Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2031303330.roa
File:                     38392e3130362e3230372e302f32342d3234203d3e2031303330.roa (raw, json)
Hash identifier:          TpaC0V2ie+4R6F/pp/pvpmXnozwxIjghEKRXm3W9zKo=
Subject key identifier:   B5:55:60:3A:FC:CA:DE:E5:54:50:CA:C2:52:1B:5E:DE:E5:E3:3A:00
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       450E7DE85A68C15ED7E69D7437B331F5792981F3
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2031303330.roa
Signing time:             Fri 22 Sep 2023 10:19:34 +0000
ROA not before:           Fri 22 Sep 2023 10:14:34 +0000
ROA not after:            Fri 20 Sep 2024 10:19:34 +0000
asID:                     1030
IP address blocks:        89.106.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:0e:7d:e8:5a:68:c1:5e:d7:e6:9d:74:37:b3:31:f5:79:29:81:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Sep 22 10:14:34 2023 GMT
            Not After : Sep 20 10:19:34 2024 GMT
        Subject: CN=B555603AFCCADEE55450CAC2521B5EDEE5E33A00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:13:76:c3:0c:35:ea:6c:cc:34:1b:e0:c8:25:
                    72:eb:5a:f0:57:fb:b7:ea:27:19:fa:15:25:2a:fa:
                    25:39:99:fe:10:7e:8d:44:06:b6:f7:47:2c:95:e3:
                    ee:e8:54:0f:c0:50:a1:28:ad:05:41:32:44:66:94:
                    6a:48:d3:87:32:2a:9c:27:a7:78:3d:c6:eb:85:45:
                    02:8c:05:c1:b0:95:1c:4f:f3:75:d2:24:3b:8a:29:
                    e5:b8:94:60:ae:01:5f:9a:c7:0d:4b:0f:7a:03:71:
                    62:90:eb:35:2b:82:bb:32:6f:55:f2:0a:f8:76:b8:
                    6a:82:c3:1a:f5:43:af:78:35:5c:17:2d:56:18:5d:
                    a4:0b:ff:96:11:87:91:c2:4b:9a:04:88:2f:3f:ed:
                    f3:40:e9:fa:73:82:fd:a1:52:fe:78:f6:98:32:76:
                    53:63:d6:93:d0:19:5d:f6:68:47:6b:9c:7a:d5:2c:
                    a1:2d:76:8d:40:1f:d1:c4:26:21:53:0d:1c:7d:34:
                    87:84:7f:1c:a8:46:55:c2:94:c9:19:2d:f3:21:82:
                    75:00:2f:69:13:95:b7:44:2b:16:c3:26:04:c8:0f:
                    e1:cc:88:73:9f:90:84:d8:50:95:24:f8:1e:83:86:
                    04:95:b4:75:93:12:07:9f:db:67:67:0e:5c:c8:72:
                    86:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:55:60:3A:FC:CA:DE:E5:54:50:CA:C2:52:1B:5E:DE:E5:E3:3A:00
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2031303330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:5e:72:99:68:f8:b2:1f:c3:57:a6:a3:8b:df:f2:f7:47:80:
         45:c8:99:74:95:0a:aa:f4:db:84:0c:ef:ee:22:58:39:a2:0b:
         8a:7a:79:76:11:bf:ab:6c:7e:d2:24:7c:e6:b2:15:15:c0:61:
         17:00:21:d5:71:86:c5:28:ea:b3:23:29:1e:cf:5a:eb:52:1f:
         ab:02:64:7d:ea:83:22:c8:4e:fa:28:94:bc:24:10:31:b6:0e:
         33:b5:49:27:97:e9:13:05:1a:ac:ca:f4:0e:37:68:11:d8:41:
         12:3d:b1:03:4a:26:58:36:cc:80:dc:7b:6e:51:1a:8a:f9:43:
         ed:15:15:6c:fb:b0:5b:38:d7:34:3b:3e:41:a6:4a:1c:90:44:
         e8:00:47:d7:65:b8:c2:6c:95:6e:b6:36:81:34:e2:8d:2d:55:
         07:10:86:33:58:b8:ed:48:38:ff:3c:50:53:1a:33:7c:d0:b8:
         72:63:4b:e8:1e:5f:6e:a2:ed:d0:de:6b:39:3f:56:aa:d8:41:
         9d:8d:f1:a7:b6:6c:97:0d:76:93:76:36:79:e8:49:77:5b:6b:
         15:56:0b:2e:6b:d8:98:f8:cf:e7:0a:2b:81:11:a5:e7:86:8d:
         2c:4a:dd:5b:0c:8e:60:6a:68:f3:33:6d:06:5a:bf:ec:58:c7:
         f2:58:1c:9b
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIURQ596FpowV7X5p10N7Mx9XkpgfMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yMzA5MjIxMDE0MzRaFw0yNDA5MjAxMDE5MzRaMDMxMTAvBgNV
BAMTKEI1NTU2MDNBRkNDQURFRTU1NDUwQ0FDMjUyMUI1RURFRTVFMzNBMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZE3bDDDXqbMw0G+DIJXLrWvBX
+7fqJxn6FSUq+iU5mf4Qfo1EBrb3RyyV4+7oVA/AUKEorQVBMkRmlGpI04cyKpwn
p3g9xuuFRQKMBcGwlRxP83XSJDuKKeW4lGCuAV+axw1LD3oDcWKQ6zUrgrsyb1Xy
Cvh2uGqCwxr1Q694NVwXLVYYXaQL/5YRh5HCS5oEiC8/7fNA6fpzgv2hUv549pgy
dlNj1pPQGV32aEdrnHrVLKEtdo1AH9HEJiFTDRx9NIeEfxyoRlXClMkZLfMhgnUA
L2kTlbdEKxbDJgTID+HMiHOfkITYUJUk+B6DhgSVtHWTEgef22dnDlzIcoajAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUtVVgOvzK3uVUUMrCUhte3uXjOgAwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzgz
OTJlMzEzMDM2MmUzMjMwMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMwMzMz
MC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFlqzzANBgkqhkiG9w0BAQsFAAOCAQEAqF5ymWj4sh/DV6aj
i9/y90eARciZdJUKqvTbhAzv7iJYOaILinp5dhG/q2x+0iR85rIVFcBhFwAh1XGG
xSjqsyMpHs9a61IfqwJkfeqDIshO+iiUvCQQMbYOM7VJJ5fpEwUarMr0DjdoEdhB
Ej2xA0omWDbMgNx7blEaivlD7RUVbPuwWzjXNDs+QaZKHJBE6ABH12W4wmyVbrY2
gTTijS1VBxCGM1i47Ug4/zxQUxozfNC4cmNL6B5fbqLt0N5rOT9WqthBnY3xp7Zs
lw12k3Y2eehJd1trFVYLLmvYmPjP5worgRGl54aNLErdWwyOYGpo8zNtBlq/7FjH
8lgcmw==
-----END CERTIFICATE-----