Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3332203d3e2033323134.roa
File:                     38392e3130362e3230372e302f32342d3332203d3e2033323134.roa (raw, json)
Hash identifier:          deGNitiflVotZenUg3KXgYLOb3Woxw0Oe9M9K4MNobQ=
Subject key identifier:   43:FF:82:F2:CE:58:8A:FB:C4:0B:FE:7E:F9:47:BC:53:5D:FB:59:68
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       15B31CB4A89349978C3511B28E7F7852C1474A06
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3332203d3e2033323134.roa
Signing time:             Wed 01 Nov 2023 08:40:40 +0000
ROA not before:           Wed 01 Nov 2023 08:35:40 +0000
ROA not after:            Wed 30 Oct 2024 08:40:40 +0000
asID:                     3214
IP address blocks:        89.106.207.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:b3:1c:b4:a8:93:49:97:8c:35:11:b2:8e:7f:78:52:c1:47:4a:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Nov  1 08:35:40 2023 GMT
            Not After : Oct 30 08:40:40 2024 GMT
        Subject: CN=43FF82F2CE588AFBC40BFE7EF947BC535DFB5968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:4c:17:03:0d:0d:1c:16:ee:12:51:0d:d7:b6:
                    01:6f:c8:57:8c:ac:10:f3:3a:02:19:23:00:c0:d2:
                    b1:d2:ae:f1:b1:55:76:6e:8f:da:6b:a8:7b:85:aa:
                    2a:1f:60:52:52:2b:7b:96:fd:18:6a:70:66:65:9c:
                    c4:e9:11:35:21:bc:ad:ad:a3:5d:45:38:53:a4:ff:
                    de:79:e9:7c:e2:39:3a:9c:44:94:b3:92:88:8e:af:
                    53:28:ca:3c:27:df:a8:6d:cc:b8:ee:c5:fa:d3:59:
                    a6:e9:a9:e7:ce:47:f5:03:46:75:a1:36:51:0d:9f:
                    ce:4e:be:27:01:68:70:6c:20:d0:3b:8b:64:bb:d8:
                    b4:16:90:01:6b:3f:da:ab:fc:fc:d1:9a:e1:ce:51:
                    85:c1:e6:40:fe:07:bb:36:6c:f0:b3:77:b1:23:9d:
                    51:ac:d5:9b:99:c0:0f:eb:1e:b4:a2:4c:1a:e5:52:
                    95:a1:5c:ca:2c:1d:22:b6:0d:4b:ca:f5:89:79:78:
                    42:aa:b3:1f:ba:14:37:9b:a2:83:eb:d3:32:1a:91:
                    d2:c7:8e:76:07:18:7d:63:76:10:79:ee:21:21:1c:
                    89:a1:67:d9:e1:47:6b:bd:f2:e2:43:e3:5f:4a:57:
                    66:f8:33:1b:c9:fc:6e:1e:04:88:4b:d5:77:4d:27:
                    23:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:FF:82:F2:CE:58:8A:FB:C4:0B:FE:7E:F9:47:BC:53:5D:FB:59:68
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3332203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:d7:5e:46:95:4d:e4:1d:34:8a:e9:e5:09:79:e2:f6:9b:d9:
         8e:d6:3a:17:c3:93:4d:37:8b:b9:69:c6:ed:4b:7e:43:e9:dc:
         4d:2f:46:7e:0e:ad:6d:b3:dd:bd:1f:3c:19:e3:b7:e2:39:a8:
         25:f1:07:74:fa:8e:ea:d9:f1:9e:5c:cc:75:21:bf:7a:2d:5c:
         8b:0b:52:70:5d:82:c2:7c:74:8c:ca:b3:e9:a2:ab:cc:3b:23:
         a0:c4:60:8f:70:60:dc:71:03:db:0a:4b:ce:1b:2b:ac:be:dd:
         d3:b0:f1:b8:e4:d8:40:2a:4f:5c:5c:d3:83:e5:3c:5d:bf:51:
         a5:61:b1:2c:f3:2c:a8:84:da:bb:e2:0c:b0:f1:51:7f:2f:a3:
         c1:9b:cc:d3:ed:a8:45:43:a8:4c:1d:ec:cb:dc:d9:49:73:71:
         72:7a:3c:1f:fb:3a:28:39:55:58:dc:e0:b2:9b:5a:73:af:4b:
         62:d0:4f:3d:ec:a6:73:0a:f8:b0:e2:91:49:f2:50:45:46:be:
         83:a3:7e:ec:c1:0a:51:cb:e8:a3:e4:3d:ad:78:c0:54:86:37:
         a5:a5:5d:35:9c:22:4b:a8:7e:2f:ff:b2:86:84:76:d7:e9:9f:
         ec:45:3a:b8:cc:4c:59:2d:e7:b4:a0:5e:b0:a6:ec:b3:48:2c:
         2c:3e:98:30
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUFbMctKiTSZeMNRGyjn94UsFHSgYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yMzExMDEwODM1NDBaFw0yNDEwMzAwODQwNDBaMDMxMTAvBgNV
BAMTKDQzRkY4MkYyQ0U1ODhBRkJDNDBCRkU3RUY5NDdCQzUzNURGQjU5NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqTBcDDQ0cFu4SUQ3XtgFvyFeM
rBDzOgIZIwDA0rHSrvGxVXZuj9prqHuFqiofYFJSK3uW/RhqcGZlnMTpETUhvK2t
o11FOFOk/9556XziOTqcRJSzkoiOr1Moyjwn36htzLjuxfrTWabpqefOR/UDRnWh
NlENn85OvicBaHBsINA7i2S72LQWkAFrP9qr/PzRmuHOUYXB5kD+B7s2bPCzd7Ej
nVGs1ZuZwA/rHrSiTBrlUpWhXMosHSK2DUvK9Yl5eEKqsx+6FDebooPr0zIakdLH
jnYHGH1jdhB57iEhHImhZ9nhR2u98uJD419KV2b4MxvJ/G4eBIhL1XdNJyP5AgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUQ/+C8s5YivvEC/5++Ue8U137WWgwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzgz
OTJlMzEzMDM2MmUzMjMwMzcyZTMwMmYzMjM0MmQzMzMyMjAzZDNlMjAzMzMyMzEz
NC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFlqzzANBgkqhkiG9w0BAQsFAAOCAQEAwtdeRpVN5B00iunl
CXni9pvZjtY6F8OTTTeLuWnG7Ut+Q+ncTS9Gfg6tbbPdvR88GeO34jmoJfEHdPqO
6tnxnlzMdSG/ei1ciwtScF2Cwnx0jMqz6aKrzDsjoMRgj3Bg3HED2wpLzhsrrL7d
07DxuOTYQCpPXFzTg+U8Xb9RpWGxLPMsqITau+IMsPFRfy+jwZvM0+2oRUOoTB3s
y9zZSXNxcno8H/s6KDlVWNzgsptac69LYtBPPeymcwr4sOKRSfJQRUa+g6N+7MEK
Ucvoo+Q9rXjAVIY3paVdNZwiS6h+L/+yhoR21+mf7EU6uMxMWS3ntKBesKbss0gs
LD6YMA==
-----END CERTIFICATE-----