Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/37/38352e3139332e37382e302f32342d3234203d3e20313937373330.roa
File:                     38352e3139332e37382e302f32342d3234203d3e20313937373330.roa (raw, json)
Hash identifier:          +uQwS2sIiIw5Nag1eIOK6jhQ8L/KtwZkpaaxkqKEIhI=
Subject key identifier:   EA:1A:C4:4E:8D:BC:FB:01:42:28:BE:B0:E0:A0:31:3B:A5:82:2D:D4
Certificate issuer:       /CN=c8af62a54d23ce118fceb4a95e614c0b1df60351
Certificate serial:       3DD7A983E09A9C827247A5DFC816AC59C1EA989D
Authority key identifier: C8:AF:62:A5:4D:23:CE:11:8F:CE:B4:A9:5E:61:4C:0B:1D:F6:03:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer
Subject info access:      rsync://0.sb/repo/sb/37/38352e3139332e37382e302f32342d3234203d3e20313937373330.roa
Signing time:             Tue 05 Nov 2024 05:51:44 +0000
ROA not before:           Tue 05 Nov 2024 05:46:44 +0000
ROA not after:            Tue 04 Nov 2025 05:51:44 +0000
asID:                     197730
IP address blocks:        85.193.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.crl
                          rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:d7:a9:83:e0:9a:9c:82:72:47:a5:df:c8:16:ac:59:c1:ea:98:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8af62a54d23ce118fceb4a95e614c0b1df60351
        Validity
            Not Before: Nov  5 05:46:44 2024 GMT
            Not After : Nov  4 05:51:44 2025 GMT
        Subject: CN=EA1AC44E8DBCFB014228BEB0E0A0313BA5822DD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:7c:4d:69:55:fc:3c:2d:a1:ac:0c:a3:ad:56:
                    d8:8a:6d:ea:83:13:58:20:ad:9b:11:b1:5d:1a:81:
                    fa:db:ae:df:d5:89:71:41:a8:d7:91:76:b6:e6:41:
                    a9:07:67:46:48:74:2d:59:3a:91:4f:1e:b9:7b:3e:
                    ee:4d:56:9f:32:67:04:2e:69:96:e4:43:aa:5f:14:
                    81:31:8b:8d:6c:67:49:15:cb:aa:ff:96:cf:a4:20:
                    29:63:de:39:7a:3d:25:f7:04:ac:3c:fc:f3:1a:1b:
                    7e:1b:90:30:8d:93:09:e7:5d:28:52:a1:6c:b9:c5:
                    d5:1d:ff:ea:46:52:9e:5b:ea:ef:24:ca:a2:ff:f1:
                    8e:18:f4:5e:aa:e5:a2:23:53:26:46:08:c0:de:55:
                    71:c3:d6:72:1b:9a:c3:e5:66:eb:3e:de:fc:0b:8e:
                    ef:dd:af:cb:63:f4:d6:83:f8:51:ac:89:9e:50:57:
                    8d:68:34:b1:a6:25:0f:d2:34:23:5e:2b:bf:50:1c:
                    78:91:5d:8d:88:0d:8d:4f:9b:5d:4e:5c:e2:2f:d7:
                    33:bc:96:d4:d9:a8:22:67:d4:36:2c:7a:3b:51:aa:
                    6a:c2:50:7d:48:ee:28:a1:96:e9:7a:b3:c2:41:9e:
                    f6:8d:36:b8:ec:ff:4d:9b:74:15:eb:b8:15:6a:8c:
                    0c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:1A:C4:4E:8D:BC:FB:01:42:28:BE:B0:E0:A0:31:3B:A5:82:2D:D4
            X509v3 Authority Key Identifier:
                keyid:C8:AF:62:A5:4D:23:CE:11:8F:CE:B4:A9:5E:61:4C:0B:1D:F6:03:51

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/37/C8AF62A54D23CE118FCEB4A95E614C0B1DF60351.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yK9ipU0jzhGPzrSpXmFMCx32A1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/37/38352e3139332e37382e302f32342d3234203d3e20313937373330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.193.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:e8:13:a4:cb:3f:1b:f1:9e:31:60:30:c5:b5:98:47:65:77:
         0a:4c:85:ae:4c:f6:2c:7b:f8:7f:5b:24:d8:64:8a:c2:84:1e:
         31:d4:b6:bd:a9:4b:8e:47:51:1a:46:3c:07:b9:83:13:21:01:
         cf:6c:31:7d:f5:a1:b7:d0:ba:05:d6:14:96:78:c7:11:93:e1:
         f8:c2:70:7d:a5:ec:e8:14:28:f1:98:04:4c:e5:13:1c:3b:7a:
         18:69:ce:b8:e7:b1:ed:51:b7:6e:d0:c3:5e:a6:62:58:dc:38:
         ff:ef:a2:ed:5f:46:ca:b0:18:ed:a7:7d:e2:8d:c0:82:de:de:
         8b:ba:48:0a:6f:8c:06:47:b8:15:3f:60:e5:5d:89:72:97:5a:
         6c:0b:49:86:e1:d8:61:ad:a3:e4:1b:c4:84:99:3d:7d:97:17:
         06:1b:c4:97:46:f4:43:0b:f9:d6:c6:02:a1:5b:39:fb:25:53:
         1c:59:c6:d4:86:25:37:d9:33:b6:69:16:d7:1c:34:86:d7:c8:
         62:eb:0e:67:fd:35:1d:97:13:2b:12:9f:be:5e:a6:e5:55:ae:
         0e:94:8b:41:c6:2f:57:c2:da:b8:f3:e8:8a:08:ec:ba:20:82:
         89:33:e4:40:0c:6e:50:f6:7a:d7:5f:a7:6e:f9:fa:c9:72:c4:
         83:53:33:96
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUPdepg+CanIJyR6XfyBasWcHqmJ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzhhZjYyYTU0ZDIzY2UxMThmY2ViNGE5NWU2MTRjMGIx
ZGY2MDM1MTAeFw0yNDExMDUwNTQ2NDRaFw0yNTExMDQwNTUxNDRaMDMxMTAvBgNV
BAMTKEVBMUFDNDRFOERCQ0ZCMDE0MjI4QkVCMEUwQTAzMTNCQTU4MjJERDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDefE1pVfw8LaGsDKOtVtiKbeqD
E1ggrZsRsV0agfrbrt/ViXFBqNeRdrbmQakHZ0ZIdC1ZOpFPHrl7Pu5NVp8yZwQu
aZbkQ6pfFIExi41sZ0kVy6r/ls+kIClj3jl6PSX3BKw8/PMaG34bkDCNkwnnXShS
oWy5xdUd/+pGUp5b6u8kyqL/8Y4Y9F6q5aIjUyZGCMDeVXHD1nIbmsPlZus+3vwL
ju/dr8tj9NaD+FGsiZ5QV41oNLGmJQ/SNCNeK79QHHiRXY2IDY1Pm11OXOIv1zO8
ltTZqCJn1DYsejtRqmrCUH1I7iihlul6s8JBnvaNNrjs/02bdBXruBVqjAwDAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQU6hrETo28+wFCKL6w4KAxO6WCLdQwHwYDVR0j
BBgwFoAUyK9ipU0jzhGPzrSpXmFMCx32A1EwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzM3L0M4QUY2MkE1NEQy
M0NFMTE4RkNFQjRBOTVFNjE0QzBCMURGNjAzNTEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC95SzlpcFUwanpoR1B6clNwWG1GTUN4MzJBMUUuY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzcvMzgz
NTJlMzEzOTMzMmUzNzM4MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzOTM3Mzcz
MzMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAVcFOMA0GCSqGSIb3DQEBCwUAA4IBAQA06BOkyz8b8Z4x
YDDFtZhHZXcKTIWuTPYse/h/WyTYZIrChB4x1La9qUuOR1EaRjwHuYMTIQHPbDF9
9aG30LoF1hSWeMcRk+H4wnB9pezoFCjxmARM5RMcO3oYac6457HtUbdu0MNepmJY
3Dj/76LtX0bKsBjtp33ijcCC3t6LukgKb4wGR7gVP2DlXYlyl1psC0mG4dhhraPk
G8SEmT19lxcGG8SXRvRDC/nWxgKhWzn7JVMcWcbUhiU32TO2aRbXHDSG18hi6w5n
/TUdlxMrEp++XqblVa4OlItBxi9Xwtq48+iKCOy6IIKJM+RADG5Q9nrXX6du+frJ
csSDUzOW
-----END CERTIFICATE-----