Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203134363138.roa
File:                     38342e33382e3234372e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          mscyG3Nu5GoKk6iy9prOo/utfv+8HDmLlbjbfDN0Y24=
Subject key identifier:   99:E1:33:76:FE:87:A6:1B:5F:32:87:99:93:BC:2B:4D:88:D8:E2:F9
Certificate issuer:       /CN=861a9d357d53d5459484a1f5921704e762641a62
Certificate serial:       56B98322A27180E9E17AA95856CB165DF1539AFD
Authority key identifier: 86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer
Subject info access:      rsync://0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203134363138.roa
Signing time:             Wed 06 Dec 2023 05:14:47 +0000
ROA not before:           Wed 06 Dec 2023 05:09:47 +0000
ROA not after:            Wed 04 Dec 2024 05:14:47 +0000
asID:                     14618
IP address blocks:        84.38.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.crl
                          rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:b9:83:22:a2:71:80:e9:e1:7a:a9:58:56:cb:16:5d:f1:53:9a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=861a9d357d53d5459484a1f5921704e762641a62
        Validity
            Not Before: Dec  6 05:09:47 2023 GMT
            Not After : Dec  4 05:14:47 2024 GMT
        Subject: CN=99E13376FE87A61B5F32879993BC2B4D88D8E2F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f6:71:60:a3:12:ba:a7:8d:f8:22:3c:bd:14:
                    cc:d0:4c:f5:11:46:d2:af:02:a3:ab:9e:3f:89:9c:
                    3c:7a:0b:bd:1b:12:78:e9:7f:e2:4f:91:58:31:bd:
                    03:7c:5a:55:45:68:33:c2:11:4c:f4:ef:ab:a6:fd:
                    b4:2a:cf:ca:94:dc:1e:16:e1:b7:74:d9:e7:c6:9c:
                    96:66:3d:64:52:39:57:3f:91:fb:63:97:0f:d6:42:
                    d6:49:e7:02:5e:a4:ef:9f:c1:0b:e7:7b:07:e7:94:
                    75:2e:0d:42:fc:b8:5a:12:0b:57:92:12:f8:4a:63:
                    e4:2e:e2:d5:60:08:e7:22:6a:1c:f8:77:77:a6:0f:
                    aa:1f:cd:a7:39:65:fc:d9:18:bc:7b:b3:0e:38:7c:
                    86:c8:f5:dd:45:a7:0d:dc:68:e7:cd:7e:60:1f:60:
                    0c:20:d2:21:b3:07:c6:8d:c5:39:62:8a:9e:bd:69:
                    07:36:6e:42:9b:5b:a2:5d:01:99:f5:cc:dc:c6:97:
                    88:83:81:8b:6d:47:fd:12:21:7c:c6:a4:d5:d0:0d:
                    52:6d:b3:d1:ad:a3:ce:87:5b:a1:bb:09:e2:8e:14:
                    6f:d1:88:8b:50:db:e8:df:04:ef:72:32:ce:b5:3c:
                    e9:95:e0:98:e0:2f:c3:9a:0d:93:a1:61:7f:4b:f8:
                    43:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:E1:33:76:FE:87:A6:1B:5F:32:87:99:93:BC:2B:4D:88:D8:E2:F9
            X509v3 Authority Key Identifier:
                keyid:86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:7a:2d:5d:14:90:85:84:ea:39:86:d7:db:46:61:71:dc:0a:
         f6:4e:a8:16:32:7f:6e:33:9c:07:20:5c:1a:43:35:1d:3f:50:
         6b:65:69:b9:d0:ec:f6:6d:14:f4:da:51:3d:d5:85:77:04:df:
         ec:83:dc:0a:8b:a6:a9:04:63:1a:9f:52:dd:bf:14:78:a6:56:
         82:b7:ec:34:9d:1e:e2:d8:52:1f:df:49:6f:dd:fa:95:33:a1:
         5c:8d:fe:06:c7:0d:50:24:7f:27:12:c0:b2:15:f3:1e:69:8f:
         6c:52:b3:98:20:65:6f:bc:ac:bc:b4:98:f2:b5:14:b4:8c:8d:
         0f:d8:0b:20:e1:8f:aa:27:02:6f:02:bb:72:97:b2:59:a1:0a:
         6a:81:ac:15:f5:3c:55:86:49:bf:44:2e:f9:e4:f3:af:d2:97:
         8d:df:60:16:2e:12:05:67:af:f4:07:fd:b6:ea:8c:13:3a:5f:
         8c:b9:48:6b:f1:a7:22:31:fc:cd:50:9a:70:1b:02:8e:78:ce:
         3f:6b:8d:f7:8f:e3:13:d3:a5:60:40:75:66:a9:fb:84:4a:10:
         4a:b7:be:5f:cd:22:39:ad:cb:d1:eb:63:69:9e:ab:41:fe:a0:
         c7:78:a7:43:c7:60:04:f0:ba:3f:d7:b1:11:06:fe:ed:34:19:
         c0:23:7a:80
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUVrmDIqJxgOnheqlYVssWXfFTmv0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODYxYTlkMzU3ZDUzZDU0NTk0ODRhMWY1OTIxNzA0ZTc2
MjY0MWE2MjAeFw0yMzEyMDYwNTA5NDdaFw0yNDEyMDQwNTE0NDdaMDMxMTAvBgNV
BAMTKDk5RTEzMzc2RkU4N0E2MUI1RjMyODc5OTkzQkMyQjREODhEOEUyRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa9nFgoxK6p434Ijy9FMzQTPUR
RtKvAqOrnj+JnDx6C70bEnjpf+JPkVgxvQN8WlVFaDPCEUz076um/bQqz8qU3B4W
4bd02efGnJZmPWRSOVc/kftjlw/WQtZJ5wJepO+fwQvnewfnlHUuDUL8uFoSC1eS
EvhKY+Qu4tVgCOciahz4d3emD6ofzac5ZfzZGLx7sw44fIbI9d1Fpw3caOfNfmAf
YAwg0iGzB8aNxTliip69aQc2bkKbW6JdAZn1zNzGl4iDgYttR/0SIXzGpNXQDVJt
s9Gto86HW6G7CeKOFG/RiItQ2+jfBO9yMs61POmV4JjgL8OaDZOhYX9L+EMHAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUmeEzdv6HphtfMoeZk7wrTYjY4vkwHwYDVR0j
BBgwFoAUhhqdNX1T1UWUhKH1khcE52JkGmIwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzMzLzg2MUE5RDM1N0Q1
M0Q1NDU5NDg0QTFGNTkyMTcwNEU3NjI2NDFBNjIuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9oaHFkTlgxVDFVV1VoS0gxa2hjRTUySmtHbUkuY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzMvMzgz
NDJlMzMzODJlMzIzNDM3MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDM2MzEz
OC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFQm9zANBgkqhkiG9w0BAQsFAAOCAQEAFXotXRSQhYTqOYbX
20ZhcdwK9k6oFjJ/bjOcByBcGkM1HT9Qa2VpudDs9m0U9NpRPdWFdwTf7IPcCoum
qQRjGp9S3b8UeKZWgrfsNJ0e4thSH99Jb936lTOhXI3+BscNUCR/JxLAshXzHmmP
bFKzmCBlb7ysvLSY8rUUtIyND9gLIOGPqicCbwK7cpeyWaEKaoGsFfU8VYZJv0Qu
+eTzr9KXjd9gFi4SBWev9Af9tuqMEzpfjLlIa/GnIjH8zVCacBsCjnjOP2uN94/j
E9OlYEB1Zqn7hEoQSre+X80iOa3L0etjaZ6rQf6gx3inQ8dgBPC6P9exEQb+7TQZ
wCN6gA==
-----END CERTIFICATE-----