Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203134363138.roa
File:                     38342e33382e3234372e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          UzBsJtCwpPW6LpBMpHXT0TN2MbBkNFN5AgkQZGjpf/o=
Subject key identifier:   2A:D0:EA:94:61:76:71:4B:21:FE:00:00:46:71:E7:D0:59:58:B6:1F
Certificate issuer:       /CN=861a9d357d53d5459484a1f5921704e762641a62
Certificate serial:       1033138DD5696E7825DD644AD442DC1B72A3BCC2
Authority key identifier: 86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer
Subject info access:      rsync://0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203134363138.roa
Signing time:             Wed 06 Nov 2024 05:51:51 +0000
ROA not before:           Wed 06 Nov 2024 05:46:51 +0000
ROA not after:            Wed 05 Nov 2025 05:51:51 +0000
asID:                     14618
IP address blocks:        84.38.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.crl
                          rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:33:13:8d:d5:69:6e:78:25:dd:64:4a:d4:42:dc:1b:72:a3:bc:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=861a9d357d53d5459484a1f5921704e762641a62
        Validity
            Not Before: Nov  6 05:46:51 2024 GMT
            Not After : Nov  5 05:51:51 2025 GMT
        Subject: CN=2AD0EA946176714B21FE00004671E7D05958B61F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:f6:67:3d:54:2e:39:b0:32:65:b2:08:09:c1:
                    ff:23:b0:a7:59:d7:45:c8:9e:47:b1:e7:41:9a:21:
                    e7:71:c1:30:73:25:96:d2:25:9d:41:80:5c:c4:78:
                    89:8f:6e:85:09:19:98:68:df:51:7e:fc:e9:2d:38:
                    d3:8f:0d:f8:80:a7:6c:cf:42:6d:0b:83:8d:a6:bd:
                    6e:11:fd:a1:01:03:ab:39:c1:e2:62:19:61:73:28:
                    00:2e:8f:0f:05:f2:8f:3d:39:03:2b:d2:28:21:c8:
                    f2:b2:0d:2f:b7:3f:3d:e7:58:3d:45:8a:a2:6c:ca:
                    85:cc:90:a2:76:f6:ea:63:79:ec:2a:c3:59:bb:cf:
                    08:31:b1:44:ed:c0:e3:af:24:ad:f5:39:42:b2:04:
                    a4:cd:04:8e:4b:0d:8e:d4:68:2d:c7:79:7b:35:38:
                    99:9f:b4:ce:a0:b1:30:b5:f2:b1:a9:99:c5:65:91:
                    b1:d9:0e:79:47:d8:82:f2:c5:dd:9d:45:c5:72:db:
                    f5:d4:94:07:03:af:82:46:f3:f2:c1:09:6c:5a:d4:
                    a3:f8:ce:b8:88:ff:75:f8:cc:98:ee:52:1f:1f:69:
                    df:1e:8e:6b:11:bc:ae:80:3b:f3:d9:b1:b1:a2:37:
                    38:45:41:46:38:ec:25:43:5c:76:3f:b3:8b:50:4c:
                    5e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D0:EA:94:61:76:71:4B:21:FE:00:00:46:71:E7:D0:59:58:B6:1F
            X509v3 Authority Key Identifier:
                keyid:86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:e7:fd:e1:68:db:bb:11:91:db:3f:42:84:ef:9b:03:97:6d:
         92:6d:78:c8:ae:41:b2:1d:aa:86:82:31:82:67:96:2c:80:28:
         75:c3:3d:6e:b1:40:49:2e:50:c1:72:d8:d5:06:2c:0a:8d:09:
         2d:58:38:85:d8:94:40:d7:b2:14:1d:4d:db:04:a2:fd:b7:2a:
         a3:f5:b4:e7:da:77:5f:94:a4:64:93:2b:fb:a5:d4:80:51:84:
         0c:17:8a:f5:f8:8f:dc:a4:3a:1d:1d:9f:5d:4a:24:98:54:b4:
         1d:c0:2a:e1:40:54:1c:7c:cb:a4:82:66:3a:db:82:c6:8a:4b:
         b1:91:ee:43:7d:59:5d:d4:16:3d:77:c8:0d:23:44:22:37:fa:
         a1:6a:83:cd:e9:e3:9f:22:ed:37:8f:66:37:aa:b0:f3:32:c7:
         23:69:63:a8:f3:4c:24:e0:b4:5c:0e:1f:36:ef:5e:fa:45:8e:
         26:52:02:cf:3c:e9:1c:c7:7a:4f:81:fd:da:35:2c:39:84:ca:
         db:43:aa:2e:58:51:b7:96:f6:8c:1d:ea:17:d9:f2:94:dc:53:
         7c:e1:1a:56:8f:05:d5:e6:2b:65:53:e5:d9:70:f9:35:ce:7a:
         a7:6e:a1:28:2d:9b:77:93:d0:37:c3:3c:cc:7f:48:e8:0e:30:
         cb:6b:28:da
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUEDMTjdVpbngl3WRK1ELcG3KjvMIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODYxYTlkMzU3ZDUzZDU0NTk0ODRhMWY1OTIxNzA0ZTc2
MjY0MWE2MjAeFw0yNDExMDYwNTQ2NTFaFw0yNTExMDUwNTUxNTFaMDMxMTAvBgNV
BAMTKDJBRDBFQTk0NjE3NjcxNEIyMUZFMDAwMDQ2NzFFN0QwNTk1OEI2MUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDz9mc9VC45sDJlsggJwf8jsKdZ
10XInkex50GaIedxwTBzJZbSJZ1BgFzEeImPboUJGZho31F+/OktONOPDfiAp2zP
Qm0Lg42mvW4R/aEBA6s5weJiGWFzKAAujw8F8o89OQMr0ighyPKyDS+3Pz3nWD1F
iqJsyoXMkKJ29upjeewqw1m7zwgxsUTtwOOvJK31OUKyBKTNBI5LDY7UaC3HeXs1
OJmftM6gsTC18rGpmcVlkbHZDnlH2ILyxd2dRcVy2/XUlAcDr4JG8/LBCWxa1KP4
zriI/3X4zJjuUh8fad8ejmsRvK6AO/PZsbGiNzhFQUY47CVDXHY/s4tQTF7lAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUKtDqlGF2cUsh/gAARnHn0FlYth8wHwYDVR0j
BBgwFoAUhhqdNX1T1UWUhKH1khcE52JkGmIwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzMzLzg2MUE5RDM1N0Q1
M0Q1NDU5NDg0QTFGNTkyMTcwNEU3NjI2NDFBNjIuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9oaHFkTlgxVDFVV1VoS0gxa2hjRTUySmtHbUkuY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzMvMzgz
NDJlMzMzODJlMzIzNDM3MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDM2MzEz
OC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFQm9zANBgkqhkiG9w0BAQsFAAOCAQEAo+f94WjbuxGR2z9C
hO+bA5dtkm14yK5Bsh2qhoIxgmeWLIAodcM9brFASS5QwXLY1QYsCo0JLVg4hdiU
QNeyFB1N2wSi/bcqo/W059p3X5SkZJMr+6XUgFGEDBeK9fiP3KQ6HR2fXUokmFS0
HcAq4UBUHHzLpIJmOtuCxopLsZHuQ31ZXdQWPXfIDSNEIjf6oWqDzenjnyLtN49m
N6qw8zLHI2ljqPNMJOC0XA4fNu9e+kWOJlICzzzpHMd6T4H92jUsOYTK20OqLlhR
t5b2jB3qF9nylNxTfOEaVo8F1eYrZVPl2XD5Nc56p26hKC2bd5PQN8M8zH9I6A4w
y2so2g==
-----END CERTIFICATE-----