Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2038383838.roa
File:                     38392e3130362e3230372e302f32342d3234203d3e2038383838.roa (raw, json)
Hash identifier:          P8Gpx+CXQHuAi4DbDXGNOpaarcEwjzfSs2x1hQNgUhs=
Subject key identifier:   0F:97:0D:F3:D9:44:F2:91:BD:93:BE:B9:F2:F6:34:AC:1D:0A:D0:19
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       14760FCD80A01E8F7EC57C30A1B423D4B184F32B
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2038383838.roa
Signing time:             Thu 12 Oct 2023 13:27:55 +0000
ROA not before:           Thu 12 Oct 2023 13:22:55 +0000
ROA not after:            Thu 10 Oct 2024 13:27:55 +0000
asID:                     8888
IP address blocks:        89.106.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:76:0f:cd:80:a0:1e:8f:7e:c5:7c:30:a1:b4:23:d4:b1:84:f3:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Oct 12 13:22:55 2023 GMT
            Not After : Oct 10 13:27:55 2024 GMT
        Subject: CN=0F970DF3D944F291BD93BEB9F2F634AC1D0AD019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:45:fa:3d:15:f6:d4:dc:f7:ed:21:3e:87:ef:
                    0e:45:c4:06:4d:84:7c:71:00:82:b7:4d:8a:1f:d0:
                    29:16:56:54:a7:32:76:28:7a:1e:9c:2d:c0:27:39:
                    48:f5:ef:7b:47:41:dd:a4:c8:ab:73:62:6f:80:fa:
                    64:97:9d:4d:f0:63:70:b5:40:67:4c:cb:89:e8:b4:
                    10:0d:89:5d:42:9e:34:6f:50:76:78:9b:dc:e7:56:
                    6f:f1:71:e2:07:49:e6:c4:f2:3a:ff:43:5a:f6:ba:
                    a4:51:6d:4a:c9:58:8e:15:65:df:80:b0:f9:40:6e:
                    fe:78:df:9a:97:98:ac:4a:e7:c2:65:7f:2a:e6:4e:
                    d7:19:fd:61:91:35:aa:84:ea:2c:84:8c:72:f0:fa:
                    72:fe:df:32:d5:01:33:f3:0f:a0:a0:ec:b3:36:10:
                    76:83:64:13:f0:47:8d:66:2e:3b:4f:69:2e:18:0e:
                    f9:c8:29:d5:2a:98:7e:51:40:f6:1b:eb:36:1d:e7:
                    09:91:e4:a1:ba:64:cf:dd:af:8f:fc:88:68:23:14:
                    d5:b7:f8:5e:5f:67:a3:9b:e1:76:ce:86:b2:2e:eb:
                    8b:a2:16:75:be:a8:e8:83:fb:41:ac:48:21:dc:bf:
                    2a:d9:27:28:d3:da:97:65:91:aa:95:45:5b:79:a2:
                    d3:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:97:0D:F3:D9:44:F2:91:BD:93:BE:B9:F2:F6:34:AC:1D:0A:D0:19
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:57:c5:07:57:42:cb:20:77:f7:bf:e4:0f:70:28:2c:70:1d:
         ea:4d:d1:7c:92:c9:b2:20:60:c3:74:4b:cc:70:14:7a:bf:25:
         03:70:ed:0e:1d:ec:15:13:3f:92:6d:ae:0c:66:81:19:c3:00:
         64:e5:52:e1:23:41:e8:cb:97:a1:5b:99:82:03:83:a0:33:7b:
         d1:31:2b:71:cd:50:68:ac:da:89:ae:68:bd:e0:04:da:12:45:
         35:5c:07:9f:77:a8:a1:c2:ef:c3:c6:99:03:a4:e2:24:12:50:
         d1:af:1c:b6:d2:10:73:86:46:47:75:70:46:43:01:97:30:2b:
         af:15:11:b8:4b:1e:ef:64:33:d8:2a:24:b4:c2:88:87:ce:66:
         0a:04:c7:fa:29:ee:7f:e5:bb:1d:20:fc:37:1b:f1:a8:47:7a:
         6c:13:fe:bd:e9:7c:b6:2e:e1:10:15:02:38:4a:ed:ed:86:5c:
         75:7f:61:24:19:37:63:32:47:db:84:d0:e7:e6:a8:24:c7:4a:
         f5:c0:b8:5b:18:77:45:8a:79:fd:da:45:c6:11:64:b1:32:c2:
         15:82:ac:19:be:25:c8:f0:aa:98:e2:5f:b9:58:12:b3:57:91:
         e4:c3:f5:5b:1c:8c:ae:2d:5a:ca:fe:06:6d:40:bf:dc:ca:7b:
         74:c0:24:f7
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUFHYPzYCgHo9+xXwwobQj1LGE8yswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yMzEwMTIxMzIyNTVaFw0yNDEwMTAxMzI3NTVaMDMxMTAvBgNV
BAMTKDBGOTcwREYzRDk0NEYyOTFCRDkzQkVCOUYyRjYzNEFDMUQwQUQwMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGRfo9FfbU3PftIT6H7w5FxAZN
hHxxAIK3TYof0CkWVlSnMnYoeh6cLcAnOUj173tHQd2kyKtzYm+A+mSXnU3wY3C1
QGdMy4notBANiV1CnjRvUHZ4m9znVm/xceIHSebE8jr/Q1r2uqRRbUrJWI4VZd+A
sPlAbv5435qXmKxK58JlfyrmTtcZ/WGRNaqE6iyEjHLw+nL+3zLVATPzD6Cg7LM2
EHaDZBPwR41mLjtPaS4YDvnIKdUqmH5RQPYb6zYd5wmR5KG6ZM/dr4/8iGgjFNW3
+F5fZ6Ob4XbOhrIu64uiFnW+qOiD+0GsSCHcvyrZJyjT2pdlkaqVRVt5otN1AgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUD5cN89lE8pG9k7658vY0rB0K0BkwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzgz
OTJlMzEzMDM2MmUzMjMwMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODM4Mzgz
OC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFlqzzANBgkqhkiG9w0BAQsFAAOCAQEAFlfFB1dCyyB397/k
D3AoLHAd6k3RfJLJsiBgw3RLzHAUer8lA3DtDh3sFRM/km2uDGaBGcMAZOVS4SNB
6MuXoVuZggODoDN70TErcc1QaKzaia5oveAE2hJFNVwHn3eoocLvw8aZA6TiJBJQ
0a8cttIQc4ZGR3VwRkMBlzArrxURuEse72Qz2CoktMKIh85mCgTH+inuf+W7HSD8
NxvxqEd6bBP+vel8ti7hEBUCOErt7YZcdX9hJBk3YzJH24TQ5+aoJMdK9cC4Wxh3
RYp5/dpFxhFksTLCFYKsGb4lyPCqmOJfuVgSs1eR5MP1WxyMri1ayv4GbUC/3Mp7
dMAk9w==
-----END CERTIFICATE-----