Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e2033323538.roa
File:                     3139322e3130392e3233332e302f32342d3234203d3e2033323538.roa (raw, json)
Hash identifier:          lu2qQ/uMqwun3wXZryP+XIAoquEGSbhzizIUIitO7nw=
Subject key identifier:   E3:07:92:85:EC:9B:ED:49:58:CF:CB:ED:2F:49:54:8E:21:EA:9E:BF
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       474ED9A34DACB6357BBC3C3B121698144CCEC8C6
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e2033323538.roa
Signing time:             Fri 11 Apr 2025 08:52:20 +0000
ROA not before:           Fri 11 Apr 2025 08:47:20 +0000
ROA not after:            Fri 10 Apr 2026 08:52:20 +0000
asID:                     3258
IP address blocks:        192.109.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:4e:d9:a3:4d:ac:b6:35:7b:bc:3c:3b:12:16:98:14:4c:ce:c8:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Apr 11 08:47:20 2025 GMT
            Not After : Apr 10 08:52:20 2026 GMT
        Subject: CN=E3079285EC9BED4958CFCBED2F49548E21EA9EBF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:88:4a:36:44:d2:42:72:63:3f:a3:c2:6a:7c:
                    88:2b:d7:30:37:2d:be:26:1e:ab:cf:00:68:03:40:
                    ac:a5:4a:09:29:6a:66:e2:29:fe:6e:8f:45:ca:bb:
                    b5:a1:9e:57:a7:d4:df:b1:76:9f:b7:95:a7:6f:43:
                    61:3e:6f:62:6c:1c:f0:8d:9f:13:8c:d1:b3:bd:32:
                    9e:21:b8:5d:40:c9:76:3e:c8:08:62:c8:1c:14:16:
                    b2:6d:40:8f:90:d6:4c:6e:91:88:2f:e5:e1:10:f3:
                    4f:8d:af:4e:c0:de:ff:b9:31:d1:ba:b3:81:dd:03:
                    d1:50:1d:60:63:ef:30:64:d2:9f:e6:b9:22:8a:6f:
                    33:11:05:65:66:56:4b:8b:90:37:e4:e2:d8:a9:35:
                    b9:7d:f3:0d:29:13:98:6d:49:63:2e:a0:8f:29:27:
                    9f:ca:c4:3e:0a:a7:4a:68:8b:30:6e:f0:74:b0:e0:
                    f1:31:08:39:60:7f:6a:e9:ed:56:c2:0d:85:31:eb:
                    6a:38:40:86:d0:57:5f:99:15:08:b3:a3:b6:06:01:
                    dd:01:13:39:16:7a:e2:b1:bf:c0:45:12:4c:65:74:
                    7a:0c:08:64:43:c8:5f:53:d3:b2:07:eb:e4:8a:87:
                    b3:5b:a6:c3:b8:5d:f9:da:fc:93:98:d3:87:7b:97:
                    06:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:07:92:85:EC:9B:ED:49:58:CF:CB:ED:2F:49:54:8E:21:EA:9E:BF
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e2033323538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:9f:f9:10:bb:01:dc:ac:52:15:53:4b:8b:d8:49:68:9a:57:
         d1:91:71:f9:9a:4d:d8:75:34:a7:36:9f:80:ab:a6:ca:0c:ee:
         05:02:9c:62:a4:8a:f0:44:e9:ac:46:30:f2:c4:ef:f9:33:e5:
         73:73:1a:cb:a0:a9:94:e5:ad:1b:76:e2:1a:90:e6:2a:61:7f:
         6c:71:6a:1f:e3:da:84:55:0a:2a:07:60:97:79:29:04:d3:1a:
         7b:21:ca:06:5c:54:51:7b:5c:db:5b:3e:b3:2d:33:27:a6:a6:
         f0:57:c9:8c:8f:ee:9a:f2:91:1b:3c:b9:54:d2:99:2f:79:ca:
         6f:3d:30:3c:be:cc:f1:b4:74:36:90:8c:4f:7b:64:d1:38:a0:
         b1:6e:2f:aa:f7:81:a8:13:03:75:e4:64:e9:4f:11:b8:3f:55:
         a3:d5:9d:2a:e0:b2:3f:c2:44:01:da:54:93:f3:68:b6:ab:07:
         98:71:dc:3e:cb:8d:47:08:db:f3:da:78:7d:4e:23:20:e7:37:
         5c:23:78:8b:f5:ff:d4:91:ff:b6:63:a0:18:4f:02:53:7e:7c:
         7d:8a:30:43:1a:a9:07:d4:f5:92:73:f8:8d:a9:aa:5a:a2:aa:
         6a:fa:cd:f0:02:ac:dd:0b:25:41:0f:08:ae:d8:65:5c:78:8a:
         c1:9c:d4:e6
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIUR07Zo02stjV7vDw7EhaYFEzOyMYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA0MTEwODQ3MjBaFw0yNjA0MTAwODUyMjBaMDMxMTAvBgNV
BAMTKEUzMDc5Mjg1RUM5QkVENDk1OENGQ0JFRDJGNDk1NDhFMjFFQTlFQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNiEo2RNJCcmM/o8JqfIgr1zA3
Lb4mHqvPAGgDQKylSgkpambiKf5uj0XKu7Whnlen1N+xdp+3ladvQ2E+b2JsHPCN
nxOM0bO9Mp4huF1AyXY+yAhiyBwUFrJtQI+Q1kxukYgv5eEQ80+Nr07A3v+5MdG6
s4HdA9FQHWBj7zBk0p/muSKKbzMRBWVmVkuLkDfk4tipNbl98w0pE5htSWMuoI8p
J5/KxD4Kp0poizBu8HSw4PExCDlgf2rp7VbCDYUx62o4QIbQV1+ZFQizo7YGAd0B
EzkWeuKxv8BFEkxldHoMCGRDyF9T07IH6+SKh7NbpsO4Xfna/JOY04d7lwblAgMB
AAGjggG8MIIBuDAdBgNVHQ4EFgQU4weSheyb7UlYz8vtL0lUjiHqnr8wHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMG4GCCsGAQUF
BwELBGIwYDBeBggrBgEFBQcwC4ZScnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzMzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzIz
NTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAwG3pMA0GCSqGSIb3DQEBCwUAA4IBAQAJn/kQuwHcrFIV
U0uL2ElomlfRkXH5mk3YdTSnNp+Aq6bKDO4FApxipIrwROmsRjDyxO/5M+VzcxrL
oKmU5a0bduIakOYqYX9scWof49qEVQoqB2CXeSkE0xp7IcoGXFRRe1zbWz6zLTMn
pqbwV8mMj+6a8pEbPLlU0pkvecpvPTA8vszxtHQ2kIxPe2TROKCxbi+q94GoEwN1
5GTpTxG4P1Wj1Z0q4LI/wkQB2lST82i2qweYcdw+y41HCNvz2nh9TiMg5zdcI3iL
9f/Ukf+2Y6AYTwJTfnx9ijBDGqkH1PWSc/iNqapaoqpq+s3wAqzdCyVBDwiu2GVc
eIrBnNTm
-----END CERTIFICATE-----