Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232392e302f32342d3234203d3e20323130343239.roa
File:                     3139322e3130392e3232392e302f32342d3234203d3e20323130343239.roa (raw, json)
Hash identifier:          DOqQc8jvPlLC64Q0V3Lg9BLBkMZdwWjZDIQ16L7+8EA=
Subject key identifier:   C4:63:F9:A9:58:29:AA:AE:1D:15:4B:B5:68:A6:3A:2E:27:7D:1E:A7
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       3FF174E06747FCE4E216B7D447255176839B5964
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232392e302f32342d3234203d3e20323130343239.roa
Signing time:             Mon 28 Apr 2025 12:52:29 +0000
ROA not before:           Mon 28 Apr 2025 12:47:29 +0000
ROA not after:            Mon 27 Apr 2026 12:52:29 +0000
asID:                     210429
IP address blocks:        192.109.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:06:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:f1:74:e0:67:47:fc:e4:e2:16:b7:d4:47:25:51:76:83:9b:59:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Apr 28 12:47:29 2025 GMT
            Not After : Apr 27 12:52:29 2026 GMT
        Subject: CN=C463F9A95829AAAE1D154BB568A63A2E277D1EA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6f:d8:ae:fb:75:23:24:15:6b:20:a9:0d:c2:
                    27:19:31:a6:a7:83:15:7d:26:2a:8c:c3:8a:0a:0c:
                    94:e8:80:ab:22:ea:80:44:70:9b:f7:73:d1:c6:bf:
                    2d:ce:8b:e8:41:ea:58:52:11:5e:08:7c:62:31:69:
                    c0:f9:42:5b:f2:19:89:09:f5:5a:ba:1a:75:6a:e5:
                    b9:c9:e1:74:79:5b:fb:65:9b:b7:89:9b:34:2e:f4:
                    5a:26:05:c7:3b:16:85:8f:49:e4:89:45:ec:e3:8f:
                    07:11:ae:df:6e:89:aa:da:9f:6f:df:36:86:9a:40:
                    0c:ed:ec:c3:e6:e9:a4:74:d8:2f:f0:72:3a:06:9f:
                    aa:3b:8d:86:4d:fb:64:25:92:68:9b:16:31:7b:07:
                    1b:92:69:e0:30:c2:c2:23:d5:ba:20:01:a6:ca:be:
                    77:36:c8:44:e5:29:55:1b:a5:46:d6:34:33:59:ac:
                    ba:e9:a3:b9:ae:f7:8a:a8:d9:0d:64:54:71:92:9a:
                    e9:55:d2:3b:31:4e:05:f9:81:e1:2b:09:ba:2c:6c:
                    3a:a2:33:92:76:50:ff:7a:cc:27:fa:b1:37:a9:ef:
                    5d:91:b8:7d:76:40:b6:f8:84:c0:e3:d2:14:05:a7:
                    4e:4f:a7:ef:46:6a:61:b5:7a:55:e1:3b:a3:23:49:
                    b8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:63:F9:A9:58:29:AA:AE:1D:15:4B:B5:68:A6:3A:2E:27:7D:1E:A7
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232392e302f32342d3234203d3e20323130343239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d8:31:3d:0b:d7:08:5d:0d:72:2b:27:a3:11:3d:e9:05:4e:
         e1:47:43:1c:c5:55:2e:54:cb:cf:70:97:3f:59:9e:96:2b:87:
         d9:d1:ec:37:6e:54:13:8d:89:c0:2d:16:98:6f:b2:7f:b7:58:
         3e:86:e7:7f:c1:fa:99:10:ca:e2:d4:14:0a:4c:9d:0e:08:91:
         89:9a:0a:9e:e7:4c:b4:7d:01:6d:3d:9b:65:d6:5a:84:91:6f:
         4e:53:81:85:be:3f:a2:3a:cb:f8:86:9f:23:10:c5:af:e6:55:
         7d:f3:2e:e5:0a:9a:71:54:3c:b4:fe:e8:ae:1d:4e:0f:0d:15:
         67:3d:fd:8f:a8:d6:d6:56:a2:2b:7e:81:81:60:6d:d7:cb:21:
         4f:86:a9:25:18:c2:fd:73:7c:7e:11:67:df:3a:7e:ec:af:66:
         ee:68:dc:38:e3:f1:ab:f1:23:03:93:14:43:99:f1:ac:2a:cd:
         b4:86:22:e3:74:24:06:27:f7:b9:0e:da:88:8e:a5:07:0b:f7:
         93:10:b1:5e:32:fd:91:1c:2e:b2:46:a2:86:5d:b9:16:e5:5e:
         7a:59:50:25:df:ba:8b:bb:79:8a:91:77:06:78:e2:47:63:1e:
         20:ac:9c:71:9a:a4:5f:c7:a2:a1:76:e5:bb:63:a9:59:6a:fb:
         91:5d:44:97
-----BEGIN CERTIFICATE-----
MIIEtjCCA56gAwIBAgIUP/F04GdH/OTiFrfURyVRdoObWWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA0MjgxMjQ3MjlaFw0yNjA0MjcxMjUyMjlaMDMxMTAvBgNV
BAMTKEM0NjNGOUE5NTgyOUFBQUUxRDE1NEJCNTY4QTYzQTJFMjc3RDFFQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPb9iu+3UjJBVrIKkNwicZMaan
gxV9JiqMw4oKDJTogKsi6oBEcJv3c9HGvy3Oi+hB6lhSEV4IfGIxacD5QlvyGYkJ
9Vq6GnVq5bnJ4XR5W/tlm7eJmzQu9FomBcc7FoWPSeSJRezjjwcRrt9uiaran2/f
NoaaQAzt7MPm6aR02C/wcjoGn6o7jYZN+2QlkmibFjF7BxuSaeAwwsIj1bogAabK
vnc2yETlKVUbpUbWNDNZrLrpo7mu94qo2Q1kVHGSmulV0jsxTgX5geErCbosbDqi
M5J2UP96zCf6sTep712RuH12QLb4hMDj0hQFp05Pp+9GamG1elXhO6MjSbi7AgMB
AAGjggHAMIIBvDAdBgNVHQ4EFgQUxGP5qVgpqq4dFUu1aKY6Lid9HqcwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMHIGCCsGAQUF
BwELBGYwZDBiBggrBgEFBQcwC4ZWcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEz
MDM0MzIzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAMBt5TANBgkqhkiG9w0BAQsFAAOCAQEActgxPQvX
CF0NcisnoxE96QVO4UdDHMVVLlTLz3CXP1meliuH2dHsN25UE42JwC0WmG+yf7dY
Pobnf8H6mRDK4tQUCkydDgiRiZoKnudMtH0BbT2bZdZahJFvTlOBhb4/ojrL+Iaf
IxDFr+ZVffMu5QqacVQ8tP7orh1ODw0VZz39j6jW1laiK36BgWBt18shT4apJRjC
/XN8fhFn3zp+7K9m7mjcOOPxq/EjA5MUQ5nxrCrNtIYi43QkBif3uQ7aiI6lBwv3
kxCxXjL9kRwuskaihl25FuVeellQJd+6i7t5ipF3BnjiR2MeIKyccZqkX8eioXbl
u2OpWWr7kV1Elw==
-----END CERTIFICATE-----