Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e203433393539.roa
File:                     3139322e3130392e3233332e302f32342d3234203d3e203433393539.roa (raw, json)
Hash identifier:          kTGq5VQLMuMcChCV+hAmyJ8C2PcFuAILkKBpenLrZ4g=
Subject key identifier:   3B:9A:50:3F:A5:37:A0:C7:D4:75:14:C6:38:98:DB:2A:AC:85:0F:59
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       60AF45087002ED9DB323E6EA7289F410341C7122
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e203433393539.roa
Signing time:             Fri 25 Jul 2025 10:52:37 +0000
ROA not before:           Fri 25 Jul 2025 10:47:37 +0000
ROA not after:            Fri 24 Jul 2026 10:52:37 +0000
asID:                     43959
IP address blocks:        192.109.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 09:10:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:af:45:08:70:02:ed:9d:b3:23:e6:ea:72:89:f4:10:34:1c:71:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Jul 25 10:47:37 2025 GMT
            Not After : Jul 24 10:52:37 2026 GMT
        Subject: CN=3B9A503FA537A0C7D47514C63898DB2AAC850F59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:00:0d:fa:c1:54:48:8c:4e:8b:21:bb:0e:cc:
                    cd:34:ad:b7:73:b1:ad:c2:48:11:55:66:01:5c:b4:
                    4e:1e:89:6a:97:72:5c:46:06:7b:bf:86:a1:27:ef:
                    f6:9d:ec:52:43:f2:5e:a2:f0:16:d6:c6:fd:8f:bd:
                    fa:ab:ae:f4:df:8b:36:2a:61:6b:b4:de:5a:64:4f:
                    38:12:ce:db:9f:e1:66:aa:15:41:86:a9:e2:80:07:
                    b8:83:6b:fb:4b:ff:4e:ee:49:d1:6d:38:e1:9f:31:
                    77:37:61:27:2f:0a:49:e2:d9:89:ea:71:a9:fd:81:
                    18:21:d8:4e:f6:ab:82:9c:dc:48:80:fd:e3:ff:bb:
                    3c:5f:ad:47:ad:80:7b:4b:1f:1d:ea:7f:3a:fb:6c:
                    09:3d:60:6e:90:f5:f1:57:f2:71:56:e5:ed:e4:be:
                    87:36:a5:71:56:f7:0e:02:d4:17:35:60:cd:5c:4e:
                    b3:47:a2:8e:f5:0b:07:46:e3:22:4b:9e:4c:46:b0:
                    1f:15:53:7d:3c:20:e1:06:ea:14:f5:8e:6e:68:4d:
                    02:13:05:9e:b0:61:1c:5f:2d:11:98:e7:68:17:49:
                    4d:e1:95:46:cb:a7:ff:b1:2f:6a:bb:70:34:b0:98:
                    20:94:b8:da:38:84:81:21:b9:79:a4:8c:c2:19:ad:
                    35:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:9A:50:3F:A5:37:A0:C7:D4:75:14:C6:38:98:DB:2A:AC:85:0F:59
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/3139322e3130392e3233332e302f32342d3234203d3e203433393539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:a7:c2:c1:43:55:30:e3:6a:26:61:c3:89:dc:81:fa:89:64:
         cf:e2:6e:35:5c:e9:73:36:be:a8:71:60:91:76:4d:17:91:89:
         a5:ac:16:4f:ad:1c:44:3e:15:31:bc:55:1b:30:db:0c:60:c0:
         b2:8d:b3:d1:41:fd:87:33:b1:ee:c9:0b:c2:46:d9:88:fe:2f:
         9c:ad:09:2b:72:5b:8b:0c:42:d9:40:c7:3c:4b:47:13:7a:c4:
         2d:36:cf:6e:d5:ca:09:19:47:d8:b0:d6:b3:53:89:b8:f7:b1:
         56:b8:52:a9:14:de:b8:08:cc:fa:d5:28:30:11:34:ae:32:fd:
         9f:eb:bb:07:4e:5c:24:16:f3:bd:0e:ea:72:ac:34:7b:06:6c:
         5f:4f:17:e1:29:95:45:91:73:bd:61:0f:16:ec:c2:b0:32:10:
         15:01:65:b5:6c:2c:bf:8f:d8:86:96:cb:e7:73:a0:48:a5:00:
         38:5c:e2:75:92:cb:e6:d3:b8:ee:b8:73:c3:e5:12:4d:de:2c:
         04:c3:2d:fa:ed:bf:ad:67:8b:87:f8:5f:5c:f0:67:e1:87:f5:
         a5:a2:eb:52:f8:6a:73:b5:1a:e2:06:8b:e8:a3:c1:3b:a6:01:
         42:c6:1d:ff:5c:b6:f7:48:dd:65:04:29:ef:09:2e:95:55:99:
         3f:45:95:f3
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIUYK9FCHAC7Z2zI+bqcon0EDQccSIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA3MjUxMDQ3MzdaFw0yNjA3MjQxMDUyMzdaMDMxMTAvBgNV
BAMTKDNCOUE1MDNGQTUzN0EwQzdENDc1MTRDNjM4OThEQjJBQUM4NTBGNTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/AA36wVRIjE6LIbsOzM00rbdz
sa3CSBFVZgFctE4eiWqXclxGBnu/hqEn7/ad7FJD8l6i8BbWxv2PvfqrrvTfizYq
YWu03lpkTzgSztuf4WaqFUGGqeKAB7iDa/tL/07uSdFtOOGfMXc3YScvCkni2Ynq
can9gRgh2E72q4Kc3EiA/eP/uzxfrUetgHtLHx3qfzr7bAk9YG6Q9fFX8nFW5e3k
voc2pXFW9w4C1Bc1YM1cTrNHoo71CwdG4yJLnkxGsB8VU308IOEG6hT1jm5oTQIT
BZ6wYRxfLRGY52gXSU3hlUbLp/+xL2q7cDSwmCCUuNo4hIEhuXmkjMIZrTXLAgMB
AAGjggG+MIIBujAdBgNVHQ4EFgQUO5pQP6U3oMfUdRTGOJjbKqyFD1kwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMHAGCCsGAQUF
BwELBGQwYjBgBggrBgEFBQcwC4ZUcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzEz
OTMyMmUzMTMwMzkyZTMyMzMzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzMz
OTM1Mzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADAbekwDQYJKoZIhvcNAQELBQADggEBAJSnwsFDVTDj
aiZhw4ncgfqJZM/ibjVc6XM2vqhxYJF2TReRiaWsFk+tHEQ+FTG8VRsw2wxgwLKN
s9FB/Yczse7JC8JG2Yj+L5ytCStyW4sMQtlAxzxLRxN6xC02z27VygkZR9iw1rNT
ibj3sVa4UqkU3rgIzPrVKDARNK4y/Z/ruwdOXCQW870O6nKsNHsGbF9PF+EplUWR
c71hDxbswrAyEBUBZbVsLL+P2IaWy+dzoEilADhc4nWSy+bTuO64c8PlEk3eLATD
Lfrtv61ni4f4X1zwZ+GH9aWi61L4anO1GuIGi+ijwTumAULGHf9ctvdI3WUEKe8J
LpVVmT9FlfM=
-----END CERTIFICATE-----