Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e20393439.roa
File:                     38392e3130362e3230372e302f32342d3234203d3e20393439.roa (raw, json)
Hash identifier:          wOaRUPXDlUXNT73t7GJTzaC2xVZ5ocnHQ7QHfFBASSM=
Subject key identifier:   DB:49:E2:0F:DF:40:FA:E9:1C:24:5E:E7:C7:34:31:87:8B:C8:EF:8D
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       2CA296506DF5C4C1A0B067283479A5BF9C92D70E
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e20393439.roa
Signing time:             Fri 25 Jul 2025 10:52:38 +0000
ROA not before:           Fri 25 Jul 2025 10:47:38 +0000
ROA not after:            Fri 24 Jul 2026 10:52:38 +0000
asID:                     949
IP address blocks:        89.106.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 02:51:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:a2:96:50:6d:f5:c4:c1:a0:b0:67:28:34:79:a5:bf:9c:92:d7:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Jul 25 10:47:38 2025 GMT
            Not After : Jul 24 10:52:38 2026 GMT
        Subject: CN=DB49E20FDF40FAE91C245EE7C73431878BC8EF8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:40:89:0f:e1:ff:09:db:b2:34:60:70:f0:36:
                    b7:3c:f8:b0:a3:78:02:00:f1:53:40:bb:f2:60:eb:
                    7e:61:1c:14:af:0d:c5:fb:30:cc:3d:09:dc:96:38:
                    f9:f1:0e:98:7c:62:65:d6:ca:fc:33:27:5d:f0:bb:
                    bd:88:63:38:d9:bb:c3:22:2b:2e:4b:00:22:8a:9e:
                    7f:3d:09:f6:c6:b9:7e:3a:02:73:13:b1:d1:8f:04:
                    f0:3d:51:a6:ec:8e:1c:33:e2:aa:d5:56:6a:2b:9c:
                    94:58:25:e0:93:72:13:f0:ff:12:ef:db:b6:f7:11:
                    18:ab:25:1f:d1:66:38:db:38:24:be:45:f5:68:0c:
                    40:bc:32:8e:37:ad:0b:fb:c2:49:0a:23:7a:72:e9:
                    fb:fd:05:d7:ae:d3:3e:11:de:7f:db:a5:15:ab:3e:
                    d1:9f:a7:3f:38:c6:43:a2:a7:b2:ab:2a:3a:eb:83:
                    b9:5d:19:60:a8:70:22:75:b4:ac:1a:5a:57:78:b8:
                    89:c3:29:e0:3d:6d:91:0e:a7:5b:1d:b3:b0:f5:5e:
                    39:7c:71:74:50:00:a1:74:3f:37:6a:8a:cc:bb:8a:
                    fd:9a:bc:8e:93:dc:0c:13:2d:83:ef:97:65:df:55:
                    92:c8:75:61:ce:51:17:1b:2c:e5:59:80:f2:80:7f:
                    e7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:49:E2:0F:DF:40:FA:E9:1C:24:5E:E7:C7:34:31:87:8B:C8:EF:8D
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/38392e3130362e3230372e302f32342d3234203d3e20393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:4c:73:5a:23:ac:49:73:eb:9b:a8:0b:06:b8:fd:3d:3d:e6:
         d7:a0:a6:cd:03:1f:a9:5d:d4:c2:74:f3:32:ce:db:2f:e0:be:
         00:97:0a:8d:b1:c1:8d:f9:be:3e:5e:18:e0:aa:2f:23:2e:88:
         24:b8:c0:d7:fd:7c:52:54:e2:00:7c:78:4c:f3:e5:f9:20:6f:
         9c:52:4b:4a:43:3c:7a:f8:41:96:0a:15:cd:e0:99:aa:59:bb:
         6b:e1:15:ee:ba:05:6e:ec:6e:05:0c:c1:b6:fa:78:43:5b:6c:
         ee:df:bb:57:5a:1a:bb:12:ac:27:0e:6c:35:c5:89:3f:67:5e:
         f6:0d:69:fb:45:96:76:a8:11:73:a0:0c:ab:9c:d1:58:ce:85:
         2a:eb:d4:eb:9d:f5:e0:bd:9e:47:75:f4:dc:a8:76:9f:6d:61:
         f1:4f:14:61:6e:bc:cd:70:8c:51:1a:f9:97:ff:2b:24:9c:46:
         c4:0b:c1:a2:c0:c7:63:ba:ab:9f:70:ea:d3:32:dd:94:46:f0:
         d7:db:d9:79:43:fb:e1:3f:d1:9a:19:b3:69:dc:f7:2a:68:bb:
         14:80:6b:5a:8e:b4:b7:04:7d:dd:1a:94:c9:39:51:d9:31:f7:
         5b:f1:ac:df:6c:95:ad:b8:ea:26:ec:ac:73:64:3d:74:fe:9d:
         5b:60:35:f2
-----BEGIN CERTIFICATE-----
MIIErjCCA5agAwIBAgIULKKWUG31xMGgsGcoNHmlv5yS1w4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA3MjUxMDQ3MzhaFw0yNjA3MjQxMDUyMzhaMDMxMTAvBgNV
BAMTKERCNDlFMjBGREY0MEZBRTkxQzI0NUVFN0M3MzQzMTg3OEJDOEVGOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQIkP4f8J27I0YHDwNrc8+LCj
eAIA8VNAu/Jg635hHBSvDcX7MMw9CdyWOPnxDph8YmXWyvwzJ13wu72IYzjZu8Mi
Ky5LACKKnn89CfbGuX46AnMTsdGPBPA9Uabsjhwz4qrVVmornJRYJeCTchPw/xLv
27b3ERirJR/RZjjbOCS+RfVoDEC8Mo43rQv7wkkKI3py6fv9Bdeu0z4R3n/bpRWr
PtGfpz84xkOip7KrKjrrg7ldGWCocCJ1tKwaWld4uInDKeA9bZEOp1sds7D1Xjl8
cXRQAKF0Pzdqisy7iv2avI6T3AwTLYPvl2XfVZLIdWHOURcbLOVZgPKAf+eLAgMB
AAGjggG4MIIBtDAdBgNVHQ4EFgQU20niD99A+ukcJF7nxzQxh4vI740wHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMGoGCCsGAQUF
BwELBF4wXDBaBggrBgEFBQcwC4ZOcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzgz
OTJlMzEzMDM2MmUzMjMwMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTM0Mzku
cm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAO
MAwEAgABMAYDBABZas8wDQYJKoZIhvcNAQELBQADggEBAC9Mc1ojrElz65uoCwa4
/T095tegps0DH6ld1MJ08zLO2y/gvgCXCo2xwY35vj5eGOCqLyMuiCS4wNf9fFJU
4gB8eEzz5fkgb5xSS0pDPHr4QZYKFc3gmapZu2vhFe66BW7sbgUMwbb6eENbbO7f
u1daGrsSrCcObDXFiT9nXvYNaftFlnaoEXOgDKuc0VjOhSrr1Oud9eC9nkd19Nyo
dp9tYfFPFGFuvM1wjFEa+Zf/KyScRsQLwaLAx2O6q59w6tMy3ZRG8Nfb2XlD++E/
0ZoZs2nc9ypouxSAa1qOtLcEfd0alMk5Udkx91vxrN9sla246ibsrHNkPXT+nVtg
NfI=
-----END CERTIFICATE-----