Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3332203d3e2033323134.roa
File:                     38392e3130362e3230372e302f32342d3332203d3e2033323134.roa (raw, json)
Hash identifier:          iL5MkZ8+nrLTZg7gjdItwHur9hQLIDNa9gGatC+W+Zs=
Subject key identifier:   AA:AD:7F:36:0F:E8:89:6C:C4:53:18:29:F7:53:61:E0:BC:93:2A:07
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       333A136F23F9E1D635F4B23B68959E0C0E6DD1
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3332203d3e2033323134.roa
Signing time:             Wed 02 Oct 2024 09:00:54 +0000
ROA not before:           Wed 02 Oct 2024 08:55:54 +0000
ROA not after:            Wed 01 Oct 2025 09:00:54 +0000
asID:                     3214
IP address blocks:        89.106.207.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:3a:13:6f:23:f9:e1:d6:35:f4:b2:3b:68:95:9e:0c:0e:6d:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Oct  2 08:55:54 2024 GMT
            Not After : Oct  1 09:00:54 2025 GMT
        Subject: CN=AAAD7F360FE8896CC4531829F75361E0BC932A07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:79:29:2c:af:14:cd:b2:e9:1f:34:36:d3:7e:
                    4a:a4:b3:73:3c:8b:75:40:f2:24:7d:a9:8f:cc:46:
                    64:fd:8d:34:2b:19:60:09:1a:79:bd:a8:86:01:c9:
                    43:e3:54:2f:b9:c6:0e:f8:b2:92:e5:11:f3:81:7d:
                    cf:62:9e:74:42:05:d7:8f:cb:32:ca:aa:aa:0d:3e:
                    60:d9:14:7e:b1:75:e5:90:b9:12:d3:ca:45:de:bc:
                    f8:52:6b:b5:33:1a:b6:02:0b:aa:d6:71:89:4d:11:
                    99:17:9b:bc:43:71:35:e8:97:67:7c:10:7b:16:18:
                    41:12:fa:ac:a5:10:32:57:85:cb:c8:6d:c6:79:39:
                    ed:c7:f4:a4:62:13:0b:a1:37:7a:6b:cb:df:ac:ef:
                    83:d6:c6:f8:07:bd:e5:da:23:c5:c8:a4:9d:af:06:
                    30:60:df:44:ce:30:93:9f:60:6b:80:32:84:94:81:
                    c7:6c:a2:70:16:03:79:dc:f5:51:90:be:03:6c:44:
                    3b:a2:b0:be:8b:64:79:a8:e2:04:23:31:b5:33:e7:
                    ee:c3:3a:ad:99:02:0b:fc:32:ed:ee:5b:62:ef:17:
                    89:3d:15:8c:46:17:85:47:47:c6:1f:7a:cb:36:5c:
                    37:73:45:78:18:41:38:3d:fd:75:de:20:29:50:b7:
                    82:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:AD:7F:36:0F:E8:89:6C:C4:53:18:29:F7:53:61:E0:BC:93:2A:07
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3332203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:a5:59:e3:3c:8e:26:f3:34:5f:8a:e5:75:fa:5a:9f:b6:1c:
         35:bc:52:fd:4e:e0:66:6a:bf:56:ca:1a:b9:ec:48:5b:f1:33:
         05:c9:12:c4:66:54:ee:3f:50:50:76:39:1b:54:4d:1c:5e:d4:
         69:39:0f:2a:d7:33:f1:f7:3c:83:e0:56:27:a4:d8:6f:f7:b5:
         f0:14:bd:f8:61:e7:fb:8c:db:96:44:48:30:7d:67:3d:3e:83:
         71:3b:19:ce:00:ae:50:8a:f5:69:86:f6:65:7b:98:d8:c6:e6:
         48:09:c9:e2:1b:a0:03:c4:71:19:0e:cb:af:2d:af:e3:2c:bb:
         f3:d5:74:ff:bf:23:a0:e9:b1:5f:fb:54:3d:47:26:44:2e:52:
         2f:3c:1c:2b:1e:67:c1:27:b7:83:be:d7:5f:51:9d:54:c5:1c:
         cf:0a:3e:d1:e8:f0:4a:4d:35:01:e0:b7:61:ae:97:2e:de:20:
         b8:ab:ee:7f:15:cf:35:d6:00:52:96:c5:33:08:07:bc:50:33:
         ee:d0:5a:97:e0:4e:56:17:0a:92:d3:f5:c6:0d:e7:4c:f1:43:
         51:28:aa:10:12:85:c6:85:f2:3f:da:bf:0c:20:38:4c:eb:9d:
         b0:1e:f6:75:cf:ce:55:35:5f:a1:4a:9e:85:9d:0d:32:59:e2:
         5a:f5:7d:b1
-----BEGIN CERTIFICATE-----
MIIErzCCA5egAwIBAgITMzoTbyP54dY19LI7aJWeDA5t0TANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg3NjFjNjE2MzY0Yjg5NjU5ZWQ5ZjE4Y2IwYWY3NzQyMDQz
N2NjN2RhMB4XDTI0MTAwMjA4NTU1NFoXDTI1MTAwMTA5MDA1NFowMzExMC8GA1UE
AxMoQUFBRDdGMzYwRkU4ODk2Q0M0NTMxODI5Rjc1MzYxRTBCQzkzMkEwNzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF5KSyvFM2y6R80NtN+SqSzczyL
dUDyJH2pj8xGZP2NNCsZYAkaeb2ohgHJQ+NUL7nGDviykuUR84F9z2KedEIF14/L
Msqqqg0+YNkUfrF15ZC5EtPKRd68+FJrtTMatgILqtZxiU0RmRebvENxNeiXZ3wQ
exYYQRL6rKUQMleFy8htxnk57cf0pGITC6E3emvL36zvg9bG+Ae95dojxcikna8G
MGDfRM4wk59ga4AyhJSBx2yicBYDedz1UZC+A2xEO6KwvotkeajiBCMxtTPn7sM6
rZkCC/wy7e5bYu8XiT0VjEYXhUdHxh96yzZcN3NFeBhBOD39dd4gKVC3ggkCAwEA
AaOCAbowggG2MB0GA1UdDgQWBBSqrX82D+iJbMRTGCn3U2HgvJMqBzAfBgNVHSME
GDAWgBR2HGFjZLiWWe2fGMsK93QgQ3zH2jAOBgNVHQ8BAf8EBAMCB4AwVQYDVR0f
BE4wTDBKoEigRoZEcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvNzYxQzYxNjM2NEI4
OTY1OUVEOUYxOENCMEFGNzc0MjA0MzdDQzdEQS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2RoeGhZMlM0bGxudG54akxDdmQwSUVOOHg5by5jZXIwbAYIKwYBBQUH
AQsEYDBeMFwGCCsGAQUFBzALhlByc3luYzovLzAuc2IvcmVwby9zYi8yMS8zODM5
MmUzMTMwMzYyZTMyMzAzNzJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMzMzIzMTM0
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAw
DjAMBAIAATAGAwQAWWrPMA0GCSqGSIb3DQEBCwUAA4IBAQAapVnjPI4m8zRfiuV1
+lqfthw1vFL9TuBmar9Wyhq57Ehb8TMFyRLEZlTuP1BQdjkbVE0cXtRpOQ8q1zPx
9zyD4FYnpNhv97XwFL34Yef7jNuWREgwfWc9PoNxOxnOAK5QivVphvZle5jYxuZI
CcniG6ADxHEZDsuvLa/jLLvz1XT/vyOg6bFf+1Q9RyZELlIvPBwrHmfBJ7eDvtdf
UZ1UxRzPCj7R6PBKTTUB4Ldhrpcu3iC4q+5/Fc811gBSlsUzCAe8UDPu0FqX4E5W
FwqS0/XGDedM8UNRKKoQEoXGhfI/2r8MIDhM652wHvZ1z85VNV+hSp6FnQ0yWeJa
9X2x
-----END CERTIFICATE-----