Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203233393539.roa
File:                     3139342e3132372e3136342e302f32322d3234203d3e203233393539.roa (raw, json)
Hash identifier:          urTzBck43FyfGw5cHOnT+mq+AdFQfTGL+cyt7g6qgOo=
Subject key identifier:   58:F0:0F:A6:39:6C:0E:E5:17:19:C2:46:F4:19:FF:7A:7D:88:5E:1B
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       052C2550C2F1BE813C32594AA7083729F6CA6B13
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203233393539.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     23959
IP address blocks:        194.127.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:2c:25:50:c2:f1:be:81:3c:32:59:4a:a7:08:37:29:f6:ca:6b:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=58F00FA6396C0EE51719C246F419FF7A7D885E1B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:b2:dc:1d:78:17:17:2e:06:10:a1:26:a1:b8:
                    ec:2e:1b:1b:bb:78:81:7f:28:a6:21:de:bb:aa:ed:
                    a2:a3:c4:ff:7f:6a:0f:53:e2:3e:78:ef:68:9b:45:
                    7e:ef:65:96:40:e4:96:b6:8a:3c:e6:87:2b:e7:ba:
                    56:d1:94:24:56:23:a1:7d:88:2d:84:cf:b2:60:f5:
                    ae:9b:aa:45:ec:2f:d5:11:ee:f4:e5:f0:4f:92:a9:
                    e4:6f:13:86:9a:aa:00:5a:46:09:e7:ec:54:ff:ea:
                    3c:12:ce:dd:44:c6:e7:13:35:64:39:d2:2c:85:01:
                    52:02:63:6b:77:d0:88:b0:09:8c:a7:7b:b6:e6:c9:
                    6c:df:3b:81:3e:9e:8b:24:46:1f:15:ec:cb:2d:fa:
                    62:5c:77:ab:77:d0:74:e2:41:3c:da:cb:09:b4:9f:
                    a1:2d:43:61:ed:75:44:96:13:ed:22:87:66:9f:ee:
                    39:c6:33:ac:7f:06:38:f2:d8:a7:91:9f:5b:d1:37:
                    a1:7f:06:aa:52:c3:77:7d:41:15:13:68:47:cb:8c:
                    6f:8e:51:8f:11:30:d7:65:2b:d7:b9:3a:1d:b7:b9:
                    4f:8c:86:d7:a7:a6:8d:3c:a3:f2:f6:c7:42:6a:c4:
                    e3:aa:89:9b:77:69:25:af:e4:e6:99:dd:70:7a:ae:
                    80:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:F0:0F:A6:39:6C:0E:E5:17:19:C2:46:F4:19:FF:7A:7D:88:5E:1B
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203233393539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         df:9d:21:d2:4a:be:01:24:16:93:11:e3:2f:f2:32:85:c3:e3:
         ea:a4:ac:14:ec:9a:54:2b:ad:29:02:c8:d0:7e:94:91:e0:60:
         0b:21:1e:35:88:46:d1:a8:39:8a:c7:8a:8c:46:b3:8b:36:38:
         c6:5d:30:32:9d:d4:96:9e:b0:b9:ea:5a:65:19:e9:57:12:f0:
         1e:e8:69:13:c1:d9:d0:3b:c1:eb:2b:4f:25:05:92:d4:8a:c5:
         cc:34:53:c5:d2:33:65:41:93:99:d0:76:e7:4b:8a:f0:ea:92:
         28:30:85:df:22:72:a7:21:de:da:f0:ca:41:f4:64:29:a4:8f:
         dc:2e:c9:df:50:8f:a5:05:94:1d:4e:b4:f2:3a:22:cc:64:64:
         46:f3:27:0d:00:90:e5:fe:ce:17:56:39:20:92:24:01:dc:ab:
         d7:e8:2a:55:20:1e:44:bc:fc:33:58:41:2d:46:40:57:ea:f5:
         3f:90:d2:3f:b5:c7:51:e7:0d:8e:1a:83:56:f8:17:b2:78:81:
         e6:d7:da:1d:56:14:87:09:39:fd:ae:37:37:b3:b0:95:54:c4:
         67:a9:3f:30:4a:d1:ce:ab:57:66:9e:9f:e8:a9:3e:c0:fe:e7:
         75:e4:f8:87:0c:2e:eb:10:85:69:5d:76:c5:9e:19:36:a6:70:
         6b:fb:cb:92
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUBSwlUMLxvoE8MllKpwg3KfbKaxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKDU4RjAwRkE2Mzk2QzBFRTUxNzE5QzI0NkY0MTlGRjdBN0Q4ODVFMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmstwdeBcXLgYQoSahuOwuGxu7
eIF/KKYh3ruq7aKjxP9/ag9T4j5472ibRX7vZZZA5Ja2ijzmhyvnulbRlCRWI6F9
iC2Ez7Jg9a6bqkXsL9UR7vTl8E+SqeRvE4aaqgBaRgnn7FT/6jwSzt1ExucTNWQ5
0iyFAVICY2t30IiwCYyne7bmyWzfO4E+noskRh8V7Mst+mJcd6t30HTiQTzaywm0
n6EtQ2HtdUSWE+0ih2af7jnGM6x/Bjjy2KeRn1vRN6F/BqpSw3d9QRUTaEfLjG+O
UY8RMNdlK9e5Oh23uU+Mhtenpo08o/L2x0JqxOOqiZt3aSWv5OaZ3XB6roDxAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUWPAPpjlsDuUXGcJG9Bn/en2IXhswHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzQyZTMwMmYzMjMyMmQz
MjM0MjAzZDNlMjAzMjMzMzkzNTM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwn+kMA0GCSqGSIb3DQEB
CwUAA4IBAQDfnSHSSr4BJBaTEeMv8jKFw+PqpKwU7JpUK60pAsjQfpSR4GALIR41
iEbRqDmKx4qMRrOLNjjGXTAyndSWnrC56lplGelXEvAe6GkTwdnQO8HrK08lBZLU
isXMNFPF0jNlQZOZ0HbnS4rw6pIoMIXfInKnId7a8MpB9GQppI/cLsnfUI+lBZQd
TrTyOiLMZGRG8ycNAJDl/s4XVjkgkiQB3KvX6CpVIB5EvPwzWEEtRkBX6vU/kNI/
tcdR5w2OGoNW+BeyeIHm19odVhSHCTn9rjc3s7CVVMRnqT8wStHOq1dmnp/oqT7A
/ud15PiHDC7rEIVpXXbFnhk2pnBr+8uS
-----END CERTIFICATE-----