Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3138352e34362e36382e302f32342d3234203d3e20323130343239.roa
File:                     3138352e34362e36382e302f32342d3234203d3e20323130343239.roa (raw, json)
Hash identifier:          U2/moA4UKHLL+uV0WB7jZZC6GUrx54vDRCCnqcbQ+NQ=
Subject key identifier:   BC:55:51:A5:7F:6A:5A:38:1A:A8:46:86:BE:11:E3:19:67:1F:C0:4A
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       777CB18F507E1C3C6D0AB2CDA7F4DBFE0948CF85
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3138352e34362e36382e302f32342d3234203d3e20323130343239.roa
Signing time:             Tue 22 Jul 2025 08:53:43 +0000
ROA not before:           Tue 22 Jul 2025 08:48:43 +0000
ROA not after:            Tue 21 Jul 2026 08:53:43 +0000
asID:                     210429
IP address blocks:        185.46.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 22:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:7c:b1:8f:50:7e:1c:3c:6d:0a:b2:cd:a7:f4:db:fe:09:48:cf:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Jul 22 08:48:43 2025 GMT
            Not After : Jul 21 08:53:43 2026 GMT
        Subject: CN=BC5551A57F6A5A381AA84686BE11E319671FC04A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:0e:f0:55:a9:09:a8:eb:dc:a6:ba:1d:4b:19:
                    62:aa:34:f8:a8:e4:34:8c:f8:6c:2b:cf:60:4e:a3:
                    d2:40:df:de:de:7a:90:9e:d2:d4:3b:35:b3:10:46:
                    23:f6:45:06:f9:1a:4c:e2:72:b1:a7:e5:bd:06:32:
                    e4:26:fa:7e:c3:8c:1c:3b:48:61:50:4c:36:0d:dd:
                    01:99:1c:66:c6:94:8b:21:2e:f3:dc:66:22:c7:40:
                    cd:33:c4:c5:e1:a6:35:f3:1c:d1:d1:f1:9e:fb:7b:
                    0d:0f:e7:46:eb:00:1f:b7:92:67:21:96:83:7c:9e:
                    a4:5a:b2:56:7d:dd:41:4d:f6:92:d9:ec:77:25:85:
                    b2:25:93:24:15:d7:65:26:5d:b4:fb:ba:c8:ac:6b:
                    e9:e1:27:ed:23:04:53:15:5f:95:d0:2d:7b:e2:27:
                    63:bf:c7:96:2c:b6:aa:63:48:75:14:e4:ee:e5:ff:
                    a4:c4:30:74:31:9a:f2:f7:6d:b8:dd:58:5c:55:08:
                    8b:bd:9c:3c:65:6e:2f:e4:18:99:7a:1a:c7:ef:bd:
                    c0:4f:c3:05:b1:bf:86:45:e8:d5:36:ad:bd:2b:d2:
                    ad:0a:36:56:e8:47:91:2a:df:21:60:12:65:a9:c3:
                    80:e5:90:d5:a7:d8:47:70:40:73:05:a6:c3:8c:49:
                    de:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:55:51:A5:7F:6A:5A:38:1A:A8:46:86:BE:11:E3:19:67:1F:C0:4A
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3138352e34362e36382e302f32342d3234203d3e20323130343239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:ad:3e:e1:c0:b9:02:13:d4:fb:55:dd:86:49:35:da:2d:0c:
         b0:4f:f7:90:6c:99:da:39:fb:7f:5c:5d:94:09:7f:e3:d1:c8:
         20:7b:2f:80:47:da:ea:6b:89:f8:63:d1:df:f4:23:40:05:f5:
         14:f9:55:23:ee:1e:87:e8:43:b2:68:69:e5:64:5c:11:02:96:
         93:8b:7c:04:cb:ac:3d:f1:42:42:d8:c6:b8:4b:36:dd:1b:22:
         e8:c1:37:f2:ff:3a:87:18:5f:17:a0:8a:fe:c0:29:4a:a0:6a:
         53:7a:45:1a:5e:e1:3d:1e:74:1a:ac:b9:8b:c3:6f:3b:bc:c0:
         36:17:28:27:e1:dc:3d:7c:14:29:f6:31:71:13:3b:e9:59:9f:
         4c:0b:bd:1d:23:de:5e:23:e4:cf:bf:ab:fb:c6:eb:95:10:9a:
         90:e1:76:02:0b:3b:fb:d3:3c:48:01:bc:c7:c4:4e:18:45:4f:
         7b:12:24:a7:ee:cd:b7:eb:96:a0:d7:4e:60:15:c4:dc:e0:57:
         ac:5a:a1:78:c3:67:72:84:c7:2b:98:f3:2d:99:f1:a8:01:f2:
         1a:93:c4:19:15:c8:9a:01:9a:be:66:9a:38:78:20:ec:ed:2c:
         c5:e8:5d:9f:90:00:24:ca:fd:f8:cd:a9:2e:76:d3:64:f6:60:
         18:3a:b7:f5
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUd3yxj1B+HDxtCrLNp/Tb/glIz4UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA3MjIwODQ4NDNaFw0yNjA3MjEwODUzNDNaMDMxMTAvBgNV
BAMTKEJDNTU1MUE1N0Y2QTVBMzgxQUE4NDY4NkJFMTFFMzE5NjcxRkMwNEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeDvBVqQmo69ymuh1LGWKqNPio
5DSM+Gwrz2BOo9JA397eepCe0tQ7NbMQRiP2RQb5GkzicrGn5b0GMuQm+n7DjBw7
SGFQTDYN3QGZHGbGlIshLvPcZiLHQM0zxMXhpjXzHNHR8Z77ew0P50brAB+3kmch
loN8nqRaslZ93UFN9pLZ7HclhbIlkyQV12UmXbT7usisa+nhJ+0jBFMVX5XQLXvi
J2O/x5YstqpjSHUU5O7l/6TEMHQxmvL3bbjdWFxVCIu9nDxlbi/kGJl6GsfvvcBP
wwWxv4ZF6NU2rb0r0q0KNlboR5Eq3yFgEmWpw4DlkNWn2EdwQHMFpsOMSd4zAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUvFVRpX9qWjgaqEaGvhHjGWcfwEowHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
ODM1MmUzNDM2MmUzNjM4MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMwMzQz
MjM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAuS5EMA0GCSqGSIb3DQEBCwUAA4IBAQAZrT7hwLkCE9T7
Vd2GSTXaLQywT/eQbJnaOft/XF2UCX/j0cggey+AR9rqa4n4Y9Hf9CNABfUU+VUj
7h6H6EOyaGnlZFwRApaTi3wEy6w98UJC2Ma4SzbdGyLowTfy/zqHGF8XoIr+wClK
oGpTekUaXuE9HnQarLmLw287vMA2Fygn4dw9fBQp9jFxEzvpWZ9MC70dI95eI+TP
v6v7xuuVEJqQ4XYCCzv70zxIAbzHxE4YRU97EiSn7s2365ag105gFcTc4FesWqF4
w2dyhMcrmPMtmfGoAfIak8QZFciaAZq+Zpo4eCDs7SzF6F2fkAAkyv34zakudtNk
9mAYOrf1
-----END CERTIFICATE-----