Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/35/39312e3232302e32352e302f32342d3234203d3e203136353039.roa
File:                     39312e3232302e32352e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          iZ8jsPvXD/HekWt0D2ZvsD43rIXxMvo+7vo1MRvUy7A=
Subject key identifier:   41:4C:D6:51:70:6B:2A:F4:AE:79:BA:91:BF:5D:55:6F:9D:DB:DA:49
Certificate issuer:       /CN=3507d47ee4e97f6bfd3ac4ce07bf99c0554c9a4b
Certificate serial:       13ECAEBDACEBFE6F73CFF8D7531BA6E8A87391F9
Authority key identifier: 35:07:D4:7E:E4:E9:7F:6B:FD:3A:C4:CE:07:BF:99:C0:55:4C:9A:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer
Subject info access:      rsync://0.sb/repo/sb/35/39312e3232302e32352e302f32342d3234203d3e203136353039.roa
Signing time:             Tue 05 Nov 2024 06:51:47 +0000
ROA not before:           Tue 05 Nov 2024 06:46:47 +0000
ROA not after:            Tue 04 Nov 2025 06:51:47 +0000
asID:                     16509
IP address blocks:        91.220.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.crl
                          rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ec:ae:bd:ac:eb:fe:6f:73:cf:f8:d7:53:1b:a6:e8:a8:73:91:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3507d47ee4e97f6bfd3ac4ce07bf99c0554c9a4b
        Validity
            Not Before: Nov  5 06:46:47 2024 GMT
            Not After : Nov  4 06:51:47 2025 GMT
        Subject: CN=414CD651706B2AF4AE79BA91BF5D556F9DDBDA49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3d:9f:68:82:3a:f1:e8:fc:fd:56:4a:c4:2c:
                    12:77:9c:88:0e:de:f1:25:18:4a:d2:e0:c0:b6:77:
                    01:b4:13:69:de:c0:91:d1:fd:1c:3d:cc:05:d5:71:
                    95:fd:37:5c:6e:53:e1:28:08:bc:54:6b:b0:89:4d:
                    ba:f2:93:12:ec:9f:34:6a:9f:e7:c5:f4:4a:42:ba:
                    31:10:4e:e3:68:a4:52:8f:18:90:06:5a:c8:6c:10:
                    f3:77:3b:07:b2:0a:fd:1d:82:88:4b:48:81:7e:7e:
                    c5:2c:95:5f:b6:75:bd:ca:3c:09:a6:dc:c9:ff:bb:
                    0c:bd:94:9b:9a:11:b1:43:05:30:41:67:5d:0c:f3:
                    76:75:10:73:69:46:ad:15:5a:f5:79:33:74:45:ef:
                    5e:8d:09:91:f8:eb:2d:08:91:27:b5:78:fc:b6:c1:
                    75:45:e1:45:9e:da:76:f8:9e:76:e6:14:4e:16:18:
                    5e:fa:f6:b4:2e:fc:91:32:ed:98:02:f7:2e:b5:89:
                    ee:b7:35:95:ee:78:2a:51:d7:f3:a9:a4:79:14:0d:
                    de:bc:3f:57:a6:35:c4:cc:83:52:25:42:7e:78:62:
                    41:46:37:5a:85:d5:ea:5a:15:45:47:70:b1:1d:3b:
                    f7:68:a1:00:5e:98:0b:62:c4:64:25:a7:af:86:f7:
                    4b:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:4C:D6:51:70:6B:2A:F4:AE:79:BA:91:BF:5D:55:6F:9D:DB:DA:49
            X509v3 Authority Key Identifier:
                keyid:35:07:D4:7E:E4:E9:7F:6B:FD:3A:C4:CE:07:BF:99:C0:55:4C:9A:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/35/39312e3232302e32352e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:dd:b4:34:5d:33:ef:4e:37:2b:8f:1e:92:40:65:d3:9b:9e:
         2f:8d:d6:24:cc:4d:7c:4e:bf:a9:41:f6:f2:c8:25:a6:b1:08:
         44:b5:8a:37:82:6e:b2:24:91:13:df:d3:75:c5:d7:13:88:86:
         8b:6a:d5:c7:39:1c:82:9c:a1:94:e9:27:7d:98:7b:c6:aa:ed:
         c4:39:d5:96:5a:e8:6e:31:83:31:34:88:1a:d2:0e:06:b3:46:
         29:ff:2c:74:e4:b5:60:85:b5:f7:59:47:4a:3c:c3:be:f9:0b:
         36:4f:cd:a3:60:db:92:2f:b7:7c:87:5e:1e:8d:27:ea:37:0e:
         9c:19:9c:0a:aa:84:52:a8:40:48:fc:ae:61:66:ec:ee:0c:b8:
         3a:4d:b6:59:75:aa:b3:cb:47:b5:d9:3d:5b:05:6d:19:5a:7a:
         8e:2e:35:22:2a:32:aa:f1:6e:ce:af:15:30:ec:7d:9a:11:45:
         36:9d:6a:65:f3:7a:22:c7:c6:65:89:56:80:1b:8e:69:15:b5:
         5a:78:20:62:9e:8a:bd:2f:0d:ec:12:3c:eb:0e:fa:f6:d0:76:
         f8:18:35:9e:75:0a:1f:d9:d7:7a:1e:3c:e2:e5:35:09:da:47:
         ad:6a:8a:96:41:3c:5d:2c:57:e8:19:2c:12:f2:83:90:5b:e7:
         3f:22:1f:80
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUE+yuvazr/m9zz/jXUxum6KhzkfkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzUwN2Q0N2VlNGU5N2Y2YmZkM2FjNGNlMDdiZjk5YzA1
NTRjOWE0YjAeFw0yNDExMDUwNjQ2NDdaFw0yNTExMDQwNjUxNDdaMDMxMTAvBgNV
BAMTKDQxNENENjUxNzA2QjJBRjRBRTc5QkE5MUJGNUQ1NTZGOUREQkRBNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBPZ9ogjrx6Pz9VkrELBJ3nIgO
3vElGErS4MC2dwG0E2newJHR/Rw9zAXVcZX9N1xuU+EoCLxUa7CJTbrykxLsnzRq
n+fF9EpCujEQTuNopFKPGJAGWshsEPN3OweyCv0dgohLSIF+fsUslV+2db3KPAmm
3Mn/uwy9lJuaEbFDBTBBZ10M83Z1EHNpRq0VWvV5M3RF716NCZH46y0IkSe1ePy2
wXVF4UWe2nb4nnbmFE4WGF769rQu/JEy7ZgC9y61ie63NZXueCpR1/OppHkUDd68
P1emNcTMg1IlQn54YkFGN1qF1epaFUVHcLEdO/dooQBemAtixGQlp6+G90sVAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUQUzWUXBrKvSuebqRv11Vb53b2kkwHwYDVR0j
BBgwFoAUNQfUfuTpf2v9OsTOB7+ZwFVMmkswDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzM1LzM1MDdENDdFRTRF
OTdGNkJGRDNBQzRDRTA3QkY5OUMwNTU0QzlBNEIuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9OUWZVZnVUcGYydjlPc1RPQjctWndGVk1ta3MuY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzUvMzkz
MTJlMzIzMjMwMmUzMjM1MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjM1MzAz
OS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFvcGTANBgkqhkiG9w0BAQsFAAOCAQEAY920NF0z7043K48e
kkBl05ueL43WJMxNfE6/qUH28sglprEIRLWKN4JusiSRE9/TdcXXE4iGi2rVxzkc
gpyhlOknfZh7xqrtxDnVllrobjGDMTSIGtIOBrNGKf8sdOS1YIW191lHSjzDvvkL
Nk/No2Dbki+3fIdeHo0n6jcOnBmcCqqEUqhASPyuYWbs7gy4Ok22WXWqs8tHtdk9
WwVtGVp6ji41IioyqvFuzq8VMOx9mhFFNp1qZfN6IsfGZYlWgBuOaRW1WnggYp6K
vS8N7BI86w769tB2+Bg1nnUKH9nXeh484uU1CdpHrWqKlkE8XSxX6BksEvKDkFvn
PyIfgA==
-----END CERTIFICATE-----