Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2031303330.roa
File:                     38392e3130362e3230372e302f32342d3234203d3e2031303330.roa (raw, json)
Hash identifier:          3q4qMqumAohBzJCI4qr9YwsXCKs+dWW5K4Xd+BUKDfk=
Subject key identifier:   8F:8B:87:22:87:C9:DA:97:90:5E:21:67:F6:23:FA:AF:BE:63:25:8A
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       1AB01CD3729FAEB33CA204CBBCCDD579BB1C0C2D
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2031303330.roa
Signing time:             Fri 23 Aug 2024 10:47:06 +0000
ROA not before:           Fri 23 Aug 2024 10:42:06 +0000
ROA not after:            Fri 22 Aug 2025 10:47:06 +0000
asID:                     1030
IP address blocks:        89.106.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:b0:1c:d3:72:9f:ae:b3:3c:a2:04:cb:bc:cd:d5:79:bb:1c:0c:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Aug 23 10:42:06 2024 GMT
            Not After : Aug 22 10:47:06 2025 GMT
        Subject: CN=8F8B872287C9DA97905E2167F623FAAFBE63258A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:83:d3:70:34:09:fc:a9:64:fe:b0:e1:71:f9:
                    16:f1:29:9d:98:18:6b:47:cc:1d:95:50:08:c9:df:
                    7b:01:d2:28:61:51:4e:4e:f7:af:9a:b2:6b:24:f8:
                    95:1a:c1:f3:54:9c:ba:c7:29:67:34:98:ef:bf:06:
                    2a:5c:7e:f8:96:43:11:43:b0:c2:f7:39:18:79:6d:
                    b6:43:94:f5:ba:c2:45:7a:fe:be:7b:b1:ea:a5:ff:
                    f3:28:12:f8:6b:da:2b:5b:f3:3e:bb:10:9b:4e:5e:
                    22:bf:b1:ba:31:fd:59:b3:01:45:08:18:ed:1a:e8:
                    f7:89:c0:08:fb:d5:18:51:e2:a4:e7:20:82:08:fe:
                    62:36:0c:46:99:64:f4:f6:1f:36:45:90:ba:9c:45:
                    d7:f9:87:6e:a0:f3:7c:e5:6e:15:1c:7b:ec:67:3a:
                    6e:f2:cc:6c:4e:91:bf:41:14:cd:e3:a5:f5:65:9a:
                    78:eb:60:67:9e:d8:22:6d:3a:0c:a0:d1:bf:7d:4d:
                    c2:1d:63:7f:e2:96:69:b7:d0:47:02:8e:23:0d:29:
                    5a:02:05:85:f1:eb:64:8a:62:68:ad:79:b5:5c:d1:
                    ea:66:0f:3b:74:f0:a3:26:1b:68:14:05:24:a3:86:
                    af:0d:43:b6:03:df:25:e6:7a:fb:30:ba:aa:50:40:
                    0f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:8B:87:22:87:C9:DA:97:90:5E:21:67:F6:23:FA:AF:BE:63:25:8A
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2031303330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:6f:f0:01:8a:56:fc:71:4b:2c:e1:56:30:cc:3d:15:89:eb:
         12:af:16:8d:04:c1:3c:da:ee:da:01:41:8f:d8:f9:a3:8e:53:
         71:00:13:41:bd:2c:01:da:84:88:d2:a6:48:e2:64:7b:ef:ac:
         33:18:62:78:8f:18:a4:3b:b2:5e:a1:3a:69:2d:8e:5a:60:a6:
         fc:de:26:2d:4e:5e:f6:7f:b9:13:55:df:ae:19:d2:2c:de:ed:
         17:ce:2e:9c:cc:be:31:9d:7a:83:b9:82:8d:c9:99:52:3a:a4:
         14:bb:9e:e6:7f:8a:b9:07:3e:4a:e3:49:95:0e:69:65:cc:fe:
         43:a3:bb:b6:9c:e0:6e:fa:fa:b5:59:51:65:57:19:f9:1a:76:
         c7:8f:53:9d:7e:a6:4e:3d:40:f4:c1:03:e9:5f:d4:7d:00:ce:
         ac:cb:83:e1:4b:57:8a:0c:21:07:5b:f3:8f:90:f6:96:a6:5b:
         9e:3a:3c:c9:f7:68:68:a5:3c:72:d3:6d:4b:e6:ab:97:97:52:
         57:a1:34:2f:0c:c8:88:9b:a2:e1:e4:a0:eb:bd:d1:d5:3c:c5:
         db:1c:56:10:8a:8b:cc:48:3e:53:80:11:8c:98:30:9c:e9:9d:
         99:13:db:f5:50:9d:fc:19:e3:5b:6c:01:93:aa:47:0b:b7:44:
         77:80:90:e9
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUGrAc03KfrrM8ogTLvM3VebscDC0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA4MjMxMDQyMDZaFw0yNTA4MjIxMDQ3MDZaMDMxMTAvBgNV
BAMTKDhGOEI4NzIyODdDOURBOTc5MDVFMjE2N0Y2MjNGQUFGQkU2MzI1OEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsg9NwNAn8qWT+sOFx+RbxKZ2Y
GGtHzB2VUAjJ33sB0ihhUU5O96+asmsk+JUawfNUnLrHKWc0mO+/BipcfviWQxFD
sML3ORh5bbZDlPW6wkV6/r57seql//MoEvhr2itb8z67EJtOXiK/sbox/VmzAUUI
GO0a6PeJwAj71RhR4qTnIIII/mI2DEaZZPT2HzZFkLqcRdf5h26g83zlbhUce+xn
Om7yzGxOkb9BFM3jpfVlmnjrYGee2CJtOgyg0b99TcIdY3/ilmm30EcCjiMNKVoC
BYXx62SKYmitebVc0epmDzt08KMmG2gUBSSjhq8NQ7YD3yXmevswuqpQQA9ZAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUj4uHIofJ2peQXiFn9iP6r75jJYowHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzgz
OTJlMzEzMDM2MmUzMjMwMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMwMzMz
MC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFlqzzANBgkqhkiG9w0BAQsFAAOCAQEAlW/wAYpW/HFLLOFW
MMw9FYnrEq8WjQTBPNru2gFBj9j5o45TcQATQb0sAdqEiNKmSOJke++sMxhieI8Y
pDuyXqE6aS2OWmCm/N4mLU5e9n+5E1XfrhnSLN7tF84unMy+MZ16g7mCjcmZUjqk
FLue5n+KuQc+SuNJlQ5pZcz+Q6O7tpzgbvr6tVlRZVcZ+Rp2x49TnX6mTj1A9MED
6V/UfQDOrMuD4UtXigwhB1vzj5D2lqZbnjo8yfdoaKU8ctNtS+arl5dSV6E0LwzI
iJui4eSg673R1TzF2xxWEIqLzEg+U4ARjJgwnOmdmRPb9VCd/BnjW2wBk6pHC7dE
d4CQ6Q==
-----END CERTIFICATE-----