Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e2031303330.roa
File:                     3139322e3130392e3232382e302f32342d3234203d3e2031303330.roa (raw, json)
Hash identifier:          Rvm98SVJ1cfxvWxV7nrLa2hE35L708WWzgB6fbDYw2g=
Subject key identifier:   F8:02:28:2A:0A:13:1A:3C:FB:DC:CF:0A:4C:26:D7:35:48:9E:83:E1
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       644939E52B5B892FA41247F2925B081B6489C396
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e2031303330.roa
Signing time:             Fri 23 Aug 2024 10:47:06 +0000
ROA not before:           Fri 23 Aug 2024 10:42:06 +0000
ROA not after:            Fri 22 Aug 2025 10:47:06 +0000
asID:                     1030
IP address blocks:        192.109.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:49:39:e5:2b:5b:89:2f:a4:12:47:f2:92:5b:08:1b:64:89:c3:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Aug 23 10:42:06 2024 GMT
            Not After : Aug 22 10:47:06 2025 GMT
        Subject: CN=F802282A0A131A3CFBDCCF0A4C26D735489E83E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c1:84:fe:64:57:fe:f2:8f:ca:8a:db:38:a0:
                    9d:b0:68:7a:7f:3a:15:1a:b0:1e:29:f1:d8:23:6c:
                    68:1e:09:e7:8d:d7:2b:2a:03:67:92:e3:c3:ef:81:
                    e9:1e:c5:3e:2a:7c:53:b8:d4:49:0a:fd:e8:41:58:
                    99:9a:00:d8:23:c1:79:d4:7e:5a:22:37:27:56:89:
                    7a:62:7d:90:12:37:6b:7a:81:5a:b1:f8:1c:9b:e7:
                    e3:78:68:d3:d3:a7:79:5d:56:a4:54:4c:bd:15:9f:
                    16:3c:00:b1:80:07:65:c3:d0:29:71:3d:e9:9f:07:
                    21:63:ff:f4:75:fe:e1:57:d9:9a:03:bc:34:77:38:
                    8d:8b:eb:58:fc:79:8a:cc:94:f6:96:14:3e:c5:12:
                    b9:c5:ff:7d:9f:dd:35:a0:ac:45:a1:1c:f7:cf:38:
                    56:68:46:19:a4:2b:8c:7d:90:b6:37:b8:af:b2:ba:
                    1b:01:5f:3a:c0:f6:f7:87:b4:de:2c:fa:56:7c:ed:
                    36:58:a2:38:44:9e:4c:cb:51:cb:d2:d1:1a:74:0c:
                    79:0b:2b:0f:a6:ef:a3:b4:c8:a2:25:62:dc:e6:da:
                    99:e3:de:5a:52:ae:be:a2:e0:75:f0:53:0d:49:6c:
                    07:48:e9:61:66:32:cf:92:94:cd:13:92:59:61:9c:
                    5f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:02:28:2A:0A:13:1A:3C:FB:DC:CF:0A:4C:26:D7:35:48:9E:83:E1
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e2031303330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:94:ae:3b:0d:b8:3a:d9:1e:df:cf:39:6c:57:e5:63:65:9e:
         f9:45:f4:80:88:f1:55:24:04:8a:14:02:f3:c4:ad:5b:62:8d:
         04:5f:39:46:4a:f6:7e:5e:ea:b7:b5:2d:f8:ce:8c:bf:10:2b:
         fd:34:84:bc:69:a8:bc:29:91:12:09:38:ed:af:64:7d:44:e5:
         96:8f:ae:50:df:97:c3:1e:b5:56:3e:bb:a1:8d:76:84:d2:fd:
         77:64:1e:c0:fc:e2:bf:b8:4d:f7:8b:83:5b:35:bb:13:d6:49:
         c8:69:0b:f6:7c:bf:ea:39:cd:7e:ce:e5:13:6e:a3:53:5e:cb:
         d0:21:aa:e4:96:85:84:68:50:e6:21:51:1d:58:0e:3f:b4:8d:
         fb:58:5e:c6:29:4a:44:d6:2a:59:7f:c6:3c:13:09:80:24:98:
         0b:48:de:79:12:af:85:4e:0a:ef:e9:87:ad:6a:a4:34:ae:d5:
         59:f1:5c:d9:3a:00:2e:20:41:9c:33:8f:e6:3f:b5:e6:d3:16:
         d4:f5:80:40:88:9f:ff:29:f1:13:8f:d6:4c:ef:ca:e8:16:60:
         5a:e1:ef:b6:29:74:26:c8:8b:bf:77:af:10:fb:40:f5:81:7c:
         d5:a2:51:f7:32:22:be:12:d3:f0:a2:e7:a9:c9:3f:68:3b:34:
         78:35:c9:49
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUZEk55StbiS+kEkfyklsIG2SJw5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA4MjMxMDQyMDZaFw0yNTA4MjIxMDQ3MDZaMDMxMTAvBgNV
BAMTKEY4MDIyODJBMEExMzFBM0NGQkRDQ0YwQTRDMjZENzM1NDg5RTgzRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3wYT+ZFf+8o/Kits4oJ2waHp/
OhUasB4p8dgjbGgeCeeN1ysqA2eS48PvgekexT4qfFO41EkK/ehBWJmaANgjwXnU
floiNydWiXpifZASN2t6gVqx+Byb5+N4aNPTp3ldVqRUTL0VnxY8ALGAB2XD0Clx
PemfByFj//R1/uFX2ZoDvDR3OI2L61j8eYrMlPaWFD7FErnF/32f3TWgrEWhHPfP
OFZoRhmkK4x9kLY3uK+yuhsBXzrA9veHtN4s+lZ87TZYojhEnkzLUcvS0Rp0DHkL
Kw+m76O0yKIlYtzm2pnj3lpSrr6i4HXwUw1JbAdI6WFmMs+SlM0TkllhnF+1AgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQU+AIoKgoTGjz73M8KTCbXNUieg+EwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzAz
MzMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAwG3kMA0GCSqGSIb3DQEBCwUAA4IBAQBklK47Dbg62R7f
zzlsV+VjZZ75RfSAiPFVJASKFALzxK1bYo0EXzlGSvZ+Xuq3tS34zoy/ECv9NIS8
aai8KZESCTjtr2R9ROWWj65Q35fDHrVWPruhjXaE0v13ZB7A/OK/uE33i4NbNbsT
1knIaQv2fL/qOc1+zuUTbqNTXsvQIarkloWEaFDmIVEdWA4/tI37WF7GKUpE1ipZ
f8Y8EwmAJJgLSN55Eq+FTgrv6YetaqQ0rtVZ8VzZOgAuIEGcM4/mP7Xm0xbU9YBA
iJ//KfETj9ZM78roFmBa4e+2KXQmyIu/d68Q+0D1gXzVolH3MiK+EtPwouepyT9o
OzR4NclJ
-----END CERTIFICATE-----