Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e20393439.roa
File:                     3139322e3130392e3232382e302f32342d3234203d3e20393439.roa (raw, json)
Hash identifier:          39IKNFsAZCczkyoynXrtw48Z2ovQEC7XdMp1mjVvkfg=
Subject key identifier:   19:97:11:E7:F6:71:18:81:DD:A2:ED:2B:43:19:47:9B:44:D7:E5:C4
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       10B7B15E58A8BAA636240C5FE91F78ECFC3B7A6B
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e20393439.roa
Signing time:             Fri 23 Aug 2024 10:47:06 +0000
ROA not before:           Fri 23 Aug 2024 10:42:06 +0000
ROA not after:            Fri 22 Aug 2025 10:47:06 +0000
asID:                     949
IP address blocks:        192.109.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:b7:b1:5e:58:a8:ba:a6:36:24:0c:5f:e9:1f:78:ec:fc:3b:7a:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Aug 23 10:42:06 2024 GMT
            Not After : Aug 22 10:47:06 2025 GMT
        Subject: CN=199711E7F6711881DDA2ED2B4319479B44D7E5C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:72:6c:e6:f7:24:a3:da:01:0b:be:2f:b3:82:
                    1b:21:40:fe:30:89:94:e3:25:cc:c4:47:72:27:d2:
                    d9:23:06:d7:34:5d:82:0a:78:ba:20:19:42:2a:8f:
                    34:a0:87:70:5f:59:bd:14:30:f0:a4:54:27:3e:a0:
                    29:ec:1c:c8:6d:6e:da:54:a9:f7:22:66:b4:f0:1b:
                    15:07:a9:f2:82:16:fd:f4:c9:7f:a5:c2:26:99:f9:
                    b8:38:65:f4:83:04:6f:ea:49:69:3a:d2:e6:ea:0d:
                    3b:4f:c4:cc:2a:0d:bf:c8:6c:09:dc:bd:eb:ac:e6:
                    9a:96:60:88:7d:5d:be:87:2c:73:d9:bb:01:11:8d:
                    c5:d9:8b:32:65:22:09:f3:13:27:a0:b6:79:d0:ee:
                    5e:97:92:8e:91:a0:de:74:f3:d4:00:e1:77:05:ce:
                    be:fd:42:24:2c:40:a8:e3:a1:01:8f:d6:26:78:de:
                    5f:25:5f:a3:02:a0:00:b8:d9:03:8f:5c:a4:b6:8a:
                    24:0c:67:1e:6a:e9:2f:92:b0:fe:42:e7:ae:33:3a:
                    0d:e5:ef:f1:62:a2:c9:86:15:19:18:74:91:2d:91:
                    25:eb:4e:52:0e:2a:96:c9:aa:ca:d6:53:ef:09:3f:
                    ad:fb:a9:f0:d3:4c:28:9e:c9:b9:49:16:6f:a1:20:
                    19:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:97:11:E7:F6:71:18:81:DD:A2:ED:2B:43:19:47:9B:44:D7:E5:C4
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3234203d3e20393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:56:82:31:e8:0d:85:96:49:d0:c7:5e:88:c2:f7:33:63:c3:
         da:99:fa:1d:f5:91:cc:e4:bf:69:10:ae:98:e4:61:bd:62:47:
         dc:66:3b:ab:54:1a:55:f4:c9:39:a7:bb:6e:58:1e:58:fe:59:
         15:ec:24:3b:95:fd:63:df:d3:54:06:78:55:87:79:37:7f:3f:
         dc:69:00:19:e8:17:af:a4:30:d1:1b:52:d8:f0:ea:2b:41:02:
         77:62:03:77:a6:49:26:18:76:90:b2:7f:80:08:72:6e:81:30:
         1e:68:68:3e:6c:2f:da:4f:bd:cd:c2:fc:d5:35:7b:b1:86:b9:
         d6:73:7d:2a:6e:96:be:4d:d7:e1:0d:19:48:4b:87:34:83:ab:
         88:ab:e9:82:10:28:dc:9a:4b:e4:73:e7:c3:ec:c2:af:48:0b:
         ec:0e:8d:cf:2a:e3:03:95:78:6f:67:6d:37:06:87:42:23:0f:
         a5:32:a4:5e:37:42:82:36:f0:29:89:dd:48:7c:20:d7:87:5e:
         6d:59:9e:da:58:2b:64:18:dd:10:ed:89:f1:71:7e:a7:ec:64:
         e3:66:43:ce:f6:e6:29:2b:bc:98:9d:53:4f:80:35:11:34:48:
         08:33:b6:25:06:65:1a:50:e0:3d:b5:88:8f:20:2d:01:02:19:
         92:5d:33:d9
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUELexXliouqY2JAxf6R947Pw7emswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA4MjMxMDQyMDZaFw0yNTA4MjIxMDQ3MDZaMDMxMTAvBgNV
BAMTKDE5OTcxMUU3RjY3MTE4ODFEREEyRUQyQjQzMTk0NzlCNDREN0U1QzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTcmzm9ySj2gELvi+zghshQP4w
iZTjJczER3In0tkjBtc0XYIKeLogGUIqjzSgh3BfWb0UMPCkVCc+oCnsHMhtbtpU
qfciZrTwGxUHqfKCFv30yX+lwiaZ+bg4ZfSDBG/qSWk60ubqDTtPxMwqDb/IbAnc
veus5pqWYIh9Xb6HLHPZuwERjcXZizJlIgnzEyegtnnQ7l6Xko6RoN5089QA4XcF
zr79QiQsQKjjoQGP1iZ43l8lX6MCoAC42QOPXKS2iiQMZx5q6S+SsP5C564zOg3l
7/FiosmGFRkYdJEtkSXrTlIOKpbJqsrWU+8JP637qfDTTCieyblJFm+hIBkHAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUGZcR5/ZxGIHdou0rQxlHm0TX5cQwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzQz
OS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAMBt5DANBgkqhkiG9w0BAQsFAAOCAQEAUlaCMegNhZZJ0Mde
iML3M2PD2pn6HfWRzOS/aRCumORhvWJH3GY7q1QaVfTJOae7blgeWP5ZFewkO5X9
Y9/TVAZ4VYd5N38/3GkAGegXr6Qw0RtS2PDqK0ECd2IDd6ZJJhh2kLJ/gAhyboEw
HmhoPmwv2k+9zcL81TV7sYa51nN9Km6Wvk3X4Q0ZSEuHNIOriKvpghAo3JpL5HPn
w+zCr0gL7A6NzyrjA5V4b2dtNwaHQiMPpTKkXjdCgjbwKYndSHwg14debVme2lgr
ZBjdEO2J8XF+p+xk42ZDzvbmKSu8mJ1TT4A1ETRICDO2JQZlGlDgPbWIjyAtAQIZ
kl0z2Q==
-----END CERTIFICATE-----