Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3232392e302f32342d3234203d3e20323130343239.roa
File:                     3139322e3130392e3232392e302f32342d3234203d3e20323130343239.roa (raw, json)
Hash identifier:          5a0UngYEht501YSlvXMuJ5/ZjnAln7eiCFJqXClv3zY=
Subject key identifier:   86:C7:C1:E1:80:39:AA:19:DE:60:CB:90:BF:6F:1C:EF:9B:10:3B:71
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       2D614A1807ADF8948F55F5D18B817777F243ED3B
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3232392e302f32342d3234203d3e20323130343239.roa
Signing time:             Mon 27 May 2024 12:47:05 +0000
ROA not before:           Mon 27 May 2024 12:42:05 +0000
ROA not after:            Mon 26 May 2025 12:47:05 +0000
asID:                     210429
IP address blocks:        192.109.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:61:4a:18:07:ad:f8:94:8f:55:f5:d1:8b:81:77:77:f2:43:ed:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: May 27 12:42:05 2024 GMT
            Not After : May 26 12:47:05 2025 GMT
        Subject: CN=86C7C1E18039AA19DE60CB90BF6F1CEF9B103B71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:33:30:6d:a3:b9:57:35:8a:0e:0e:ad:c9:da:
                    4e:dd:54:ef:8b:29:da:f9:b5:c2:cc:4c:19:d7:15:
                    ca:b5:e3:c6:dc:c7:12:97:f8:d8:c7:14:c1:f6:3d:
                    d3:c5:fa:57:40:b9:28:c7:3d:9d:82:0b:de:36:9c:
                    57:0d:5e:82:87:51:72:5b:0b:27:64:b4:88:33:da:
                    7d:05:df:3a:0c:b0:7f:e7:13:05:45:e5:1f:5e:20:
                    9e:0c:a5:fe:03:e6:9e:00:37:c2:eb:33:b1:e2:6c:
                    63:2d:06:e2:ce:62:33:74:8b:e0:d7:23:67:b8:4e:
                    2a:75:98:57:61:46:f3:c1:1b:1c:28:b3:6c:9c:a5:
                    7c:d1:b7:aa:a1:ff:fc:b9:3d:32:cc:fe:a2:e5:b2:
                    8c:37:ef:09:f3:4b:a0:91:10:0d:a6:06:9a:3e:6c:
                    f0:16:52:7d:00:39:6e:88:4b:26:bc:8a:96:23:6a:
                    cc:d6:f0:63:a2:38:12:4e:4c:ea:d2:b9:87:f2:20:
                    45:63:29:f6:33:8c:90:b6:a0:8b:27:a2:56:be:83:
                    6c:79:c5:ba:3b:48:23:68:68:5e:f5:0c:f6:c2:fc:
                    b9:f9:ea:33:0f:60:d0:a9:27:85:04:ee:7a:53:4c:
                    81:73:26:9a:8d:68:27:98:13:28:5e:8a:3f:26:13:
                    7b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:C7:C1:E1:80:39:AA:19:DE:60:CB:90:BF:6F:1C:EF:9B:10:3B:71
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3232392e302f32342d3234203d3e20323130343239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:8e:65:2e:d0:e8:48:bf:c8:16:39:20:2b:97:71:52:df:ea:
         e1:2d:3e:ce:09:74:0e:1f:f5:e5:09:f7:be:6b:1d:7a:c3:6f:
         53:e1:1d:e4:54:c5:a0:07:74:b0:e3:0a:03:02:cc:b1:4b:92:
         ca:33:a9:48:22:eb:0a:aa:36:12:6f:ec:3f:aa:26:57:bd:66:
         a3:0a:25:11:78:1d:8c:68:a4:a5:65:1d:26:1c:de:65:93:58:
         57:b9:0f:29:e1:8a:c1:39:b5:b2:f1:43:84:d6:dd:fc:e6:87:
         7a:f8:56:96:5a:53:2a:c3:b4:48:31:c3:8b:ae:e3:5c:77:f0:
         2f:20:4a:ef:fb:58:0c:22:72:5a:db:c6:ae:3c:ce:2a:66:51:
         81:41:1b:5d:97:b6:bd:52:01:4d:68:43:9b:49:b8:e4:8e:be:
         0b:b4:89:99:3d:41:b8:8d:54:a5:7c:39:bb:52:4c:4b:00:9a:
         3a:50:01:58:a5:93:c3:7f:6f:3b:86:a0:f7:c8:a4:02:eb:e5:
         b6:cd:7c:de:f6:31:a2:ea:46:57:0b:c8:45:f5:16:dc:4e:d9:
         fa:a3:8c:2f:31:5c:8d:85:3a:ff:fe:0e:ae:fc:98:89:56:74:
         b7:9d:77:c9:05:12:cd:ba:25:8c:c3:0f:d6:be:48:44:f7:50:
         c2:6c:14:1c
-----BEGIN CERTIFICATE-----
MIIEtjCCA56gAwIBAgIULWFKGAet+JSPVfXRi4F3d/JD7TswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNDA1MjcxMjQyMDVaFw0yNTA1MjYxMjQ3MDVaMDMxMTAvBgNV
BAMTKDg2QzdDMUUxODAzOUFBMTlERTYwQ0I5MEJGNkYxQ0VGOUIxMDNCNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNMzBto7lXNYoODq3J2k7dVO+L
Kdr5tcLMTBnXFcq148bcxxKX+NjHFMH2PdPF+ldAuSjHPZ2CC942nFcNXoKHUXJb
CydktIgz2n0F3zoMsH/nEwVF5R9eIJ4Mpf4D5p4AN8LrM7HibGMtBuLOYjN0i+DX
I2e4Tip1mFdhRvPBGxwos2ycpXzRt6qh//y5PTLM/qLlsow37wnzS6CREA2mBpo+
bPAWUn0AOW6ISya8ipYjaszW8GOiOBJOTOrSuYfyIEVjKfYzjJC2oIsnola+g2x5
xbo7SCNoaF71DPbC/Ln56jMPYNCpJ4UE7npTTIFzJpqNaCeYEyheij8mE3vtAgMB
AAGjggHAMIIBvDAdBgNVHQ4EFgQUhsfB4YA5qhneYMuQv28c75sQO3EwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMHIGCCsGAQUF
BwELBGYwZDBiBggrBgEFBQcwC4ZWcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzIzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEz
MDM0MzIzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAMBt5TANBgkqhkiG9w0BAQsFAAOCAQEANY5lLtDo
SL/IFjkgK5dxUt/q4S0+zgl0Dh/15Qn3vmsdesNvU+Ed5FTFoAd0sOMKAwLMsUuS
yjOpSCLrCqo2Em/sP6omV71mowolEXgdjGikpWUdJhzeZZNYV7kPKeGKwTm1svFD
hNbd/OaHevhWllpTKsO0SDHDi67jXHfwLyBK7/tYDCJyWtvGrjzOKmZRgUEbXZe2
vVIBTWhDm0m45I6+C7SJmT1BuI1UpXw5u1JMSwCaOlABWKWTw39vO4ag98ikAuvl
ts183vYxoupGVwvIRfUW3E7Z+qOMLzFcjYU6//4OrvyYiVZ0t513yQUSzboljMMP
1r5IRPdQwmwUHA==
-----END CERTIFICATE-----