Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/37/38352e3139332e37382e302f32342d3234203d3e203134363138.roa
File:                     38352e3139332e37382e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          5z2YNjD7ok1UFT/KM+gtGJg2M92pJa2vLRJVd7eeUNE=
Subject key identifier:   86:17:9A:D0:40:B0:E2:DD:3F:99:46:72:74:44:31:64:CF:D2:18:9D
Certificate issuer:       /CN=c8af62a54d23ce118fceb4a95e614c0b1df60351
Certificate serial:       4885E621D9D683551C8CEF32E59C60704BF87130
Authority key identifier: C8:AF:62:A5:4D:23:CE:11:8F:CE:B4:A9:5E:61:4C:0B:1D:F6:03:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer
Subject info access:      rsync://0.sb/repo/sb/37/38352e3139332e37382e302f32342d3234203d3e203134363138.roa
Signing time:             Tue 05 Dec 2023 05:53:48 +0000
ROA not before:           Tue 05 Dec 2023 05:48:48 +0000
ROA not after:            Tue 03 Dec 2024 05:53:48 +0000
asID:                     14618
IP address blocks:        85.193.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.crl
                          rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:85:e6:21:d9:d6:83:55:1c:8c:ef:32:e5:9c:60:70:4b:f8:71:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8af62a54d23ce118fceb4a95e614c0b1df60351
        Validity
            Not Before: Dec  5 05:48:48 2023 GMT
            Not After : Dec  3 05:53:48 2024 GMT
        Subject: CN=86179AD040B0E2DD3F99467274443164CFD2189D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9e:01:f0:5f:98:76:62:d4:b3:7b:98:29:48:
                    d0:b1:53:38:3e:da:70:94:2a:1b:c8:24:a0:20:37:
                    5c:cf:e8:02:e8:5b:c0:5e:d8:d2:bf:99:41:67:6a:
                    c0:41:98:d1:76:84:3e:d2:7e:4c:d9:fe:5f:79:a9:
                    6b:53:22:70:89:44:2c:f9:d6:86:77:4f:61:fe:d0:
                    fe:47:2e:c5:67:12:92:8d:78:ce:4d:6c:49:9f:b4:
                    c6:c4:75:13:15:46:3a:24:9e:41:0a:f2:cc:4c:4b:
                    51:38:5b:c9:df:a4:69:64:51:7f:b2:75:00:a8:e4:
                    d9:2c:20:0a:7c:06:d7:fd:d7:97:78:ea:b7:17:6b:
                    2c:6a:fa:ae:96:e9:d0:97:2d:50:5d:b2:72:07:76:
                    53:27:e2:b0:09:fb:25:3d:36:43:0d:b1:9b:20:74:
                    3a:33:01:de:3f:60:96:47:93:3f:b9:c2:f2:ae:12:
                    3b:37:e3:ab:47:a0:7d:64:37:30:0a:8f:60:93:25:
                    02:b8:0e:89:9e:57:63:de:b0:70:97:50:40:45:5d:
                    33:ce:d0:af:f5:99:14:93:8b:5f:e4:76:f8:98:08:
                    37:98:60:04:24:1e:f6:4e:be:5f:1c:8a:b2:a7:88:
                    eb:91:ab:77:25:00:2f:81:3c:04:1f:5b:a2:c5:d5:
                    c2:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:17:9A:D0:40:B0:E2:DD:3F:99:46:72:74:44:31:64:CF:D2:18:9D
            X509v3 Authority Key Identifier:
                keyid:C8:AF:62:A5:4D:23:CE:11:8F:CE:B4:A9:5E:61:4C:0B:1D:F6:03:51

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/37/38352e3139332e37382e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.193.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:8a:e8:d0:ef:97:87:94:ba:1e:a8:bc:c0:4c:05:95:c5:51:
         56:4b:0d:72:9c:66:de:3d:79:d8:96:fb:33:ea:17:97:54:86:
         fd:81:dd:fb:3a:d7:ea:48:43:b3:e9:52:f6:7d:56:0d:f2:56:
         46:98:fa:ca:4c:f9:48:9d:13:f5:9e:20:fa:dd:8d:84:8d:79:
         6e:ab:60:5c:99:79:58:a2:72:30:5c:2e:d0:ab:13:35:dc:20:
         22:03:d6:8d:bd:9f:87:76:25:7b:4c:39:b7:5a:89:f0:47:e9:
         52:4b:8a:43:87:d6:7e:35:a6:b4:cd:87:4d:94:13:d9:16:7b:
         5b:40:1e:47:c8:08:cd:08:0f:37:a1:6d:b5:0e:eb:8f:81:00:
         ce:02:0a:08:e3:d9:b4:25:62:e3:a8:84:36:8d:76:f4:b6:13:
         14:0e:72:ae:bb:63:36:43:5b:a6:e9:d1:2d:ac:fe:1e:aa:0f:
         d2:33:1b:49:07:c2:88:b2:d9:76:28:35:7e:74:99:c4:79:76:
         49:fc:9b:3f:29:f5:78:0f:dc:1b:1a:67:ce:75:e1:23:8a:b6:
         23:77:79:03:0f:49:fd:9e:2e:f8:6e:ad:06:d8:35:7f:f4:20:
         e1:49:c2:3f:c0:1a:40:a2:99:62:58:bd:1f:d7:db:df:ba:59:
         ed:89:80:00
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUSIXmIdnWg1UcjO8y5ZxgcEv4cTAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzhhZjYyYTU0ZDIzY2UxMThmY2ViNGE5NWU2MTRjMGIx
ZGY2MDM1MTAeFw0yMzEyMDUwNTQ4NDhaFw0yNDEyMDMwNTUzNDhaMDMxMTAvBgNV
BAMTKDg2MTc5QUQwNDBCMEUyREQzRjk5NDY3Mjc0NDQzMTY0Q0ZEMjE4OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgngHwX5h2YtSze5gpSNCxUzg+
2nCUKhvIJKAgN1zP6ALoW8Be2NK/mUFnasBBmNF2hD7SfkzZ/l95qWtTInCJRCz5
1oZ3T2H+0P5HLsVnEpKNeM5NbEmftMbEdRMVRjoknkEK8sxMS1E4W8nfpGlkUX+y
dQCo5NksIAp8Btf915d46rcXayxq+q6W6dCXLVBdsnIHdlMn4rAJ+yU9NkMNsZsg
dDozAd4/YJZHkz+5wvKuEjs346tHoH1kNzAKj2CTJQK4DomeV2PesHCXUEBFXTPO
0K/1mRSTi1/kdviYCDeYYAQkHvZOvl8cirKniOuRq3clAC+BPAQfW6LF1cJTAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUhhea0ECw4t0/mUZydEQxZM/SGJ0wHwYDVR0j
BBgwFoAUyK9ipU0jzhGPzrSpXmFMCx32A1EwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzM3L0M4QUY2MkE1NEQy
M0NFMTE4RkNFQjRBOTVFNjE0QzBCMURGNjAzNTEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC95SzlpcFUwanpoR1B6clNwWG1GTUN4MzJBMUUuY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzcvMzgz
NTJlMzEzOTMzMmUzNzM4MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDM2MzEz
OC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFXBTjANBgkqhkiG9w0BAQsFAAOCAQEAB4ro0O+Xh5S6Hqi8
wEwFlcVRVksNcpxm3j152Jb7M+oXl1SG/YHd+zrX6khDs+lS9n1WDfJWRpj6ykz5
SJ0T9Z4g+t2NhI15bqtgXJl5WKJyMFwu0KsTNdwgIgPWjb2fh3Yle0w5t1qJ8Efp
UkuKQ4fWfjWmtM2HTZQT2RZ7W0AeR8gIzQgPN6FttQ7rj4EAzgIKCOPZtCVi46iE
No129LYTFA5yrrtjNkNbpunRLaz+HqoP0jMbSQfCiLLZdig1fnSZxHl2SfybPyn1
eA/cGxpnznXhI4q2I3d5Aw9J/Z4u+G6tBtg1f/Qg4UnCP8AaQKKZYli9H9fb37pZ
7YmAAA==
-----END CERTIFICATE-----