Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/22/33312e32342e38362e302f32342d3234203d3e20313336383937.roa
File:                     33312e32342e38362e302f32342d3234203d3e20313336383937.roa (raw, json)
Hash identifier:          QQYIzASoj2KiS1pP22tYdocfwli7us6gBRkEjvE++bI=
Subject key identifier:   12:AE:91:61:ED:16:54:CC:B4:FC:2D:D0:7F:B9:5E:E4:A7:EA:FC:A9
Certificate issuer:       /CN=322056fd080c9cdacb18a9c427eb01033b2d0854
Certificate serial:       738FE8A6BBA9958D311990F37BEBC46A3CA48068
Authority key identifier: 32:20:56:FD:08:0C:9C:DA:CB:18:A9:C4:27:EB:01:03:3B:2D:08:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MiBW_QgMnNrLGKnEJ-sBAzstCFQ.cer
Subject info access:      rsync://0.sb/repo/sb/22/33312e32342e38362e302f32342d3234203d3e20313336383937.roa
Signing time:             Fri 22 Sep 2023 10:19:41 +0000
ROA not before:           Fri 22 Sep 2023 10:14:41 +0000
ROA not after:            Fri 20 Sep 2024 10:19:41 +0000
asID:                     136897
IP address blocks:        31.24.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/22/322056FD080C9CDACB18A9C427EB01033B2D0854.crl
                          rsync://0.sb/repo/sb/22/322056FD080C9CDACB18A9C427EB01033B2D0854.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MiBW_QgMnNrLGKnEJ-sBAzstCFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:8f:e8:a6:bb:a9:95:8d:31:19:90:f3:7b:eb:c4:6a:3c:a4:80:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=322056fd080c9cdacb18a9c427eb01033b2d0854
        Validity
            Not Before: Sep 22 10:14:41 2023 GMT
            Not After : Sep 20 10:19:41 2024 GMT
        Subject: CN=12AE9161ED1654CCB4FC2DD07FB95EE4A7EAFCA9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:88:1f:6b:d8:48:cc:a5:89:d7:92:8b:0a:90:
                    17:57:ec:96:04:bd:ee:6b:1f:25:2d:9d:47:61:44:
                    9c:07:d3:ce:7b:91:88:41:b2:35:a4:ac:d8:85:84:
                    b8:8e:53:6b:95:1c:b6:3c:c7:98:78:cc:58:92:7f:
                    3a:04:97:67:a0:22:ae:18:29:7c:99:3c:b1:fa:0e:
                    59:b2:83:12:22:ff:b3:14:6a:74:b2:c8:30:79:b0:
                    e2:b6:40:f9:5c:da:f9:c6:ce:94:ca:bb:a1:c3:61:
                    40:b6:23:9d:c4:80:d9:c1:88:44:ab:fe:34:0c:ee:
                    d9:f2:0d:02:e9:d2:b9:39:e3:eb:96:0a:09:d1:e1:
                    86:6c:d8:22:27:90:e2:e9:ce:14:b5:2a:2f:58:d7:
                    ff:6a:77:59:9a:6b:6a:66:31:68:7c:d4:5f:b7:c3:
                    ac:9a:60:9a:c3:94:0d:4d:6c:8e:9f:bb:11:76:74:
                    dd:7e:45:57:5b:64:12:3f:d2:9f:55:dd:a4:54:44:
                    38:a3:4f:74:bf:6d:1d:1d:b1:70:0d:f1:c6:98:d9:
                    c0:87:2e:28:10:7d:c2:33:9c:ab:14:9c:42:4c:91:
                    69:51:fd:c3:7a:b5:b2:d4:42:42:1d:66:cc:b1:8f:
                    2a:70:9b:30:b9:0e:e7:04:8c:4f:54:2e:74:f9:38:
                    1c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:AE:91:61:ED:16:54:CC:B4:FC:2D:D0:7F:B9:5E:E4:A7:EA:FC:A9
            X509v3 Authority Key Identifier:
                keyid:32:20:56:FD:08:0C:9C:DA:CB:18:A9:C4:27:EB:01:03:3B:2D:08:54

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/22/322056FD080C9CDACB18A9C427EB01033B2D0854.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MiBW_QgMnNrLGKnEJ-sBAzstCFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/22/33312e32342e38362e302f32342d3234203d3e20313336383937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:c5:b1:58:5f:3d:fd:29:f8:75:83:57:0c:5a:c0:1b:bd:83:
         69:c6:9b:31:53:de:2d:43:33:c2:bd:fe:36:bd:70:32:f2:91:
         da:ea:cc:8e:91:50:52:81:58:66:00:0d:79:a0:a8:17:23:fe:
         88:df:17:08:a0:62:ca:fe:54:1a:f9:e2:47:fb:20:11:6d:8c:
         22:bd:b0:e8:d2:3b:8f:ec:07:00:cb:64:c7:46:80:d2:98:0c:
         cb:82:23:3d:f0:4c:69:04:2f:26:7d:c5:52:81:4a:9f:0d:43:
         0f:53:00:c1:81:d7:be:45:6f:34:bf:cb:5a:ec:0e:d8:bc:9e:
         d4:25:57:9c:82:52:08:4f:94:94:44:53:1f:5e:2d:de:d2:bb:
         c9:7a:ef:f8:28:73:f7:47:b5:3c:65:e7:d7:52:6e:1a:8a:c1:
         62:65:92:9b:bb:db:a5:16:82:d0:cf:01:4f:23:c0:eb:22:63:
         bb:0f:a6:af:95:4b:55:ee:57:e2:20:37:5e:c6:ac:fa:99:a9:
         f7:06:1f:69:3d:4d:10:af:e2:72:92:eb:97:60:10:0c:6c:1e:
         11:64:7f:03:a9:fb:44:18:fc:a7:d3:09:c6:72:0c:5f:a7:bb:
         d8:45:69:24:c5:ca:b6:93:2d:c2:2b:20:aa:46:55:32:de:40:
         3d:fb:6f:5c
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUc4/opruplY0xGZDze+vEajykgGgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzIyMDU2ZmQwODBjOWNkYWNiMThhOWM0MjdlYjAxMDMz
YjJkMDg1NDAeFw0yMzA5MjIxMDE0NDFaFw0yNDA5MjAxMDE5NDFaMDMxMTAvBgNV
BAMTKDEyQUU5MTYxRUQxNjU0Q0NCNEZDMkREMDdGQjk1RUU0QTdFQUZDQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD+iB9r2EjMpYnXkosKkBdX7JYE
ve5rHyUtnUdhRJwH0857kYhBsjWkrNiFhLiOU2uVHLY8x5h4zFiSfzoEl2egIq4Y
KXyZPLH6DlmygxIi/7MUanSyyDB5sOK2QPlc2vnGzpTKu6HDYUC2I53EgNnBiESr
/jQM7tnyDQLp0rk54+uWCgnR4YZs2CInkOLpzhS1Ki9Y1/9qd1maa2pmMWh81F+3
w6yaYJrDlA1NbI6fuxF2dN1+RVdbZBI/0p9V3aRURDijT3S/bR0dsXAN8caY2cCH
LigQfcIznKsUnEJMkWlR/cN6tbLUQkIdZsyxjypwmzC5DucEjE9ULnT5OBzbAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUEq6RYe0WVMy0/C3Qf7le5Kfq/KkwHwYDVR0j
BBgwFoAUMiBW/QgMnNrLGKnEJ+sBAzstCFQwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIyLzMyMjA1NkZEMDgw
QzlDREFDQjE4QTlDNDI3RUIwMTAzM0IyRDA4NTQuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9NaUJXX1FnTW5OckxHS25FSi1zQkF6c3RDRlEuY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjIvMzMz
MTJlMzIzNDJlMzgzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM4Mzkz
Ny5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAB8YVjANBgkqhkiG9w0BAQsFAAOCAQEAKsWxWF89/Sn4dYNX
DFrAG72DacabMVPeLUMzwr3+Nr1wMvKR2urMjpFQUoFYZgANeaCoFyP+iN8XCKBi
yv5UGvniR/sgEW2MIr2w6NI7j+wHAMtkx0aA0pgMy4IjPfBMaQQvJn3FUoFKnw1D
D1MAwYHXvkVvNL/LWuwO2Lye1CVXnIJSCE+UlERTH14t3tK7yXrv+Chz90e1PGXn
11JuGorBYmWSm7vbpRaC0M8BTyPA6yJjuw+mr5VLVe5X4iA3Xsas+pmp9wYfaT1N
EK/icpLrl2AQDGweEWR/A6n7RBj8p9MJxnIMX6e72EVpJMXKtpMtwisgqkZVMt5A
PftvXA==
-----END CERTIFICATE-----