Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/35/39312e3232302e32352e302f32342d3234203d3e20313937373330.roa
File:                     39312e3232302e32352e302f32342d3234203d3e20313937373330.roa (raw, json)
Hash identifier:          h1bFqOyn4Ckbfc/LcTkQK9G+cN9y+iCf6TJsPy510FU=
Subject key identifier:   1E:98:DF:D9:81:DA:8A:A8:4A:EE:0E:53:2A:73:D0:8D:F0:26:C3:DA
Certificate issuer:       /CN=3507d47ee4e97f6bfd3ac4ce07bf99c0554c9a4b
Certificate serial:       441F8C6A85C3BAF446E037DBA7BB4D21333CFD25
Authority key identifier: 35:07:D4:7E:E4:E9:7F:6B:FD:3A:C4:CE:07:BF:99:C0:55:4C:9A:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer
Subject info access:      rsync://0.sb/repo/sb/35/39312e3232302e32352e302f32342d3234203d3e20313937373330.roa
Signing time:             Tue 05 Nov 2024 05:51:44 +0000
ROA not before:           Tue 05 Nov 2024 05:46:44 +0000
ROA not after:            Tue 04 Nov 2025 05:51:44 +0000
asID:                     197730
IP address blocks:        91.220.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.crl
                          rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:1f:8c:6a:85:c3:ba:f4:46:e0:37:db:a7:bb:4d:21:33:3c:fd:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3507d47ee4e97f6bfd3ac4ce07bf99c0554c9a4b
        Validity
            Not Before: Nov  5 05:46:44 2024 GMT
            Not After : Nov  4 05:51:44 2025 GMT
        Subject: CN=1E98DFD981DA8AA84AEE0E532A73D08DF026C3DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8d:2e:d4:78:c8:89:fd:63:18:a7:cd:d3:02:
                    c6:df:7c:14:c6:e6:cd:31:6d:95:d8:2b:c7:31:43:
                    7f:cb:9e:13:38:54:09:93:6b:3e:56:80:d2:00:99:
                    0f:ce:fa:50:cf:8a:23:fb:57:37:b5:8d:d1:c9:ba:
                    df:20:99:76:46:e3:90:aa:cf:43:95:fc:e9:e2:7e:
                    3f:12:98:62:41:72:3d:b2:ed:8b:14:95:a9:e7:80:
                    2f:3b:36:ac:fb:ae:d7:62:f5:bb:f0:86:7e:e7:b2:
                    f2:5f:9a:0c:a5:2f:b0:8b:57:15:8d:5d:f0:5d:8f:
                    62:de:95:ad:1a:e7:60:3f:4d:ae:eb:11:f0:14:e6:
                    ad:50:8e:e6:02:1f:c0:6b:2f:fd:3c:f0:2b:71:f6:
                    1f:16:f0:14:06:eb:5c:fc:d2:da:03:17:0e:a2:c9:
                    6c:5c:cc:e3:eb:6f:b9:5d:1a:76:b2:46:20:b9:62:
                    c2:29:cf:a7:d9:f8:48:8c:73:c7:2e:6c:2c:4b:90:
                    f7:a9:59:22:dd:c1:bb:b9:0f:84:a5:71:ab:a7:89:
                    22:3c:c9:92:2c:98:0a:64:0a:75:be:86:d1:52:9e:
                    81:01:0d:9f:96:4d:07:cc:6e:15:c4:a8:25:e9:7b:
                    d6:67:66:e3:4b:3c:19:bb:21:35:81:7e:e6:1e:fa:
                    3e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:98:DF:D9:81:DA:8A:A8:4A:EE:0E:53:2A:73:D0:8D:F0:26:C3:DA
            X509v3 Authority Key Identifier:
                keyid:35:07:D4:7E:E4:E9:7F:6B:FD:3A:C4:CE:07:BF:99:C0:55:4C:9A:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/35/3507D47EE4E97F6BFD3AC4CE07BF99C0554C9A4B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NQfUfuTpf2v9OsTOB7-ZwFVMmks.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/35/39312e3232302e32352e302f32342d3234203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:af:cd:47:68:5d:ad:d6:e3:b9:ca:83:b7:84:ce:3d:aa:52:
         e2:09:a7:45:e7:e1:39:db:ec:ea:dc:f8:f5:df:56:33:22:fb:
         0e:ce:da:45:fd:50:ad:9e:da:4b:8b:b3:7b:58:b4:e4:16:dc:
         e0:6a:c7:59:1b:4b:8f:29:8f:66:90:2c:e1:5a:31:f6:9e:79:
         12:43:6a:49:28:16:36:32:c3:07:cf:0f:5f:ef:84:4f:1a:d7:
         51:5b:cf:cb:ee:ff:ca:c7:d9:c5:47:62:dd:ea:63:9d:b0:77:
         0c:ad:63:4b:d7:84:89:3a:5a:1d:b6:bb:38:6a:6f:c3:01:ce:
         14:26:63:d3:c7:dc:59:89:aa:07:5c:35:55:78:da:9f:8e:32:
         c4:d8:c8:40:fc:b5:d5:ac:a6:1b:ce:a9:c2:c2:e0:e2:8f:e6:
         56:19:03:c5:f1:b4:8b:cc:8f:22:fd:b2:52:ab:3e:8a:ae:64:
         59:ef:39:87:8e:89:dc:8c:b7:e7:a9:51:bb:44:c7:ab:da:0c:
         49:5d:c7:68:b8:c2:4e:c3:cb:27:7b:18:22:49:34:3d:61:c6:
         c9:72:a6:f7:2f:e0:29:20:ff:85:73:d3:55:37:17:8f:60:7a:
         a0:8d:58:46:d9:fe:2d:ba:48:63:9a:3f:a4:42:ef:ed:d5:08:
         27:05:ee:7d
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIURB+MaoXDuvRG4Dfbp7tNITM8/SUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzUwN2Q0N2VlNGU5N2Y2YmZkM2FjNGNlMDdiZjk5YzA1
NTRjOWE0YjAeFw0yNDExMDUwNTQ2NDRaFw0yNTExMDQwNTUxNDRaMDMxMTAvBgNV
BAMTKDFFOThERkQ5ODFEQThBQTg0QUVFMEU1MzJBNzNEMDhERjAyNkMzREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBjS7UeMiJ/WMYp83TAsbffBTG
5s0xbZXYK8cxQ3/LnhM4VAmTaz5WgNIAmQ/O+lDPiiP7Vze1jdHJut8gmXZG45Cq
z0OV/Onifj8SmGJBcj2y7YsUlanngC87Nqz7rtdi9bvwhn7nsvJfmgylL7CLVxWN
XfBdj2Lela0a52A/Ta7rEfAU5q1QjuYCH8BrL/088Ctx9h8W8BQG61z80toDFw6i
yWxczOPrb7ldGnayRiC5YsIpz6fZ+EiMc8cubCxLkPepWSLdwbu5D4SlcauniSI8
yZIsmApkCnW+htFSnoEBDZ+WTQfMbhXEqCXpe9ZnZuNLPBm7ITWBfuYe+j5FAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQUHpjf2YHaiqhK7g5TKnPQjfAmw9owHwYDVR0j
BBgwFoAUNQfUfuTpf2v9OsTOB7+ZwFVMmkswDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzM1LzM1MDdENDdFRTRF
OTdGNkJGRDNBQzRDRTA3QkY5OUMwNTU0QzlBNEIuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9OUWZVZnVUcGYydjlPc1RPQjctWndGVk1ta3MuY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzUvMzkz
MTJlMzIzMjMwMmUzMjM1MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzOTM3Mzcz
MzMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAW9wZMA0GCSqGSIb3DQEBCwUAA4IBAQCNr81HaF2t1uO5
yoO3hM49qlLiCadF5+E52+zq3Pj131YzIvsOztpF/VCtntpLi7N7WLTkFtzgasdZ
G0uPKY9mkCzhWjH2nnkSQ2pJKBY2MsMHzw9f74RPGtdRW8/L7v/Kx9nFR2Ld6mOd
sHcMrWNL14SJOlodtrs4am/DAc4UJmPTx9xZiaoHXDVVeNqfjjLE2MhA/LXVrKYb
zqnCwuDij+ZWGQPF8bSLzI8i/bJSqz6KrmRZ7zmHjoncjLfnqVG7RMer2gxJXcdo
uMJOw8snexgiSTQ9YcbJcqb3L+ApIP+Fc9NVNxePYHqgjVhG2f4tukhjmj+kQu/t
1QgnBe59
-----END CERTIFICATE-----