Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2038383838.roa
File:                     3139322e3130392e3232382e302f32332d3234203d3e2038383838.roa (raw, json)
Hash identifier:          UIu/lqH9a7NlzlzB/251mcctIjPBZv107mikblnVeyk=
Subject key identifier:   9C:6F:6A:0C:27:A1:D4:34:19:02:09:7E:FD:D1:97:68:AC:78:C8:71
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       30AD0C91F4DC6D135B7C53852E487024251F3DFB
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2038383838.roa
Signing time:             Fri 23 Aug 2024 10:47:07 +0000
ROA not before:           Fri 23 Aug 2024 10:42:07 +0000
ROA not after:            Fri 22 Aug 2025 10:47:07 +0000
asID:                     8888
IP address blocks:        192.109.228.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:ad:0c:91:f4:dc:6d:13:5b:7c:53:85:2e:48:70:24:25:1f:3d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Aug 23 10:42:07 2024 GMT
            Not After : Aug 22 10:47:07 2025 GMT
        Subject: CN=9C6F6A0C27A1D4341902097EFDD19768AC78C871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:18:9e:39:2a:0e:dc:18:7a:64:75:31:97:60:
                    11:60:5b:af:b8:b2:26:6b:31:88:77:e5:3d:c0:e3:
                    3c:98:b9:80:6b:bd:1b:44:5b:ba:a4:b2:6d:cf:74:
                    e7:27:2e:72:62:46:03:07:b7:86:37:4c:ca:8c:bd:
                    1a:c4:21:f5:1b:02:2a:73:9c:35:d3:9a:0a:e7:63:
                    9e:7e:48:3b:c5:fe:98:d9:e9:8d:20:c9:fa:86:68:
                    94:fc:ca:99:18:f6:5b:62:3c:ff:5a:15:6d:23:e6:
                    d8:17:e8:f9:7a:94:91:ba:75:8f:37:c1:19:ea:0f:
                    09:95:62:02:09:f9:26:d5:d1:4e:c1:37:f3:18:bf:
                    6a:b5:93:7c:e4:13:ef:10:a0:31:6b:be:5a:06:30:
                    c9:e7:32:6e:f7:2a:3c:c7:ab:30:db:1b:28:8b:2b:
                    f9:2b:89:97:8b:ab:5c:52:7c:6f:74:62:a1:46:47:
                    b9:85:36:4c:52:a8:dc:80:52:4e:a6:65:82:dd:ac:
                    86:f4:26:98:f8:3e:c6:3c:97:a4:af:40:a8:31:90:
                    e8:ae:31:85:8e:c0:91:50:33:9c:14:64:b2:9c:8c:
                    1b:a5:01:91:72:13:7d:85:e6:80:41:29:d1:f0:ca:
                    be:af:9e:8b:77:b2:d5:c5:d5:b9:93:06:fb:c7:f2:
                    d6:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:6F:6A:0C:27:A1:D4:34:19:02:09:7E:FD:D1:97:68:AC:78:C8:71
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:98:9d:63:d0:cb:82:18:f2:3f:cf:94:34:78:63:1f:37:c6:
         50:a2:e7:23:b6:76:85:d8:c6:95:4e:66:93:93:e0:51:76:ae:
         4e:77:c6:54:48:ba:1e:99:05:3d:d9:c5:fc:f4:bf:35:72:bb:
         26:e5:97:97:fb:06:76:5f:ec:82:3e:72:58:32:cf:12:81:42:
         2e:b7:2e:ff:01:7c:01:92:15:6a:75:21:cd:25:00:fc:58:8c:
         f8:32:21:c4:50:fb:79:92:e2:f7:88:e7:12:d5:4d:6c:39:d8:
         86:42:ea:10:08:be:78:b7:04:16:cf:55:a2:85:30:2c:36:29:
         0e:c7:b1:38:e7:66:10:d2:a5:3f:06:8c:14:f4:26:48:9b:98:
         d6:32:d1:47:57:45:81:7b:8c:ce:fc:2b:f4:13:21:ce:15:18:
         4a:a0:dd:fa:c5:b2:8f:8f:24:1a:79:44:5a:3b:81:e6:9c:84:
         39:49:4d:8a:47:c1:ee:df:d8:ee:75:ed:88:3a:77:a5:eb:11:
         b5:7c:03:20:23:c1:e7:1f:84:cd:74:f1:f9:38:75:b2:1d:ca:
         a8:cc:4c:9a:40:89:9c:4e:1f:e1:57:cf:a7:73:45:e3:17:ab:
         ca:e7:17:4f:cd:b6:de:50:75:8c:62:5e:ca:7b:dd:8b:41:39:
         d2:76:81:d2
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUMK0MkfTcbRNbfFOFLkhwJCUfPfswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA4MjMxMDQyMDdaFw0yNTA4MjIxMDQ3MDdaMDMxMTAvBgNV
BAMTKDlDNkY2QTBDMjdBMUQ0MzQxOTAyMDk3RUZERDE5NzY4QUM3OEM4NzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMGJ45Kg7cGHpkdTGXYBFgW6+4
siZrMYh35T3A4zyYuYBrvRtEW7qksm3PdOcnLnJiRgMHt4Y3TMqMvRrEIfUbAipz
nDXTmgrnY55+SDvF/pjZ6Y0gyfqGaJT8ypkY9ltiPP9aFW0j5tgX6Pl6lJG6dY83
wRnqDwmVYgIJ+SbV0U7BN/MYv2q1k3zkE+8QoDFrvloGMMnnMm73KjzHqzDbGyiL
K/kriZeLq1xSfG90YqFGR7mFNkxSqNyAUk6mZYLdrIb0Jpj4PsY8l6SvQKgxkOiu
MYWOwJFQM5wUZLKcjBulAZFyE32F5oBBKdHwyr6vnot3stXF1bmTBvvH8tb7AgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUnG9qDCeh1DQZAgl+/dGXaKx4yHEwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzODJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4Mzgz
ODM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQBwG3kMA0GCSqGSIb3DQEBCwUAA4IBAQB6mJ1j0MuCGPI/
z5Q0eGMfN8ZQoucjtnaF2MaVTmaTk+BRdq5Od8ZUSLoemQU92cX89L81crsm5ZeX
+wZ2X+yCPnJYMs8SgUIuty7/AXwBkhVqdSHNJQD8WIz4MiHEUPt5kuL3iOcS1U1s
OdiGQuoQCL54twQWz1WihTAsNikOx7E452YQ0qU/BowU9CZIm5jWMtFHV0WBe4zO
/Cv0EyHOFRhKoN36xbKPjyQaeURaO4HmnIQ5SU2KR8Hu39jude2IOnel6xG1fAMg
I8HnH4TNdPH5OHWyHcqozEyaQImcTh/hV8+nc0XjF6vK5xdPzbbeUHWMYl7Ke92L
QTnSdoHS
-----END CERTIFICATE-----