Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e20393439.roa
File:                     3139322e3130392e3232382e302f32342d3234203d3e20393439.roa (raw, json)
Hash identifier:          g69F1Ev96zCpUSmvFTCGMOL77gzbS8pVEzNe31Eeado=
Subject key identifier:   2E:51:D1:D8:A2:AA:BA:6A:3A:E1:CC:94:CC:B5:C9:68:35:CC:67:5E
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       2B61203D96F6743914A2DF2828F610DF1D4C21A2
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e20393439.roa
Signing time:             Fri 25 Jul 2025 10:52:37 +0000
ROA not before:           Fri 25 Jul 2025 10:47:37 +0000
ROA not after:            Fri 24 Jul 2026 10:52:37 +0000
asID:                     949
IP address blocks:        192.109.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 14:17:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:61:20:3d:96:f6:74:39:14:a2:df:28:28:f6:10:df:1d:4c:21:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Jul 25 10:47:37 2025 GMT
            Not After : Jul 24 10:52:37 2026 GMT
        Subject: CN=2E51D1D8A2AABA6A3AE1CC94CCB5C96835CC675E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a6:f9:84:da:d4:13:15:67:f6:8f:4f:e8:c6:
                    14:b8:b6:45:68:3d:95:22:3c:6d:4c:5c:46:c9:2d:
                    be:cf:81:00:3d:bc:dc:56:66:76:cc:f4:1a:af:58:
                    e4:51:45:5a:c6:99:c3:8a:56:98:4d:67:d9:a6:44:
                    91:12:70:43:25:d2:ac:b6:d9:70:9e:0d:c6:63:d7:
                    a6:34:09:1c:84:33:c8:ad:d5:4f:35:fc:7e:58:3d:
                    42:dc:da:4e:fe:7b:a2:a5:c6:f5:4e:cb:77:e2:bb:
                    86:49:70:21:5e:5a:2c:81:49:ac:e1:ca:5c:37:e3:
                    e1:7f:4e:b0:32:b5:b1:31:6a:c7:a4:14:79:41:93:
                    4d:ac:36:6a:66:c2:83:73:a7:22:df:8e:7e:7a:c9:
                    39:64:dc:17:3d:6a:59:4d:f0:6b:60:6a:bd:31:40:
                    9d:78:0b:95:bc:bf:e5:ed:58:6c:6b:2e:4b:69:5c:
                    81:84:88:68:21:c7:91:eb:b0:da:6b:5a:08:0a:8e:
                    63:ba:e4:76:f0:48:01:0a:56:85:f5:3e:6f:f1:fb:
                    66:c8:5a:f0:35:68:7f:a3:b9:84:79:68:24:23:8f:
                    de:70:13:f6:60:57:90:73:2a:bf:38:ef:5f:e0:c0:
                    b9:a9:b0:b5:c2:58:e7:3b:e7:b8:b1:e5:f7:7f:8b:
                    c5:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:51:D1:D8:A2:AA:BA:6A:3A:E1:CC:94:CC:B5:C9:68:35:CC:67:5E
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e20393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:17:53:86:80:ef:80:b6:e4:f4:94:26:13:29:00:f5:ee:13:
         b7:9b:d1:fe:a5:5a:aa:c2:a2:a3:2d:69:60:be:6e:f6:7d:ea:
         c1:2d:f2:bb:eb:18:d9:cf:34:de:43:6e:e5:9a:f3:86:5c:bd:
         32:7f:f1:7f:c6:c8:9c:62:ce:3d:e1:88:55:39:a1:fc:af:96:
         87:68:2e:28:42:8a:7e:37:16:6b:1f:a0:f6:f4:f2:da:19:a6:
         1a:2a:e4:1d:16:35:77:25:64:07:4a:87:4b:17:cb:7f:92:42:
         92:c8:13:ea:af:c6:6a:5a:94:86:79:db:97:50:89:c4:41:20:
         d1:53:c9:eb:70:e2:86:e3:1b:55:38:6c:75:19:38:bd:73:20:
         98:eb:d8:0e:78:b4:f2:6b:50:b6:06:64:bf:72:31:7f:3f:af:
         b5:c5:53:48:1a:97:0c:23:8c:82:12:4f:8d:3f:97:81:23:f1:
         82:32:7a:be:a3:94:45:6f:76:a0:08:9c:32:90:88:81:ce:e0:
         41:fc:63:1a:90:c5:f5:30:f2:45:12:4c:53:8f:71:2e:07:ac:
         08:12:40:58:e3:f8:8b:43:e9:99:b2:cb:3e:23:4b:a5:ca:55:
         10:b6:49:da:33:05:88:f5:e3:f9:6e:47:e3:e6:48:e1:c7:b8:
         f5:f7:4f:8a
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUK2EgPZb2dDkUot8oKPYQ3x1MIaIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA3MjUxMDQ3MzdaFw0yNjA3MjQxMDUyMzdaMDMxMTAvBgNV
BAMTKDJFNTFEMUQ4QTJBQUJBNkEzQUUxQ0M5NENDQjVDOTY4MzVDQzY3NUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1pvmE2tQTFWf2j0/oxhS4tkVo
PZUiPG1MXEbJLb7PgQA9vNxWZnbM9BqvWORRRVrGmcOKVphNZ9mmRJEScEMl0qy2
2XCeDcZj16Y0CRyEM8it1U81/H5YPULc2k7+e6KlxvVOy3fiu4ZJcCFeWiyBSazh
ylw34+F/TrAytbExasekFHlBk02sNmpmwoNzpyLfjn56yTlk3Bc9allN8Gtgar0x
QJ14C5W8v+XtWGxrLktpXIGEiGghx5HrsNprWggKjmO65HbwSAEKVoX1Pm/x+2bI
WvA1aH+juYR5aCQjj95wE/ZgV5BzKr8471/gwLmpsLXCWOc757ix5fd/i8UdAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQULlHR2KKqumo64cyUzLXJaDXMZ14wHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzQz
OS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAMBt5DANBgkqhkiG9w0BAQsFAAOCAQEAFBdThoDvgLbk9JQm
EykA9e4Tt5vR/qVaqsKioy1pYL5u9n3qwS3yu+sY2c803kNu5Zrzhly9Mn/xf8bI
nGLOPeGIVTmh/K+Wh2guKEKKfjcWax+g9vTy2hmmGirkHRY1dyVkB0qHSxfLf5JC
ksgT6q/GalqUhnnbl1CJxEEg0VPJ63DihuMbVThsdRk4vXMgmOvYDni08mtQtgZk
v3Ixfz+vtcVTSBqXDCOMghJPjT+XgSPxgjJ6vqOURW92oAicMpCIgc7gQfxjGpDF
9TDyRRJMU49xLgesCBJAWOP4i0PpmbLLPiNLpcpVELZJ2jMFiPXj+W5H4+ZI4ce4
9fdPig==
-----END CERTIFICATE-----