Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa
File:                     3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa (raw, json)
Hash identifier:          kkpPd76ddlYfoJxzD41F3mtJIWNRESRyOQUu03qkbjI=
Subject key identifier:   2A:DE:34:25:5A:D3:56:E0:F2:62:38:B0:D2:7C:83:FA:99:1B:EB:D8
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       32EDC4B55569B791BDEE4DCE1C43F058F91A6359
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa
Signing time:             Wed 01 Nov 2023 08:51:17 +0000
ROA not before:           Wed 01 Nov 2023 08:46:17 +0000
ROA not after:            Wed 30 Oct 2024 08:51:17 +0000
asID:                     3214
IP address blocks:        192.109.228.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:ed:c4:b5:55:69:b7:91:bd:ee:4d:ce:1c:43:f0:58:f9:1a:63:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Nov  1 08:46:17 2023 GMT
            Not After : Oct 30 08:51:17 2024 GMT
        Subject: CN=2ADE34255AD356E0F26238B0D27C83FA991BEBD8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:72:c4:2c:72:55:b7:dd:5a:60:82:a1:73:27:
                    87:1e:e3:bc:bb:fb:ae:1f:cf:11:35:65:0d:bb:3f:
                    a4:1b:56:94:13:a2:1e:ac:90:fa:81:63:e7:a5:81:
                    5a:78:c5:39:ce:74:19:1a:2f:ea:5b:2c:db:d8:11:
                    81:2c:5c:f4:84:35:42:cf:2f:f1:b1:0b:f0:13:74:
                    42:68:c5:8f:41:89:fe:ed:4c:e3:68:7f:8d:d0:b5:
                    0f:48:45:b4:6a:29:1e:dc:89:3e:0a:b5:b2:df:c8:
                    0d:ce:fc:da:bb:e1:d4:d4:50:61:e1:4d:bb:13:a2:
                    bc:8b:8a:e7:54:61:81:94:9a:04:09:bb:5d:2c:25:
                    fd:bb:90:2d:76:a0:75:5c:b4:52:e1:03:f7:fe:96:
                    c7:eb:96:88:d8:94:5b:8e:46:69:cb:a5:02:ab:3d:
                    3c:73:0c:70:d4:dc:be:19:0d:a7:58:04:f4:f6:26:
                    3d:39:4b:3d:f0:d1:92:cb:e6:79:c0:7c:2d:9f:96:
                    27:bf:57:45:75:4a:77:db:34:f5:f6:3c:6d:a3:d7:
                    8c:3a:94:cb:2a:51:58:e0:3f:09:6a:de:78:07:4b:
                    71:80:51:37:f0:e9:f7:1c:fe:2e:e4:25:fe:e4:d3:
                    18:6a:e0:d4:7a:f4:42:87:af:03:57:5b:ae:ce:9b:
                    a5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:DE:34:25:5A:D3:56:E0:F2:62:38:B0:D2:7C:83:FA:99:1B:EB:D8
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:5f:b9:a9:6d:b6:98:82:4f:1d:b9:c7:63:2e:9e:4d:ab:28:
         bc:c6:70:06:85:d0:55:a9:ff:e8:76:ef:8e:97:04:d2:39:46:
         50:d9:ae:fe:51:bd:a7:0d:8c:57:1b:89:7b:65:e3:4e:51:df:
         50:f5:41:1a:27:68:e6:67:92:38:8c:de:d7:a5:52:9f:b5:b8:
         71:00:ce:ac:81:50:7b:e9:da:fa:15:d1:8a:a7:81:00:1a:0f:
         4d:ce:48:1d:ab:6f:3e:47:b2:93:0b:6e:c3:ba:cc:83:4d:42:
         9d:dd:2d:93:49:2d:36:65:23:c6:8a:85:de:6b:28:c7:e8:da:
         5b:02:74:83:9a:7e:4b:f9:3c:2c:60:84:56:b6:eb:26:0f:68:
         1f:dc:90:ac:b8:ff:d5:12:a8:93:27:6a:90:9a:25:d7:c3:5a:
         1d:eb:6e:ca:ea:3a:29:68:ea:be:26:59:be:37:54:0d:74:6f:
         18:fd:27:ea:e0:94:e8:18:c8:c8:f2:49:d9:93:ec:d6:85:1f:
         14:4a:d3:08:13:31:3c:92:d6:39:55:95:fd:e0:fb:4b:7f:23:
         cf:94:39:87:16:42:8b:d5:f6:2a:21:c2:ca:38:25:2c:30:15:
         50:7c:42:9f:c6:a7:5b:df:c1:f9:35:16:34:1c:7e:4d:28:ef:
         8c:bc:9d:25
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUMu3EtVVpt5G97k3OHEPwWPkaY1kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yMzExMDEwODQ2MTdaFw0yNDEwMzAwODUxMTdaMDMxMTAvBgNV
BAMTKDJBREUzNDI1NUFEMzU2RTBGMjYyMzhCMEQyN0M4M0ZBOTkxQkVCRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfcsQsclW33VpggqFzJ4ce47y7
+64fzxE1ZQ27P6QbVpQToh6skPqBY+elgVp4xTnOdBkaL+pbLNvYEYEsXPSENULP
L/GxC/ATdEJoxY9Bif7tTONof43QtQ9IRbRqKR7ciT4KtbLfyA3O/Nq74dTUUGHh
TbsToryLiudUYYGUmgQJu10sJf27kC12oHVctFLhA/f+lsfrlojYlFuORmnLpQKr
PTxzDHDU3L4ZDadYBPT2Jj05Sz3w0ZLL5nnAfC2flie/V0V1SnfbNPX2PG2j14w6
lMsqUVjgPwlq3ngHS3GAUTfw6fcc/i7kJf7k0xhq4NR69EKHrwNXW67Om6VBAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUKt40JVrTVuDyYjiw0nyD+pkb69gwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzODJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMzMzIz
MTM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAwG3kMA0GCSqGSIb3DQEBCwUAA4IBAQCVX7mpbbaYgk8d
ucdjLp5Nqyi8xnAGhdBVqf/odu+OlwTSOUZQ2a7+Ub2nDYxXG4l7ZeNOUd9Q9UEa
J2jmZ5I4jN7XpVKftbhxAM6sgVB76dr6FdGKp4EAGg9Nzkgdq28+R7KTC27DusyD
TUKd3S2TSS02ZSPGioXeayjH6NpbAnSDmn5L+TwsYIRWtusmD2gf3JCsuP/VEqiT
J2qQmiXXw1od627K6jopaOq+Jlm+N1QNdG8Y/Sfq4JToGMjI8knZk+zWhR8UStMI
EzE8ktY5VZX94PtLfyPPlDmHFkKL1fYqIcLKOCUsMBVQfEKfxqdb38H5NRY0HH5N
KO+MvJ0l
-----END CERTIFICATE-----