Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2038383838.roa
File:                     3139322e3130392e3232382e302f32332d3234203d3e2038383838.roa (raw, json)
Hash identifier:          BKmnjg7tDFdkqMAJjvdobSDC0wicCu/14ZsuTAUPOoQ=
Subject key identifier:   C0:45:F4:7A:F2:5B:A6:2B:69:D2:6A:DE:CB:46:78:FF:E6:4D:F7:CF
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       3B26B21B2AB49EB2DDC7A3413E6B827007460DB7
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2038383838.roa
Signing time:             Fri 25 Jul 2025 10:52:36 +0000
ROA not before:           Fri 25 Jul 2025 10:47:36 +0000
ROA not after:            Fri 24 Jul 2026 10:52:36 +0000
asID:                     8888
IP address blocks:        192.109.228.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 14:17:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:26:b2:1b:2a:b4:9e:b2:dd:c7:a3:41:3e:6b:82:70:07:46:0d:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Jul 25 10:47:36 2025 GMT
            Not After : Jul 24 10:52:36 2026 GMT
        Subject: CN=C045F47AF25BA62B69D26ADECB4678FFE64DF7CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9f:6c:6a:97:0b:c1:33:8c:1b:74:0a:20:0a:
                    6a:a4:d3:52:6d:d1:4e:51:9d:f8:64:a6:9c:1c:9b:
                    57:ca:c9:3c:42:4e:8e:e3:d1:5c:8e:9b:94:1e:c1:
                    08:43:f3:d9:9b:ab:40:ba:35:d9:ef:d1:63:08:7a:
                    a7:90:37:33:69:3a:b8:64:3c:c7:a2:2d:13:7a:9f:
                    fd:44:3a:71:ef:c3:34:dd:4e:8b:bd:cc:fd:d7:09:
                    93:73:be:e5:c9:04:0b:18:61:fb:1e:3e:1b:8c:4e:
                    f6:33:54:03:81:1f:35:f5:f6:64:a3:6f:10:1d:2e:
                    ba:61:41:4d:d8:bd:a9:39:fe:05:79:f0:12:25:51:
                    78:84:20:51:53:29:86:3a:dc:94:e9:cf:51:9f:68:
                    27:58:47:d2:53:d0:e3:cd:4c:4c:85:a6:64:50:f3:
                    c5:3e:9b:06:63:2b:80:f4:36:0b:97:0e:7d:fb:29:
                    ba:dd:65:da:9c:6c:95:ec:ad:df:d0:04:09:87:c7:
                    e1:18:8b:c3:d8:9c:c4:df:d8:9d:50:77:d9:62:a4:
                    a4:ad:bf:d9:d3:2f:45:ba:eb:9f:e5:d3:02:b9:f4:
                    f7:22:b3:5b:10:a1:ba:0f:6b:8b:f7:24:d9:a9:b9:
                    e4:00:9d:df:9e:4f:70:ff:6b:f8:b1:b8:97:c9:d0:
                    d3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:45:F4:7A:F2:5B:A6:2B:69:D2:6A:DE:CB:46:78:FF:E6:4D:F7:CF
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32332d3234203d3e2038383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:c7:c0:e1:cb:d5:be:27:5a:0b:c2:cb:fd:74:0a:f2:33:c2:
         88:aa:93:3b:86:3f:f6:c3:12:76:47:74:af:29:f0:5f:d4:87:
         b9:15:f1:d4:c2:0b:0d:98:38:b0:4a:04:bf:6a:f3:c0:9f:2a:
         1d:60:ef:19:dc:8f:ed:11:00:a0:ae:1f:fe:fc:81:14:d2:8c:
         db:01:31:57:ad:f4:fa:f4:67:f6:66:a6:5b:68:dc:c0:26:87:
         b1:da:02:b9:b8:1b:0e:b6:83:09:6d:6a:9d:d2:21:a6:1e:66:
         ff:a5:d8:a7:ef:4c:aa:98:16:cc:c4:32:6e:a7:56:d2:1f:43:
         01:a5:a6:cf:e0:c9:2b:2d:bc:e2:92:a7:b1:29:8c:c1:c0:a9:
         b5:15:dd:0c:7e:22:a9:b9:dd:6b:0c:b5:49:77:36:78:02:ea:
         e6:cc:4d:e0:18:41:52:2e:12:00:fd:a1:fd:d1:31:ee:60:d9:
         e5:ac:a9:30:a7:d0:37:67:4c:b0:a9:64:64:18:07:35:d7:a0:
         40:88:1e:1f:c5:fe:26:fa:d5:5e:57:b6:ce:fe:a9:c9:0c:d7:
         78:b5:0f:9e:e3:ee:98:fc:72:27:7d:13:8c:30:53:08:b1:de:
         dd:37:64:05:ca:b0:b5:6d:f1:6c:6a:4a:1b:2e:6f:1e:e4:b0:
         f5:40:1d:02
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUOyayGyq0nrLdx6NBPmuCcAdGDbcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA3MjUxMDQ3MzZaFw0yNjA3MjQxMDUyMzZaMDMxMTAvBgNV
BAMTKEMwNDVGNDdBRjI1QkE2MkI2OUQyNkFERUNCNDY3OEZGRTY0REY3Q0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxn2xqlwvBM4wbdAogCmqk01Jt
0U5Rnfhkppwcm1fKyTxCTo7j0VyOm5QewQhD89mbq0C6Ndnv0WMIeqeQNzNpOrhk
PMeiLRN6n/1EOnHvwzTdTou9zP3XCZNzvuXJBAsYYfsePhuMTvYzVAOBHzX19mSj
bxAdLrphQU3Yvak5/gV58BIlUXiEIFFTKYY63JTpz1GfaCdYR9JT0OPNTEyFpmRQ
88U+mwZjK4D0NguXDn37KbrdZdqcbJXsrd/QBAmHx+EYi8PYnMTf2J1Qd9lipKSt
v9nTL0W665/l0wK59Pcis1sQoboPa4v3JNmpueQAnd+eT3D/a/ixuJfJ0NPNAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUwEX0evJbpitp0mrey0Z4/+ZN988wHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzODJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4Mzgz
ODM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQBwG3kMA0GCSqGSIb3DQEBCwUAA4IBAQAAx8Dhy9W+J1oL
wsv9dAryM8KIqpM7hj/2wxJ2R3SvKfBf1Ie5FfHUwgsNmDiwSgS/avPAnyodYO8Z
3I/tEQCgrh/+/IEU0ozbATFXrfT69Gf2ZqZbaNzAJoex2gK5uBsOtoMJbWqd0iGm
Hmb/pdin70yqmBbMxDJup1bSH0MBpabP4MkrLbzikqexKYzBwKm1Fd0MfiKpud1r
DLVJdzZ4AurmzE3gGEFSLhIA/aH90THuYNnlrKkwp9A3Z0ywqWRkGAc116BAiB4f
xf4m+tVeV7bO/qnJDNd4tQ+e4+6Y/HInfROMMFMIsd7dN2QFyrC1bfFsakobLm8e
5LD1QB0C
-----END CERTIFICATE-----