Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/35/39312e3232302e32352e302f32342d3234203d3e203134363138.roa
File:                     39312e3232302e32352e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          MNVFRmagOG1UxNlGHddX73g7nwD6nzl+GpK8NxDOMCY=
Subject key identifier:   F1:E2:3D:BB:A4:0D:2E:01:D2:82:57:EC:DB:BA:BD:C8:FA:42:35:D5
Certificate issuer:       /CN=3507d47ee4e97f6bfd3ac4ce07bf99c0554c9a4b
Certificate serial:       53F34DA9D3B262F7696FE114C545062265C48595
Authority key identifier: 35:07:D4:7E:E4:E9:7F:6B:FD:3A:C4:CE:07:BF:99:C0:55:4C:9A:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer
Subject info access:      rsync://0.sb/repo/sb/35/39312e3232302e32352e302f32342d3234203d3e203134363138.roa
Signing time:             Tue 05 Dec 2023 05:54:22 +0000
ROA not before:           Tue 05 Dec 2023 05:49:22 +0000
ROA not after:            Tue 03 Dec 2024 05:54:22 +0000
asID:                     14618
IP address blocks:        91.220.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.crl
                          rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:f3:4d:a9:d3:b2:62:f7:69:6f:e1:14:c5:45:06:22:65:c4:85:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3507d47ee4e97f6bfd3ac4ce07bf99c0554c9a4b
        Validity
            Not Before: Dec  5 05:49:22 2023 GMT
            Not After : Dec  3 05:54:22 2024 GMT
        Subject: CN=F1E23DBBA40D2E01D28257ECDBBABDC8FA4235D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ef:d3:78:bb:b8:f9:38:88:1b:25:09:7f:4e:
                    b4:81:99:37:9f:73:cd:c0:47:66:4c:2f:ff:72:ad:
                    55:07:66:d2:2e:73:36:2f:5e:f5:11:e4:f4:26:9b:
                    94:df:6b:79:51:7d:9a:67:cc:41:7b:bb:ea:ba:e9:
                    ab:a0:f8:1c:f3:4d:fc:9a:72:6a:a1:41:b5:54:40:
                    e6:84:40:05:c4:27:a6:cb:ce:e8:16:bb:6a:3a:4e:
                    e6:b2:3e:47:83:44:63:41:46:b0:2f:43:2b:0a:e2:
                    ca:08:0f:c6:af:59:07:46:f7:61:e2:f9:1a:e9:cd:
                    2e:95:88:71:6d:4d:34:13:33:41:62:85:8f:8d:58:
                    90:8e:4f:3f:88:20:2f:b5:ce:4a:9c:90:ad:4a:69:
                    8c:cf:12:1a:bb:06:6d:48:f6:3d:33:29:7a:8e:f2:
                    f4:7f:51:5c:b3:09:6a:97:c0:89:4a:b5:f0:41:29:
                    4c:91:c1:62:11:36:7c:89:b1:02:a7:b0:d5:3f:fa:
                    28:3d:7b:d2:b4:f9:36:86:1b:8e:75:a9:e0:ab:92:
                    b0:ce:83:90:3c:4e:ac:bd:9f:8c:c3:60:b9:c6:32:
                    84:da:f2:a8:d4:9a:0b:29:4c:ab:86:51:48:d0:73:
                    c7:2c:ba:71:ba:f1:68:68:9a:66:af:07:46:de:3b:
                    f3:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:E2:3D:BB:A4:0D:2E:01:D2:82:57:EC:DB:BA:BD:C8:FA:42:35:D5
            X509v3 Authority Key Identifier:
                keyid:35:07:D4:7E:E4:E9:7F:6B:FD:3A:C4:CE:07:BF:99:C0:55:4C:9A:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/35/39312e3232302e32352e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:5b:45:3e:82:aa:b3:bc:3f:fd:7d:85:a7:a0:f9:59:bd:c9:
         4a:38:21:79:e8:6d:8a:4c:0f:e6:d1:b8:f9:94:78:4d:61:7f:
         bc:f0:5e:90:8d:31:ab:78:75:15:ad:33:af:e3:c8:87:18:4a:
         83:a9:39:28:45:ce:9d:44:80:21:37:45:d1:44:7f:e2:cb:e6:
         f4:17:c1:cc:2f:a8:93:17:88:36:85:81:22:b7:22:ab:02:c7:
         50:f8:c7:34:00:1d:e7:1e:3f:92:1a:a9:c4:1c:77:2d:46:25:
         eb:ca:4b:36:0f:bc:6d:07:74:25:16:cd:82:73:11:9d:71:d0:
         16:bd:04:cf:88:05:36:e5:af:c2:ca:5d:75:45:0c:37:f3:ab:
         6c:d9:b8:1d:24:3a:20:51:de:cc:50:7d:7d:00:b6:77:fb:4b:
         48:d5:66:fe:53:97:94:c2:75:e3:5d:67:c5:f7:ad:1c:ae:fa:
         b7:98:dd:09:30:8a:6a:fc:17:f3:bd:72:b3:6d:c7:03:61:98:
         e0:2e:bd:dc:65:09:4e:a8:f4:9b:2a:ea:5d:75:70:44:6e:6b:
         6b:b5:3c:f2:3f:6d:6f:24:69:90:9f:d5:21:dc:ef:74:8e:96:
         46:38:f2:78:4e:de:86:bf:6a:57:ab:d9:bf:4a:1a:84:b8:b2:
         f9:5e:25:8f
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUU/NNqdOyYvdpb+EUxUUGImXEhZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzUwN2Q0N2VlNGU5N2Y2YmZkM2FjNGNlMDdiZjk5YzA1
NTRjOWE0YjAeFw0yMzEyMDUwNTQ5MjJaFw0yNDEyMDMwNTU0MjJaMDMxMTAvBgNV
BAMTKEYxRTIzREJCQTQwRDJFMDFEMjgyNTdFQ0RCQkFCREM4RkE0MjM1RDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz79N4u7j5OIgbJQl/TrSBmTef
c83AR2ZML/9yrVUHZtIuczYvXvUR5PQmm5Tfa3lRfZpnzEF7u+q66aug+BzzTfya
cmqhQbVUQOaEQAXEJ6bLzugWu2o6TuayPkeDRGNBRrAvQysK4soID8avWQdG92Hi
+RrpzS6ViHFtTTQTM0FihY+NWJCOTz+IIC+1zkqckK1KaYzPEhq7Bm1I9j0zKXqO
8vR/UVyzCWqXwIlKtfBBKUyRwWIRNnyJsQKnsNU/+ig9e9K0+TaGG451qeCrkrDO
g5A8Tqy9n4zDYLnGMoTa8qjUmgspTKuGUUjQc8csunG68WhommavB0beO/MHAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQU8eI9u6QNLgHSglfs27q9yPpCNdUwHwYDVR0j
BBgwFoAUNQfUfuTpf2v9OsTOB7+ZwFVMmkswDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzM1LzM1MDdENDdFRTRF
OTdGNkJGRDNBQzRDRTA3QkY5OUMwNTU0QzlBNEIuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9OUWZVZnVUcGYydjlPc1RPQjctWndGVk1ta3MuY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzUvMzkz
MTJlMzIzMjMwMmUzMjM1MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDM2MzEz
OC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFvcGTANBgkqhkiG9w0BAQsFAAOCAQEAT1tFPoKqs7w//X2F
p6D5Wb3JSjgheehtikwP5tG4+ZR4TWF/vPBekI0xq3h1Fa0zr+PIhxhKg6k5KEXO
nUSAITdF0UR/4svm9BfBzC+okxeINoWBIrciqwLHUPjHNAAd5x4/khqpxBx3LUYl
68pLNg+8bQd0JRbNgnMRnXHQFr0Ez4gFNuWvwspddUUMN/OrbNm4HSQ6IFHezFB9
fQC2d/tLSNVm/lOXlMJ1411nxfetHK76t5jdCTCKavwX871ys23HA2GY4C693GUJ
Tqj0myrqXXVwRG5ra7U88j9tbyRpkJ/VIdzvdI6WRjjyeE7ehr9qV6vZv0oahLiy
+V4ljw==
-----END CERTIFICATE-----