Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232392e302f32342d3234203d3e20313937373330.roa
File:                     3139322e3130392e3232392e302f32342d3234203d3e20313937373330.roa (raw, json)
Hash identifier:          Lz9kI5JRD9RqyCfffC63WhxIJ19Ker2xUD8I7J7+JLg=
Subject key identifier:   7D:F9:45:E9:CC:2A:A0:C0:FF:32:CE:A3:C9:53:2A:01:25:BC:79:83
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       3D91FDB585A7461F0A1E17AD207E210C16ACE5BA
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232392e302f32342d3234203d3e20313937373330.roa
Signing time:             Thu 05 Jun 2025 06:52:30 +0000
ROA not before:           Thu 05 Jun 2025 06:47:30 +0000
ROA not after:            Thu 04 Jun 2026 06:52:30 +0000
asID:                     197730
IP address blocks:        192.109.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:06:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:91:fd:b5:85:a7:46:1f:0a:1e:17:ad:20:7e:21:0c:16:ac:e5:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Jun  5 06:47:30 2025 GMT
            Not After : Jun  4 06:52:30 2026 GMT
        Subject: CN=7DF945E9CC2AA0C0FF32CEA3C9532A0125BC7983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:db:94:21:2c:49:f8:05:4a:36:1d:b4:6b:2c:
                    a9:b3:fe:65:46:1f:2a:75:ce:0d:28:17:13:2c:e7:
                    0b:83:5d:d3:9a:a8:69:7f:0f:4b:a1:93:47:fc:46:
                    03:95:f4:cb:22:03:11:88:c3:41:b0:8c:06:b1:4b:
                    15:4f:72:1f:94:70:27:c1:4b:8e:db:61:1f:89:dc:
                    47:3c:01:30:58:18:ea:2a:7f:e5:e9:a0:24:c3:40:
                    f5:72:4c:c2:0f:7e:91:a9:a1:94:3c:b7:4b:ff:b4:
                    c1:74:7e:1b:b7:ea:67:36:84:8c:80:45:1a:32:3c:
                    e4:20:9d:e3:fd:dc:c3:cc:5c:80:cf:5a:af:8e:6d:
                    c2:23:b8:82:4a:1e:6b:1b:63:5a:f8:fe:80:6f:1d:
                    15:4c:3a:17:22:4c:e8:e2:de:6c:54:25:72:7c:4e:
                    8f:94:ab:30:27:ba:ca:10:a1:27:1f:72:93:16:60:
                    d3:f8:3c:8e:64:36:86:a5:b7:d2:34:9e:9a:1a:84:
                    14:eb:a3:9b:cf:fd:70:8e:9f:fc:44:4b:48:46:54:
                    4f:3d:f2:83:60:a5:ee:28:cc:38:8b:64:48:36:10:
                    b7:92:16:af:d2:1d:ca:ea:b8:3a:d6:ce:56:ae:0e:
                    b2:06:ce:8b:d4:04:94:33:a8:73:2e:d5:0e:c6:09:
                    d7:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F9:45:E9:CC:2A:A0:C0:FF:32:CE:A3:C9:53:2A:01:25:BC:79:83
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232392e302f32342d3234203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:fd:45:1d:77:f2:16:c2:22:9a:1a:53:22:9f:3a:63:10:0f:
         6a:ce:e8:c0:06:85:72:97:5d:d4:63:3e:c8:4f:9c:ae:57:28:
         de:c4:2f:95:10:99:66:00:0c:01:3d:a4:c8:9a:50:0f:68:24:
         db:a9:04:85:a3:fe:50:4e:9f:8e:ac:45:75:a2:82:f7:54:70:
         c1:10:0a:69:a7:bf:74:43:43:a5:a0:53:ab:17:db:e6:56:6e:
         3b:90:42:64:61:43:5c:c2:0b:03:2c:ac:77:54:1f:bd:ac:3d:
         c5:e2:a5:ba:67:4e:b2:e9:43:d8:c5:6c:0b:f1:b5:90:99:ed:
         55:03:2d:76:f0:eb:99:9e:2f:48:e8:01:10:b6:03:e8:02:4c:
         b0:b3:98:c3:a0:a3:8f:e0:65:c2:08:28:d6:3a:aa:75:aa:79:
         aa:f8:54:6c:65:59:9b:88:86:61:c7:23:ed:49:56:b9:84:05:
         9a:aa:a7:d8:1f:26:e3:6e:32:6e:da:7a:fd:aa:27:8e:9e:96:
         12:8f:d4:89:64:d2:6f:e7:39:b6:99:8e:ba:f7:f1:b0:d8:ea:
         f3:b8:78:ba:ab:92:63:7e:4e:96:05:05:68:4b:71:3f:c9:06:
         14:5f:96:b3:f9:48:05:29:29:08:04:02:07:01:eb:40:c1:12:
         dc:74:5f:4b
-----BEGIN CERTIFICATE-----
MIIEtjCCA56gAwIBAgIUPZH9tYWnRh8KHhetIH4hDBas5bowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA2MDUwNjQ3MzBaFw0yNjA2MDQwNjUyMzBaMDMxMTAvBgNV
BAMTKDdERjk0NUU5Q0MyQUEwQzBGRjMyQ0VBM0M5NTMyQTAxMjVCQzc5ODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV25QhLEn4BUo2HbRrLKmz/mVG
Hyp1zg0oFxMs5wuDXdOaqGl/D0uhk0f8RgOV9MsiAxGIw0GwjAaxSxVPch+UcCfB
S47bYR+J3Ec8ATBYGOoqf+XpoCTDQPVyTMIPfpGpoZQ8t0v/tMF0fhu36mc2hIyA
RRoyPOQgneP93MPMXIDPWq+ObcIjuIJKHmsbY1r4/oBvHRVMOhciTOji3mxUJXJ8
To+UqzAnusoQoScfcpMWYNP4PI5kNoalt9I0npoahBTro5vP/XCOn/xES0hGVE89
8oNgpe4ozDiLZEg2ELeSFq/SHcrquDrWzlauDrIGzovUBJQzqHMu1Q7GCdflAgMB
AAGjggHAMIIBvDAdBgNVHQ4EFgQUfflF6cwqoMD/Ms6jyVMqASW8eYMwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMHIGCCsGAQUF
BwELBGYwZDBiBggrBgEFBQcwC4ZWcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzkz
NzM3MzMzMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAMBt5TANBgkqhkiG9w0BAQsFAAOCAQEACP1FHXfy
FsIimhpTIp86YxAPas7owAaFcpdd1GM+yE+crlco3sQvlRCZZgAMAT2kyJpQD2gk
26kEhaP+UE6fjqxFdaKC91RwwRAKaae/dENDpaBTqxfb5lZuO5BCZGFDXMILAyys
d1Qfvaw9xeKlumdOsulD2MVsC/G1kJntVQMtdvDrmZ4vSOgBELYD6AJMsLOYw6Cj
j+Blwggo1jqqdap5qvhUbGVZm4iGYccj7UlWuYQFmqqn2B8m424ybtp6/aonjp6W
Eo/UiWTSb+c5tpmOuvfxsNjq87h4uquSY35OlgUFaEtxP8kGFF+Ws/lIBSkpCAQC
BwHrQMES3HRfSw==
-----END CERTIFICATE-----