Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2038383838.roa
File:                     38392e3130362e3230372e302f32342d3234203d3e2038383838.roa (raw, json)
Hash identifier:          0ny40YVds2GLBiQYA2mIC1vlnPHY5etz2rMF9MpN3u8=
Subject key identifier:   5C:AC:7D:B8:9C:9C:6E:B3:A1:BA:E8:DF:CA:D4:11:D7:47:BF:E8:3E
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       1D567F5EC29B114D816F0F119E39F5DF90FEF2A9
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2038383838.roa
Signing time:             Thu 12 Sep 2024 13:50:18 +0000
ROA not before:           Thu 12 Sep 2024 13:45:18 +0000
ROA not after:            Thu 11 Sep 2025 13:50:18 +0000
asID:                     8888
IP address blocks:        89.106.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:56:7f:5e:c2:9b:11:4d:81:6f:0f:11:9e:39:f5:df:90:fe:f2:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Sep 12 13:45:18 2024 GMT
            Not After : Sep 11 13:50:18 2025 GMT
        Subject: CN=5CAC7DB89C9C6EB3A1BAE8DFCAD411D747BFE83E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:63:e1:3d:df:1d:87:46:d3:d2:0c:65:c9:58:
                    6b:21:2a:d6:7d:d6:40:4e:6e:e7:e6:e3:80:e8:89:
                    0f:08:94:c5:7a:2a:86:0b:3b:9e:25:f5:fb:b9:35:
                    72:02:fa:53:5b:18:a5:ba:60:6e:90:cd:6a:c9:0e:
                    5c:c1:51:84:62:11:0a:b1:1a:91:d1:d6:34:ab:0f:
                    99:1c:d1:68:59:b4:3c:8a:09:99:a9:63:f6:2c:91:
                    b4:e6:36:6d:4b:b1:a6:49:b4:27:5f:7a:87:eb:0e:
                    4b:3f:d5:aa:21:64:66:dc:8c:c8:69:cd:71:ca:32:
                    46:0a:65:13:80:ba:c7:12:84:97:5f:8b:14:a9:56:
                    24:b7:86:ff:8e:34:00:01:d1:02:83:cb:b3:ee:2f:
                    0c:3a:d8:c7:f6:da:38:35:1d:6d:2e:a3:33:60:86:
                    d9:97:2d:8c:67:6d:de:fc:de:7b:04:58:49:b1:98:
                    f3:4e:ed:87:c7:f0:b9:4f:0b:15:00:2a:8c:42:d6:
                    33:95:fc:22:3d:63:40:20:79:0b:0e:bc:47:44:45:
                    55:c6:ee:c5:43:57:78:07:2f:e7:65:b4:b8:6e:43:
                    b7:31:bb:d6:74:1e:8b:3b:f3:13:9d:d5:f0:f1:48:
                    1a:78:e5:4c:22:45:be:5e:5f:3a:54:81:7b:83:26:
                    67:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:AC:7D:B8:9C:9C:6E:B3:A1:BA:E8:DF:CA:D4:11:D7:47:BF:E8:3E
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:9b:81:d0:e8:32:19:c9:14:a0:1a:d1:90:13:33:c7:ec:dd:
         ef:8f:0b:b9:2e:80:b3:19:2a:f2:4f:1e:f3:c0:14:9f:21:22:
         79:c0:ca:b2:9a:f0:a5:a3:1a:57:00:da:1f:9a:44:1e:d4:ec:
         f9:3e:28:5f:18:24:7c:42:93:2d:a3:ef:2b:b4:88:1b:1c:71:
         40:9f:bf:9f:fb:49:51:d2:ab:28:3e:e7:f3:75:4c:94:90:30:
         b5:98:0d:fe:e4:cb:74:5d:e9:23:60:32:c4:d1:af:d4:4c:bd:
         7e:03:8c:71:66:c6:fa:e2:78:b3:c8:7b:f0:ec:86:49:75:2f:
         fe:8e:66:30:a9:6e:e1:ac:02:72:ed:4d:fe:f8:ec:2d:76:00:
         5e:03:fb:2c:38:d4:c3:49:85:65:23:13:0f:a1:06:ab:cb:29:
         fa:ee:56:06:b5:ac:a6:1a:21:71:1d:6c:f7:2d:72:68:85:02:
         2b:e8:a4:26:23:4b:1d:f5:5c:4e:b1:b2:3c:d0:7b:64:74:c7:
         e5:2c:ae:e3:ee:e5:77:e7:36:9c:67:02:58:ad:35:90:a3:33:
         33:48:bd:c0:72:c2:2b:be:11:26:37:aa:86:0c:1c:72:09:a0:
         f3:2c:f1:40:7a:44:49:8b:09:73:bc:16:68:bc:cb:95:aa:13:
         1c:0e:14:ce
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUHVZ/XsKbEU2Bbw8Rnjn135D+8qkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA5MTIxMzQ1MThaFw0yNTA5MTExMzUwMThaMDMxMTAvBgNV
BAMTKDVDQUM3REI4OUM5QzZFQjNBMUJBRThERkNBRDQxMUQ3NDdCRkU4M0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKY+E93x2HRtPSDGXJWGshKtZ9
1kBObufm44DoiQ8IlMV6KoYLO54l9fu5NXIC+lNbGKW6YG6QzWrJDlzBUYRiEQqx
GpHR1jSrD5kc0WhZtDyKCZmpY/YskbTmNm1LsaZJtCdfeofrDks/1aohZGbcjMhp
zXHKMkYKZROAuscShJdfixSpViS3hv+ONAAB0QKDy7PuLww62Mf22jg1HW0uozNg
htmXLYxnbd783nsEWEmxmPNO7YfH8LlPCxUAKoxC1jOV/CI9Y0AgeQsOvEdERVXG
7sVDV3gHL+dltLhuQ7cxu9Z0Hos78xOd1fDxSBp45UwiRb5eXzpUgXuDJmdhAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUXKx9uJycbrOhuujfytQR10e/6D4wHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzgz
OTJlMzEzMDM2MmUzMjMwMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODM4Mzgz
OC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFlqzzANBgkqhkiG9w0BAQsFAAOCAQEAaJuB0OgyGckUoBrR
kBMzx+zd748LuS6Asxkq8k8e88AUnyEiecDKsprwpaMaVwDaH5pEHtTs+T4oXxgk
fEKTLaPvK7SIGxxxQJ+/n/tJUdKrKD7n83VMlJAwtZgN/uTLdF3pI2AyxNGv1Ey9
fgOMcWbG+uJ4s8h78OyGSXUv/o5mMKlu4awCcu1N/vjsLXYAXgP7LDjUw0mFZSMT
D6EGq8sp+u5WBrWsphohcR1s9y1yaIUCK+ikJiNLHfVcTrGyPNB7ZHTH5Syu4+7l
d+c2nGcCWK01kKMzM0i9wHLCK74RJjeqhgwccgmg8yzxQHpESYsJc7wWaLzLlaoT
HA4Uzg==
-----END CERTIFICATE-----