Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa
File:                     3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa (raw, json)
Hash identifier:          k4yfaaTSTRT80PfOkldTUrSLfYigyBhr4fcEmhfO8eE=
Subject key identifier:   31:0C:31:F8:30:FD:EF:3A:A3:2E:0C:AC:20:D0:A7:DA:44:A4:85:A6
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       08B8A55D8B6F8595D987E5C88103E87C01B43CAD
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa
Signing time:             Wed 02 Oct 2024 09:00:54 +0000
ROA not before:           Wed 02 Oct 2024 08:55:54 +0000
ROA not after:            Wed 01 Oct 2025 09:00:54 +0000
asID:                     3214
IP address blocks:        192.109.228.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:b8:a5:5d:8b:6f:85:95:d9:87:e5:c8:81:03:e8:7c:01:b4:3c:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Oct  2 08:55:54 2024 GMT
            Not After : Oct  1 09:00:54 2025 GMT
        Subject: CN=310C31F830FDEF3AA32E0CAC20D0A7DA44A485A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:40:f6:ae:d8:ce:8c:75:b0:6e:20:a9:62:5c:
                    62:b5:a3:71:69:f5:57:ed:d7:91:4f:73:60:48:0f:
                    b8:a3:f2:95:12:0b:85:1b:3c:40:3a:42:e4:16:50:
                    08:c3:f0:c9:51:93:46:bb:6e:2c:34:50:d3:ab:19:
                    1a:2a:7b:81:47:dc:22:9e:33:0c:e7:90:48:70:be:
                    40:63:e2:b8:df:df:aa:7d:d3:a8:14:d6:50:ae:ff:
                    c0:d0:f4:ca:3d:c3:82:4b:73:51:85:5a:27:8f:af:
                    c4:54:5a:26:79:b4:a6:ff:f7:6f:0e:51:53:f9:06:
                    1c:01:70:e0:a5:de:77:11:dd:fd:5a:e4:4c:bf:6d:
                    a1:b4:fd:bf:d1:85:1a:46:6a:eb:1c:4b:e4:3d:88:
                    cf:b3:2b:c2:d7:ba:d6:83:2f:20:f7:82:f2:2f:68:
                    a0:c8:00:be:fb:1b:9c:8e:c1:81:57:b2:20:69:d1:
                    36:b5:c7:27:7e:a5:9e:48:1e:1e:28:78:4d:a4:67:
                    d5:e6:bd:97:a6:49:4f:eb:62:7c:29:fa:2d:76:63:
                    cf:07:c5:a3:8f:17:e4:e2:13:08:87:3e:0b:37:8d:
                    41:92:c7:68:47:12:05:8d:9e:74:f7:0d:27:a2:fd:
                    6c:8e:c1:8b:af:17:ef:ac:1e:39:d3:b6:20:8d:47:
                    1e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:0C:31:F8:30:FD:EF:3A:A3:2E:0C:AC:20:D0:A7:DA:44:A4:85:A6
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232382e302f32342d3332203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:08:f9:d8:68:e4:bd:a5:64:fa:8e:86:90:48:f5:e4:91:f7:
         3e:a8:66:d7:2b:ac:00:b1:09:d5:de:44:20:26:73:79:46:48:
         78:b3:27:02:9a:11:f8:99:12:e7:82:e3:fd:68:6d:13:5e:de:
         98:78:6f:e7:65:c7:00:53:e3:66:ae:dd:0e:b8:29:6b:74:b1:
         59:d5:0f:f7:a9:5f:dc:7b:29:30:0f:5f:14:65:2c:f5:a0:8d:
         8c:cc:52:10:d9:7b:37:b0:51:2a:f8:87:6c:9b:e9:d7:41:b3:
         2d:06:a8:7b:47:16:ad:c7:74:b8:4d:67:a8:13:1a:8b:4a:e7:
         04:4c:55:a4:23:13:79:d0:bb:87:b0:a8:00:84:9d:cb:b1:b6:
         71:0c:c4:41:f1:16:21:74:37:8d:dc:be:78:14:1f:84:89:1f:
         29:29:0e:e3:f4:3b:14:eb:4f:55:ed:a5:38:2c:86:80:f9:d0:
         f2:09:0d:4d:50:79:ec:04:fe:cf:76:82:24:68:e5:1f:6d:d7:
         88:ec:d2:cb:5e:e7:02:14:57:61:3e:37:18:22:ba:73:aa:2f:
         9d:b7:f2:bc:4c:dd:75:38:29:8a:af:bb:93:9d:f2:94:41:f4:
         a8:17:0e:30:23:07:80:e3:48:71:6a:35:b7:e5:cf:d6:c8:84:
         52:a9:24:c4
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUCLilXYtvhZXZh+XIgQPofAG0PK0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDEwMDIwODU1NTRaFw0yNTEwMDEwOTAwNTRaMDMxMTAvBgNV
BAMTKDMxMEMzMUY4MzBGREVGM0FBMzJFMENBQzIwRDBBN0RBNDRBNDg1QTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0QPau2M6MdbBuIKliXGK1o3Fp
9Vft15FPc2BID7ij8pUSC4UbPEA6QuQWUAjD8MlRk0a7biw0UNOrGRoqe4FH3CKe
MwznkEhwvkBj4rjf36p906gU1lCu/8DQ9Mo9w4JLc1GFWiePr8RUWiZ5tKb/928O
UVP5BhwBcOCl3ncR3f1a5Ey/baG0/b/RhRpGauscS+Q9iM+zK8LXutaDLyD3gvIv
aKDIAL77G5yOwYFXsiBp0Ta1xyd+pZ5IHh4oeE2kZ9XmvZemSU/rYnwp+i12Y88H
xaOPF+TiEwiHPgs3jUGSx2hHEgWNnnT3DSei/WyOwYuvF++sHjnTtiCNRx4rAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUMQwx+DD97zqjLgysINCn2kSkhaYwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzODJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMzMzIz
MTM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAwG3kMA0GCSqGSIb3DQEBCwUAA4IBAQAHCPnYaOS9pWT6
joaQSPXkkfc+qGbXK6wAsQnV3kQgJnN5Rkh4sycCmhH4mRLnguP9aG0TXt6YeG/n
ZccAU+Nmrt0OuClrdLFZ1Q/3qV/ceykwD18UZSz1oI2MzFIQ2Xs3sFEq+Idsm+nX
QbMtBqh7Rxatx3S4TWeoExqLSucETFWkIxN50LuHsKgAhJ3LsbZxDMRB8RYhdDeN
3L54FB+EiR8pKQ7j9DsU609V7aU4LIaA+dDyCQ1NUHnsBP7PdoIkaOUfbdeI7NLL
XucCFFdhPjcYIrpzqi+dt/K8TN11OCmKr7uTnfKUQfSoFw4wIweA40hxajW35c/W
yIRSqSTE
-----END CERTIFICATE-----