Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/36/3139342e3134372e3232312e302f32342d3234203d3e20323130343239.roa
File:                     3139342e3134372e3232312e302f32342d3234203d3e20323130343239.roa (raw, json)
Hash identifier:          70PBrxq6AMNHr+7pOkFxHSOWkH18eivt70brzKv4hBM=
Subject key identifier:   F0:3F:42:F8:31:84:D2:36:86:60:A3:66:BA:A2:A7:1D:3F:67:FD:F7
Certificate issuer:       /CN=ac5bba86b1774a4e57f47fc2fe0b378d465d2344
Certificate serial:       106C5320C109812FA452BA9892A63890254849BF
Authority key identifier: AC:5B:BA:86:B1:77:4A:4E:57:F4:7F:C2:FE:0B:37:8D:46:5D:23:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rFu6hrF3Sk5X9H_C_gs3jUZdI0Q.cer
Subject info access:      rsync://0.sb/repo/sb/36/3139342e3134372e3232312e302f32342d3234203d3e20323130343239.roa
Signing time:             Mon 29 Apr 2024 10:46:54 +0000
ROA not before:           Mon 29 Apr 2024 10:41:54 +0000
ROA not after:            Mon 28 Apr 2025 10:46:54 +0000
asID:                     210429
IP address blocks:        194.147.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/36/AC5BBA86B1774A4E57F47FC2FE0B378D465D2344.crl
                          rsync://0.sb/repo/sb/36/AC5BBA86B1774A4E57F47FC2FE0B378D465D2344.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rFu6hrF3Sk5X9H_C_gs3jUZdI0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:6c:53:20:c1:09:81:2f:a4:52:ba:98:92:a6:38:90:25:48:49:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac5bba86b1774a4e57f47fc2fe0b378d465d2344
        Validity
            Not Before: Apr 29 10:41:54 2024 GMT
            Not After : Apr 28 10:46:54 2025 GMT
        Subject: CN=F03F42F83184D2368660A366BAA2A71D3F67FDF7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fd:48:8e:4d:5f:af:3a:d9:c9:38:ce:35:29:
                    8c:75:06:ac:b6:7c:1f:96:88:6e:cb:2d:79:14:e2:
                    d8:f1:13:7f:29:a8:56:84:9f:cc:61:2e:9c:6a:fa:
                    1f:35:19:73:ac:e8:d6:43:ac:e5:19:a6:a8:6c:4e:
                    08:b5:b5:f2:e8:0c:de:40:be:7d:8b:a9:50:b2:a8:
                    72:b1:e7:9c:a2:8a:49:73:12:4c:e5:34:b3:68:cc:
                    61:6d:2e:46:96:61:a9:55:5d:33:4c:8e:61:f4:60:
                    70:55:70:69:52:df:c0:4e:59:1a:56:fc:be:5d:40:
                    12:dc:b8:85:36:c2:35:8b:9f:f6:b9:e4:41:ef:5d:
                    4a:76:c8:8f:b5:85:d8:e7:f7:eb:58:7e:ab:d1:51:
                    63:58:9f:23:7d:41:df:95:82:ca:24:a2:04:b8:b5:
                    a3:d8:a8:80:5b:65:c0:0c:4a:d4:17:3b:e4:54:71:
                    26:87:2c:23:39:8a:9a:60:85:04:51:2c:82:5e:d4:
                    14:0e:ab:91:c8:8a:8c:af:ea:54:b1:e8:54:ce:6e:
                    1d:c2:69:94:18:e7:1f:46:1b:16:1d:47:46:46:cc:
                    ae:64:30:50:45:d8:43:3e:bc:b7:82:c1:bd:70:fe:
                    31:00:df:e5:7d:79:cb:c1:b0:80:a7:99:cd:98:5e:
                    fd:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:3F:42:F8:31:84:D2:36:86:60:A3:66:BA:A2:A7:1D:3F:67:FD:F7
            X509v3 Authority Key Identifier:
                keyid:AC:5B:BA:86:B1:77:4A:4E:57:F4:7F:C2:FE:0B:37:8D:46:5D:23:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/36/AC5BBA86B1774A4E57F47FC2FE0B378D465D2344.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rFu6hrF3Sk5X9H_C_gs3jUZdI0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/36/3139342e3134372e3232312e302f32342d3234203d3e20323130343239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:0f:f6:c6:4f:c2:25:6d:99:d3:dc:8b:b5:7c:db:7e:ac:bb:
         2a:38:d6:f3:c9:df:97:8e:6e:a6:b7:4b:a4:a0:68:96:ca:e0:
         75:74:8e:d6:ee:7d:58:e7:06:6d:99:62:2b:48:26:c3:44:c2:
         6e:a9:83:8e:b2:1b:c6:75:7f:be:0d:88:3f:1a:c9:3c:e5:68:
         e5:ff:88:ff:3e:9b:01:54:6a:b0:c8:1c:af:83:39:8a:e3:31:
         34:ef:ab:e2:38:9c:e2:27:4a:6b:bc:5d:67:91:4c:47:d4:07:
         88:ba:83:ba:22:51:06:02:8a:4e:9b:c5:b8:dd:ed:83:16:4d:
         94:9d:03:19:f8:9f:0a:fb:52:86:9c:11:0e:cb:f3:b0:be:5d:
         01:41:2a:3d:c7:97:79:78:35:1c:ad:0d:f6:99:11:24:f9:0d:
         b9:9a:0d:29:4f:a6:b3:96:c5:21:be:63:03:79:db:02:16:ce:
         82:4d:cd:09:c7:38:62:a0:48:39:fc:79:24:1d:d7:e5:b6:69:
         bd:0d:28:bb:2c:ed:ff:f9:25:42:24:ec:5d:f2:11:43:94:9a:
         70:af:5f:e9:18:30:d8:46:49:33:9b:82:0d:16:19:4c:bf:71:
         27:78:4c:d0:b7:eb:a6:26:b9:57:a8:16:23:5b:bb:71:a5:e6:
         19:c3:0e:79
-----BEGIN CERTIFICATE-----
MIIEtjCCA56gAwIBAgIUEGxTIMEJgS+kUrqYkqY4kCVISb8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWM1YmJhODZiMTc3NGE0ZTU3ZjQ3ZmMyZmUwYjM3OGQ0
NjVkMjM0NDAeFw0yNDA0MjkxMDQxNTRaFw0yNTA0MjgxMDQ2NTRaMDMxMTAvBgNV
BAMTKEYwM0Y0MkY4MzE4NEQyMzY4NjYwQTM2NkJBQTJBNzFEM0Y2N0ZERjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw/UiOTV+vOtnJOM41KYx1Bqy2
fB+WiG7LLXkU4tjxE38pqFaEn8xhLpxq+h81GXOs6NZDrOUZpqhsTgi1tfLoDN5A
vn2LqVCyqHKx55yiiklzEkzlNLNozGFtLkaWYalVXTNMjmH0YHBVcGlS38BOWRpW
/L5dQBLcuIU2wjWLn/a55EHvXUp2yI+1hdjn9+tYfqvRUWNYnyN9Qd+VgsokogS4
taPYqIBbZcAMStQXO+RUcSaHLCM5ippghQRRLIJe1BQOq5HIioyv6lSx6FTObh3C
aZQY5x9GGxYdR0ZGzK5kMFBF2EM+vLeCwb1w/jEA3+V9ecvBsICnmc2YXv1nAgMB
AAGjggHAMIIBvDAdBgNVHQ4EFgQU8D9C+DGE0jaGYKNmuqKnHT9n/fcwHwYDVR0j
BBgwFoAUrFu6hrF3Sk5X9H/C/gs3jUZdI0QwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzM2L0FDNUJCQTg2QjE3
NzRBNEU1N0Y0N0ZDMkZFMEIzNzhENDY1RDIzNDQuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9yRnU2aHJGM1NrNVg5SF9DX2dzM2pVWmRJMFEuY2VyMHIGCCsGAQUF
BwELBGYwZDBiBggrBgEFBQcwC4ZWcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzYvMzEz
OTM0MmUzMTM0MzcyZTMyMzIzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEz
MDM0MzIzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAMKT3TANBgkqhkiG9w0BAQsFAAOCAQEAoA/2xk/C
JW2Z09yLtXzbfqy7KjjW88nfl45uprdLpKBolsrgdXSO1u59WOcGbZliK0gmw0TC
bqmDjrIbxnV/vg2IPxrJPOVo5f+I/z6bAVRqsMgcr4M5iuMxNO+r4jic4idKa7xd
Z5FMR9QHiLqDuiJRBgKKTpvFuN3tgxZNlJ0DGfifCvtShpwRDsvzsL5dAUEqPceX
eXg1HK0N9pkRJPkNuZoNKU+ms5bFIb5jA3nbAhbOgk3NCcc4YqBIOfx5JB3X5bZp
vQ0ouyzt//klQiTsXfIRQ5SacK9f6Rgw2EZJM5uCDRYZTL9xJ3hM0Lfrpia5V6gW
I1u7caXmGcMOeQ==
-----END CERTIFICATE-----