Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/1/3134362e31392e302e302f32342d3234203d3e2038383838.roa
File:                     3134362e31392e302e302f32342d3234203d3e2038383838.roa (raw, json)
Hash identifier:          8M8H7s0+6PEYOPiP+i/A7SxmCn/mfCoc9BgSmxCnWkA=
Subject key identifier:   C2:85:99:BF:C6:2A:B7:FF:0E:44:85:C3:5C:5E:67:80:B6:73:C5:65
Certificate issuer:       /CN=917b088922d0f33feca164e08554ec992daa39c5
Certificate serial:       68C0D9E503E7124773C19C22CC92DB3F712EECDF
Authority key identifier: 91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
Subject info access:      rsync://0.sb/repo/sb/1/3134362e31392e302e302f32342d3234203d3e2038383838.roa
Signing time:             Fri 23 Aug 2024 10:47:05 +0000
ROA not before:           Fri 23 Aug 2024 10:42:05 +0000
ROA not after:            Fri 22 Aug 2025 10:47:05 +0000
asID:                     8888
IP address blocks:        146.19.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl
                          rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:c0:d9:e5:03:e7:12:47:73:c1:9c:22:cc:92:db:3f:71:2e:ec:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917b088922d0f33feca164e08554ec992daa39c5
        Validity
            Not Before: Aug 23 10:42:05 2024 GMT
            Not After : Aug 22 10:47:05 2025 GMT
        Subject: CN=C28599BFC62AB7FF0E4485C35C5E6780B673C565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9a:1e:fa:3f:aa:b2:25:fe:9a:09:0e:bc:57:
                    70:8d:c6:3d:78:9f:80:22:22:79:f4:48:67:8d:20:
                    3b:77:09:ea:d7:d5:be:ee:ac:6c:09:f9:41:13:d7:
                    68:81:11:04:6e:02:12:2e:dd:34:d1:0e:66:73:d2:
                    4b:a7:bf:54:60:52:cf:93:20:cf:48:1c:f2:8a:56:
                    72:08:80:82:40:b7:c3:25:be:c3:f2:f8:4f:ec:e7:
                    dc:9b:20:3a:02:c7:b8:2e:85:86:e3:53:86:12:e8:
                    e4:0d:fd:a2:27:9d:44:9b:d9:4a:37:12:7f:e9:d3:
                    dd:ed:d5:42:0a:09:b1:b0:9e:6a:26:e6:eb:90:4c:
                    c1:f9:18:7f:73:9e:13:29:3c:29:0e:73:aa:69:9c:
                    11:76:cc:e4:f9:60:76:ff:2b:18:b4:bd:e1:53:6a:
                    8b:e8:bc:58:8e:1d:c0:1b:10:fb:5f:f8:d3:7b:3d:
                    0e:07:1b:3d:f8:14:aa:d3:18:24:ff:e3:17:29:09:
                    a1:1a:36:08:f7:44:1d:56:29:8b:79:31:cf:fc:3b:
                    87:ae:d5:48:eb:3b:a1:74:39:32:8f:58:c3:40:6d:
                    4d:a7:01:a8:ab:6d:2b:ec:77:b8:d1:ec:a3:69:9f:
                    f4:87:4d:46:08:c7:1d:46:fd:26:71:cb:f2:85:3a:
                    f3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:85:99:BF:C6:2A:B7:FF:0E:44:85:C3:5C:5E:67:80:B6:73:C5:65
            X509v3 Authority Key Identifier:
                keyid:91:7B:08:89:22:D0:F3:3F:EC:A1:64:E0:85:54:EC:99:2D:AA:39:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/1/917B088922D0F33FECA164E08554EC992DAA39C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXsIiSLQ8z_soWTghVTsmS2qOcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/1/3134362e31392e302e302f32342d3234203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:68:ea:93:79:01:b1:14:62:37:16:8a:ab:70:b2:8f:50:5a:
         2e:0a:0a:3c:b9:f9:04:61:f6:1a:32:f7:47:24:75:68:e8:9a:
         c7:05:86:60:70:39:1f:37:b8:94:44:cc:fa:39:98:8f:e4:40:
         39:00:e3:d6:a6:95:91:27:42:f0:aa:62:62:b4:60:77:a2:fc:
         ae:17:44:a4:a5:f3:e2:85:1c:36:ce:9e:d0:49:92:d8:66:56:
         62:e0:c4:5f:c4:a2:c1:22:0d:6d:ae:60:a8:be:d8:e4:b9:8b:
         fe:50:2e:0a:ed:cb:f3:12:35:19:36:18:f7:d6:a4:77:f0:6f:
         c5:a2:17:78:db:4f:97:8a:68:40:e6:85:87:e2:8d:33:aa:43:
         20:ea:e7:ac:61:72:6c:59:ba:9e:26:a9:55:44:1a:fa:fd:b8:
         5c:ec:f6:b7:57:22:f8:b3:3b:46:c4:01:3c:a8:ec:77:40:dc:
         ec:e9:81:52:c7:6e:b5:6e:47:8e:34:e1:da:d2:a5:57:01:f0:
         2c:8f:9b:fb:50:1c:33:14:cd:d7:ac:5f:c0:5b:a6:66:5a:0d:
         39:54:12:6f:2d:8b:cb:69:7f:24:0f:9f:aa:0e:75:f1:b4:67:
         01:91:ed:3d:0e:ec:03:2e:5d:cc:39:fa:c3:26:d2:57:f5:72:
         d3:1f:7b:ba
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIUaMDZ5QPnEkdzwZwizJLbP3Eu7N8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTE3YjA4ODkyMmQwZjMzZmVjYTE2NGUwODU1NGVjOTky
ZGFhMzljNTAeFw0yNDA4MjMxMDQyMDVaFw0yNTA4MjIxMDQ3MDVaMDMxMTAvBgNV
BAMTKEMyODU5OUJGQzYyQUI3RkYwRTQ0ODVDMzVDNUU2NzgwQjY3M0M1NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3mh76P6qyJf6aCQ68V3CNxj14
n4AiInn0SGeNIDt3CerX1b7urGwJ+UET12iBEQRuAhIu3TTRDmZz0kunv1RgUs+T
IM9IHPKKVnIIgIJAt8MlvsPy+E/s59ybIDoCx7guhYbjU4YS6OQN/aInnUSb2Uo3
En/p093t1UIKCbGwnmom5uuQTMH5GH9znhMpPCkOc6ppnBF2zOT5YHb/Kxi0veFT
aovovFiOHcAbEPtf+NN7PQ4HGz34FKrTGCT/4xcpCaEaNgj3RB1WKYt5Mc/8O4eu
1UjrO6F0OTKPWMNAbU2nAairbSvsd7jR7KNpn/SHTUYIxx1G/SZxy/KFOvOHAgMB
AAGjggG0MIIBsDAdBgNVHQ4EFgQUwoWZv8Yqt/8ORIXDXF5ngLZzxWUwHwYDVR0j
BBgwFoAUkXsIiSLQ8z/soWTghVTsmS2qOcUwDgYDVR0PAQH/BAQDAgeAMFQGA1Ud
HwRNMEswSaBHoEWGQ3JzeW5jOi8vMC5zYi9yZXBvL3NiLzEvOTE3QjA4ODkyMkQw
RjMzRkVDQTE2NEUwODU1NEVDOTkyREFBMzlDNS5jcmwwZAYIKwYBBQUHAQEEWDBW
MFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2tYc0lpU0xROHpfc29XVGdoVlRzbVMycU9jVS5jZXIwZwYIKwYBBQUH
AQsEWzBZMFcGCCsGAQUFBzALhktyc3luYzovLzAuc2IvcmVwby9zYi8xLzMxMzQz
NjJlMzEzOTJlMzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODM4MzgzOC5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQC
AAEwBgMEAJITADANBgkqhkiG9w0BAQsFAAOCAQEAJ2jqk3kBsRRiNxaKq3Cyj1Ba
LgoKPLn5BGH2GjL3RyR1aOiaxwWGYHA5Hze4lETM+jmYj+RAOQDj1qaVkSdC8Kpi
YrRgd6L8rhdEpKXz4oUcNs6e0EmS2GZWYuDEX8SiwSINba5gqL7Y5LmL/lAuCu3L
8xI1GTYY99akd/BvxaIXeNtPl4poQOaFh+KNM6pDIOrnrGFybFm6niapVUQa+v24
XOz2t1ci+LM7RsQBPKjsd0Dc7OmBUsdutW5HjjTh2tKlVwHwLI+b+1AcMxTN16xf
wFumZloNOVQSby2Ly2l/JA+fqg518bRnAZHtPQ7sAy5dzDn6wybSV/Vy0x97ug==
-----END CERTIFICATE-----