Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/21/39312e3232332e3131392e302f32342d3234203d3e20323032363032.roa
File:                     39312e3232332e3131392e302f32342d3234203d3e20323032363032.roa (raw, json)
Hash identifier:          e5im33sXWnZ36AiPxNnoBaiHysRlBahz4JENz/013lY=
Subject key identifier:   65:4F:C0:65:8E:DB:17:95:15:A0:2B:E3:84:75:F6:19:95:76:4D:C1
Certificate issuer:       /CN=761c616364b89659ed9f18cb0af77420437cc7da
Certificate serial:       5DA863C91F95F6E4257E1D04193CDCED472806CE
Authority key identifier: 76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
Subject info access:      rsync://0.sb/repo/sb/21/39312e3232332e3131392e302f32342d3234203d3e20323032363032.roa
Signing time:             Mon 18 Aug 2025 14:14:31 +0000
ROA not before:           Mon 18 Aug 2025 14:09:31 +0000
ROA not after:            Mon 17 Aug 2026 14:14:31 +0000
asID:                     202602
IP address blocks:        91.223.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl
                          rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 03:56:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:a8:63:c9:1f:95:f6:e4:25:7e:1d:04:19:3c:dc:ed:47:28:06:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c616364b89659ed9f18cb0af77420437cc7da
        Validity
            Not Before: Aug 18 14:09:31 2025 GMT
            Not After : Aug 17 14:14:31 2026 GMT
        Subject: CN=654FC0658EDB179515A02BE38475F61995764DC1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cf:0e:5b:cc:d9:00:29:01:16:6b:a9:6e:a5:
                    fc:b3:e0:66:52:ea:cd:ee:96:76:fc:26:f8:14:4d:
                    9d:5c:bd:59:2f:86:b1:a5:cc:d3:ec:e3:a1:15:f2:
                    7e:2e:c4:6d:d6:f2:6f:8d:14:fe:ad:35:1e:32:41:
                    4e:d0:3b:f5:53:1f:7d:70:9e:c4:61:48:7e:99:5b:
                    f1:cd:18:0f:de:ea:69:f0:14:ce:69:bc:f9:86:0a:
                    47:b8:68:b6:c4:68:36:80:df:98:a9:91:9b:af:ec:
                    60:5a:d7:36:c6:50:1b:38:e9:a0:4f:a9:78:f1:de:
                    34:49:dc:7f:73:5e:3e:7c:86:65:38:36:02:8f:d3:
                    59:e0:b8:8c:96:9b:b2:84:f0:92:c7:3b:58:be:e9:
                    b3:58:84:bc:bf:af:73:f1:ce:22:04:1b:06:91:11:
                    d8:6f:cd:1b:d9:24:b4:bb:96:1d:29:e2:ab:e0:a1:
                    cd:0a:df:ba:5a:45:2e:8b:6c:46:17:eb:d3:3c:a6:
                    c4:0a:ed:1d:31:1a:c6:32:97:a7:d8:a9:33:95:17:
                    73:45:a3:28:60:aa:4a:78:a3:b9:ca:6c:57:96:ac:
                    71:96:b7:b6:2a:dd:00:d1:7b:e4:41:ed:cd:dc:a9:
                    62:8c:00:c3:a3:4a:e1:3b:e3:05:de:b7:37:3c:1e:
                    1c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:4F:C0:65:8E:DB:17:95:15:A0:2B:E3:84:75:F6:19:95:76:4D:C1
            X509v3 Authority Key Identifier:
                keyid:76:1C:61:63:64:B8:96:59:ED:9F:18:CB:0A:F7:74:20:43:7C:C7:DA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/21/761C616364B89659ED9F18CB0AF77420437CC7DA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhxhY2S4llntnxjLCvd0IEN8x9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/21/39312e3232332e3131392e302f32342d3234203d3e20323032363032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:d0:0c:6c:5b:9e:8b:66:eb:0b:1d:56:f3:09:6d:47:3c:b5:
         25:e6:47:bc:ad:29:74:69:34:cb:c0:2f:03:2f:8d:8f:a3:ae:
         8a:80:0e:f1:71:03:bc:62:62:9a:9b:22:51:98:36:ad:59:80:
         87:e0:cf:12:a5:62:4f:b2:cb:42:d9:74:e5:35:a3:74:c2:48:
         35:a3:ad:22:d1:48:0b:3c:36:d4:dc:b2:c4:93:89:fd:10:1b:
         77:d9:ac:3e:09:ce:31:fc:b0:7f:d5:9d:d8:06:a4:a0:b4:79:
         80:05:a8:d4:93:66:ae:d7:c4:ae:c7:8e:36:ea:ec:b7:5a:6c:
         f7:ad:74:ff:6c:38:38:fa:91:fd:49:18:b6:56:ec:de:20:91:
         4b:34:00:9c:09:91:7c:de:07:22:4b:66:59:a9:da:60:ec:1d:
         c8:bb:3b:9e:9f:a0:6f:8d:4a:3a:42:38:08:98:9a:d4:65:80:
         54:3f:77:07:49:0e:1e:1b:4d:ab:75:dc:b4:a8:0e:98:3f:46:
         ea:22:a2:fb:4f:f4:1a:39:d4:24:a1:3e:91:18:c2:5d:35:e5:
         4f:a3:7d:8b:38:69:4f:11:c7:d7:15:2b:30:ce:b7:5e:b9:68:
         01:02:4c:e2:ce:a9:74:94:0f:62:32:01:49:4d:37:3c:bc:05:
         a4:3e:3a:f0
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIUXahjyR+V9uQlfh0EGTzc7UcoBs4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzYxYzYxNjM2NGI4OTY1OWVkOWYxOGNiMGFmNzc0MjA0
MzdjYzdkYTAeFw0yNTA4MTgxNDA5MzFaFw0yNjA4MTcxNDE0MzFaMDMxMTAvBgNV
BAMTKDY1NEZDMDY1OEVEQjE3OTUxNUEwMkJFMzg0NzVGNjE5OTU3NjREQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyzw5bzNkAKQEWa6lupfyz4GZS
6s3ulnb8JvgUTZ1cvVkvhrGlzNPs46EV8n4uxG3W8m+NFP6tNR4yQU7QO/VTH31w
nsRhSH6ZW/HNGA/e6mnwFM5pvPmGCke4aLbEaDaA35ipkZuv7GBa1zbGUBs46aBP
qXjx3jRJ3H9zXj58hmU4NgKP01nguIyWm7KE8JLHO1i+6bNYhLy/r3PxziIEGwaR
EdhvzRvZJLS7lh0p4qvgoc0K37paRS6LbEYX69M8psQK7R0xGsYyl6fYqTOVF3NF
oyhgqkp4o7nKbFeWrHGWt7Yq3QDRe+RB7c3cqWKMAMOjSuE74wXetzc8HhyZAgMB
AAGjggG+MIIBujAdBgNVHQ4EFgQUZU/AZY7bF5UVoCvjhHX2GZV2TcEwHwYDVR0j
BBgwFoAUdhxhY2S4llntnxjLCvd0IEN8x9owDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzIxLzc2MUM2MTYzNjRC
ODk2NTlFRDlGMThDQjBBRjc3NDIwNDM3Q0M3REEuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kaHhoWTJTNGxsbnRueGpMQ3ZkMElFTjh4OW8uY2VyMHAGCCsGAQUF
BwELBGQwYjBgBggrBgEFBQcwC4ZUcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMjEvMzkz
MTJlMzIzMjMzMmUzMTMxMzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzIz
NjMwMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBABb33cwDQYJKoZIhvcNAQELBQADggEBADXQDGxbnotm
6wsdVvMJbUc8tSXmR7ytKXRpNMvALwMvjY+jroqADvFxA7xiYpqbIlGYNq1ZgIfg
zxKlYk+yy0LZdOU1o3TCSDWjrSLRSAs8NtTcssSTif0QG3fZrD4JzjH8sH/VndgG
pKC0eYAFqNSTZq7XxK7Hjjbq7LdabPetdP9sODj6kf1JGLZW7N4gkUs0AJwJkXze
ByJLZlmp2mDsHci7O56foG+NSjpCOAiYmtRlgFQ/dwdJDh4bTat13LSoDpg/Ruoi
ovtP9Bo51CShPpEYwl015U+jfYs4aU8Rx9cVKzDOt165aAECTOLOqXSUD2IyAUlN
Nzy8BaQ+OvA=
-----END CERTIFICATE-----