytSsekjegrJBZjY/6xHrskK6Ukaohn
Plbxu03UC6VVvW1LRkpwXu68gOYqPnN+teZ/2iqlB286pxZGwDwdcTzcUi8/iohU
HNByi5UYCNgYwNeS9D6j9IfnVM88Okr/PqsQDfGAFGQXvy4AtkKLYmo2u/bDXl0/
ynF/YCyV
-----END CERTIFICATE-----