Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2033323134.roa
File:                     3139322e3130392e3232382e302f32332d3234203d3e2033323134.roa (raw, json)
Hash identifier:          eVjzSD3k6WYPnVFhT8m/iFC344fkny2oQtsvbf50zjk=
Subject key identifier:   34:0C:79:73:AA:57:36:D3:75:0B:74:B7:6F:37:77:97:61:FF:7B:85
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       72DF95D7EDE456686B4F076FDF26AF31C15231B9
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2033323134.roa
Signing time:             Thu 12 Sep 2024 13:50:18 +0000
ROA not before:           Thu 12 Sep 2024 13:45:18 +0000
ROA not after:            Thu 11 Sep 2025 13:50:18 +0000
asID:                     3214
IP address blocks:        192.109.228.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:df:95:d7:ed:e4:56:68:6b:4f:07:6f:df:26:af:31:c1:52:31:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Sep 12 13:45:18 2024 GMT
            Not After : Sep 11 13:50:18 2025 GMT
        Subject: CN=340C7973AA5736D3750B74B76F37779761FF7B85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:75:bf:53:c1:93:44:26:45:5f:85:ca:83:51:
                    8c:02:0c:df:cd:3a:1d:9d:de:ae:18:9f:ef:3e:78:
                    d8:8a:2a:75:98:dd:cb:d2:a3:3f:48:79:91:e0:7c:
                    eb:01:cb:39:ce:7e:90:cf:40:43:c3:50:12:ba:03:
                    f4:00:fa:ec:6c:aa:8d:19:20:2c:3a:6b:c4:4e:4c:
                    6e:dd:26:3e:46:81:99:18:59:09:64:ae:b6:d0:3a:
                    2b:ac:20:2a:fa:e4:7b:8f:0e:2e:28:c1:05:8c:34:
                    0f:67:b6:aa:96:26:cd:53:3a:f8:16:80:e1:36:1a:
                    d0:19:d0:7c:be:ed:d0:19:4e:c3:b8:57:4f:61:9d:
                    b1:cb:70:9e:9a:29:e3:49:a4:d5:24:93:7d:d5:6d:
                    c5:a5:0a:20:38:73:b1:4d:37:a2:f2:19:dd:bc:1f:
                    5b:c2:80:92:7a:0d:f3:26:87:59:63:e2:aa:6b:30:
                    4c:d8:20:47:79:12:80:7d:2b:d5:e4:36:40:ce:cf:
                    e9:07:55:7b:dc:36:37:7f:d3:58:ef:04:08:67:cf:
                    94:3b:10:b9:45:43:4e:a3:6d:44:3c:84:e0:e8:17:
                    5d:67:89:2d:47:c6:ce:a0:ee:b2:f6:d7:53:04:99:
                    cf:0f:80:93:f8:7d:aa:6e:2d:99:b4:46:93:26:5c:
                    2f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:0C:79:73:AA:57:36:D3:75:0B:74:B7:6F:37:77:97:61:FF:7B:85
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:64:a3:c8:8b:2e:80:70:3c:44:e3:46:98:66:13:cd:9f:6c:
         6f:0c:12:b0:1e:ec:2c:c7:d4:6f:17:55:47:33:55:53:e5:70:
         24:68:d0:27:77:77:42:e5:86:f7:77:3d:3e:1c:55:8d:e1:5e:
         c0:02:ec:ef:8e:8b:95:fd:b3:a3:65:a4:aa:75:70:a0:ea:e0:
         28:f9:56:c5:32:61:15:14:dd:f5:ff:15:bd:f7:bf:1f:39:9d:
         81:ae:5a:9d:0c:fd:0c:d7:a9:8b:10:6a:6f:61:d5:cc:09:8f:
         52:69:95:62:6e:cd:a9:8c:81:a8:41:17:74:16:29:16:82:7f:
         b1:50:46:ee:0b:3e:c7:5b:70:38:e5:4a:d2:8a:50:3d:f8:d1:
         2f:34:c4:3e:23:6a:23:23:43:3f:7d:d3:81:6a:9b:2b:57:24:
         8b:d3:37:cd:86:ba:8d:54:bc:7b:0a:58:a3:77:c9:88:c5:75:
         33:55:44:7f:fa:b9:3e:a8:9f:99:a4:60:fd:d3:a8:18:6b:59:
         d1:74:f0:fe:19:c7:85:8d:58:64:9a:4d:7d:98:2d:bc:ee:45:
         b4:50:ed:81:a4:70:76:ee:f5:71:87:4c:ea:b9:68:50:4a:9f:
         24:d5:a0:ed:87:a8:12:be:3d:44:16:2b:f4:d1:06:08:a3:48:
         cd:c0:3d:3d
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUct+V1+3kVmhrTwdv3yavMcFSMbkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA5MTIxMzQ1MThaFw0yNTA5MTExMzUwMThaMDMxMTAvBgNV
BAMTKDM0MEM3OTczQUE1NzM2RDM3NTBCNzRCNzZGMzc3Nzk3NjFGRjdCODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAdb9TwZNEJkVfhcqDUYwCDN/N
Oh2d3q4Yn+8+eNiKKnWY3cvSoz9IeZHgfOsByznOfpDPQEPDUBK6A/QA+uxsqo0Z
ICw6a8ROTG7dJj5GgZkYWQlkrrbQOiusICr65HuPDi4owQWMNA9ntqqWJs1TOvgW
gOE2GtAZ0Hy+7dAZTsO4V09hnbHLcJ6aKeNJpNUkk33VbcWlCiA4c7FNN6LyGd28
H1vCgJJ6DfMmh1lj4qprMEzYIEd5EoB9K9XkNkDOz+kHVXvcNjd/01jvBAhnz5Q7
ELlFQ06jbUQ8hODoF11niS1Hxs6g7rL211MEmc8PgJP4fapuLZm0RpMmXC+ZAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUNAx5c6pXNtN1C3S3bzd3l2H/e4UwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzODJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDMzMzIz
MTM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQBwG3kMA0GCSqGSIb3DQEBCwUAA4IBAQABZKPIiy6AcDxE
40aYZhPNn2xvDBKwHuwsx9RvF1VHM1VT5XAkaNAnd3dC5Yb3dz0+HFWN4V7AAuzv
jouV/bOjZaSqdXCg6uAo+VbFMmEVFN31/xW9978fOZ2BrlqdDP0M16mLEGpvYdXM
CY9SaZVibs2pjIGoQRd0FikWgn+xUEbuCz7HW3A45UrSilA9+NEvNMQ+I2ojI0M/
fdOBapsrVySL0zfNhrqNVLx7Clijd8mIxXUzVUR/+rk+qJ+ZpGD906gYa1nRdPD+
GceFjVhkmk19mC287kW0UO2BpHB27vVxh0zquWhQSp8k1aDth6gSvj1EFiv00QYI
o0jNwD09
-----END CERTIFICATE-----