Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa
File:                     3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa (raw, json)
Hash identifier:          Tzs8QYf4S8NI+PAAfHho0C4MIykFVtHvDDy5CyYeil4=
Subject key identifier:   EB:06:25:2B:E5:88:40:88:8A:05:9E:3F:A2:78:E8:E4:AF:B8:13:70
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       5AEDCBB0C6A52CA0B6DBCB36A98196630BF37826
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa
Signing time:             Wed 03 Sep 2025 09:52:43 +0000
ROA not before:           Wed 03 Sep 2025 09:47:43 +0000
ROA not after:            Wed 02 Sep 2026 09:52:43 +0000
asID:                     3214
IP address blocks:        192.109.228.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:ed:cb:b0:c6:a5:2c:a0:b6:db:cb:36:a9:81:96:63:0b:f3:78:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Sep  3 09:47:43 2025 GMT
            Not After : Sep  2 09:52:43 2026 GMT
        Subject: CN=EB06252BE58840888A059E3FA278E8E4AFB81370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8b:30:c3:e4:9a:c5:85:57:6f:38:3d:cf:b9:
                    d8:a7:bf:b0:5b:50:d0:0e:d0:c2:53:64:9a:3d:1d:
                    59:e7:cb:50:d3:da:6f:18:28:9f:f7:42:67:c2:59:
                    03:ee:0c:e7:a7:24:a5:dc:29:b5:8a:0e:04:f6:bf:
                    11:8b:1e:b1:32:ed:91:e5:f2:c5:41:80:7a:c3:7c:
                    85:8c:fc:6e:24:0d:e7:ae:ec:2f:c6:b5:2a:6b:1d:
                    6f:62:90:57:84:99:a3:c2:94:7b:a8:c7:4b:e3:30:
                    2d:8e:bc:6f:e6:39:2d:60:09:60:33:ac:36:ff:8d:
                    35:39:5b:23:cb:dd:e9:9d:8c:fe:c1:f7:03:ca:fb:
                    2c:e1:ba:9a:42:4d:aa:3f:8f:9d:9b:2f:05:81:6f:
                    fa:20:eb:14:87:10:8f:90:8d:12:c6:09:7b:df:48:
                    5d:c0:55:04:c4:67:4e:d9:33:75:14:db:25:f1:22:
                    6d:3e:06:ca:6c:49:eb:21:b7:2c:c4:af:07:26:3a:
                    fa:63:f9:2c:ca:2f:77:44:9e:a1:80:76:68:b0:1e:
                    87:01:3e:86:0d:da:42:2b:c7:37:e6:5b:ef:75:24:
                    87:4d:3a:39:39:60:be:25:b3:4f:d3:56:e9:19:2b:
                    a0:89:ed:22:9b:fe:00:bc:55:c6:09:82:27:52:9a:
                    8a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:06:25:2B:E5:88:40:88:8A:05:9E:3F:A2:78:E8:E4:AF:B8:13:70
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:a3:78:bb:1e:44:41:e0:9b:5b:7c:8a:1f:92:c2:cc:89:65:
         12:5a:7e:3a:16:fa:9d:43:c2:d6:70:93:61:c5:69:28:48:c6:
         cb:9e:3d:59:8d:ea:ca:03:96:5d:4b:ce:ee:18:c9:7b:dc:a0:
         d7:55:76:29:79:e7:64:c4:a5:25:36:73:76:9c:9d:f6:93:92:
         ed:ea:23:e1:ab:30:98:fd:f2:92:3a:8b:ef:23:f9:63:6e:06:
         86:1e:70:06:90:65:90:7d:cb:24:20:83:cb:2c:d3:dc:5d:85:
         e4:f9:75:b2:61:16:cf:5a:50:ce:6f:54:73:95:60:7d:57:f9:
         81:cc:9a:d7:86:23:1a:6a:2c:67:9d:ed:ea:96:94:50:bc:90:
         07:1b:0f:61:73:88:71:d1:68:3a:ed:b1:74:95:53:6a:42:96:
         f5:fd:b5:14:71:07:9f:9d:4a:6c:dd:6a:2d:23:95:8a:9e:d6:
         13:16:2f:3c:1d:8f:fe:31:83:99:f0:30:da:be:84:ba:07:a8:
         b8:55:a8:7c:f4:69:1b:f5:12:c0:02:f6:55:0a:c4:58:a3:8c:
         30:ac:b4:78:58:d8:f7:18:60:7b:70:0e:3a:96:df:1f:f0:3e:
         09:46:7f:ea:b1:b8:4f:de:e8:3f:a9:04:34:6a:9b:6c:97:0d:
         4a:93:49:78
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUWu3LsMalLKC228s2qYGWYwvzeCYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA5MDMwOTQ3NDNaFw0yNjA5MDIwOTUyNDNaMDMxMTAvBgNV
BAMTKEVCMDYyNTJCRTU4ODQwODg4QTA1OUUzRkEyNzhFOEU0QUZCODEzNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3izDD5JrFhVdvOD3Pudinv7Bb
UNAO0MJTZJo9HVnny1DT2m8YKJ/3QmfCWQPuDOenJKXcKbWKDgT2vxGLHrEy7ZHl
8sVBgHrDfIWM/G4kDeeu7C/GtSprHW9ikFeEmaPClHuox0vjMC2OvG/mOS1gCWAz
rDb/jTU5WyPL3emdjP7B9wPK+yzhuppCTao/j52bLwWBb/og6xSHEI+QjRLGCXvf
SF3AVQTEZ07ZM3UU2yXxIm0+BspsSeshtyzErwcmOvpj+SzKL3dEnqGAdmiwHocB
PoYN2kIrxzfmW+91JIdNOjk5YL4ls0/TVukZK6CJ7SKb/gC8VcYJgidSmopFAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQU6wYlK+WIQIiKBZ4/onjo5K+4E3AwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzODJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMzMzIz
MTM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAwG3kMA0GCSqGSIb3DQEBCwUAA4IBAQBxo3i7HkRB4Jtb
fIofksLMiWUSWn46FvqdQ8LWcJNhxWkoSMbLnj1ZjerKA5ZdS87uGMl73KDXVXYp
eedkxKUlNnN2nJ32k5Lt6iPhqzCY/fKSOovvI/ljbgaGHnAGkGWQfcskIIPLLNPc
XYXk+XWyYRbPWlDOb1RzlWB9V/mBzJrXhiMaaixnne3qlpRQvJAHGw9hc4hx0Wg6
7bF0lVNqQpb1/bUUcQefnUps3WotI5WKntYTFi88HY/+MYOZ8DDavoS6B6i4Vah8
9Gkb9RLAAvZVCsRYo4wwrLR4WNj3GGB7cA46lt8f8D4JRn/qsbhP3ug/qQQ0apts
lw1Kk0l4
-----END CERTIFICATE-----