Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203233393539.roa
File:                     3139342e3132372e3136342e302f32322d3234203d3e203233393539.roa (raw, json)
Hash identifier:          pJC36+vZCN8lWB5bUDwUvEqzJAq7DulCJMOWLk/iuQU=
Subject key identifier:   5B:98:56:48:93:C8:D4:6B:4F:41:70:C0:DD:91:DD:02:DB:6B:A9:AF
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       0C3922BC1FD7B878B089B38B8E9A7665BF44A0AE
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203233393539.roa
Signing time:             Thu 12 Sep 2024 16:46:53 +0000
ROA not before:           Thu 12 Sep 2024 16:41:53 +0000
ROA not after:            Thu 11 Sep 2025 16:46:53 +0000
asID:                     23959
IP address blocks:        194.127.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:39:22:bc:1f:d7:b8:78:b0:89:b3:8b:8e:9a:76:65:bf:44:a0:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 12 16:41:53 2024 GMT
            Not After : Sep 11 16:46:53 2025 GMT
        Subject: CN=5B98564893C8D46B4F4170C0DD91DD02DB6BA9AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:4a:6d:35:be:45:39:66:6b:ab:53:c3:10:0b:
                    06:f4:e9:b1:bc:8d:f9:7c:cd:8d:9d:4b:49:3f:d7:
                    94:98:76:f1:02:8f:82:7a:6e:03:05:ff:e4:e7:60:
                    af:74:b3:70:4a:eb:2b:58:2b:f2:ef:9c:02:ac:65:
                    0b:bf:a1:39:da:bc:26:31:e4:4a:dc:6e:f1:e0:ba:
                    39:3a:67:1c:8c:e5:82:8f:70:fd:48:1c:6c:82:da:
                    fa:cf:e8:ad:8e:53:a8:e1:65:86:d4:ff:6f:7b:4c:
                    35:e5:d2:c3:eb:0c:4e:f8:ae:b8:8e:31:82:93:33:
                    36:91:8d:aa:af:cc:c3:22:41:1c:b5:f3:ae:7e:aa:
                    f4:5d:d9:e9:01:4c:74:0c:fe:b5:0e:0a:63:72:b5:
                    48:8d:a6:87:bc:6d:56:02:9b:93:c2:25:1d:9e:dd:
                    b0:94:a5:02:99:6e:da:7e:05:99:fa:86:d3:88:96:
                    1f:ad:9e:da:dc:73:6f:e4:1a:fd:4e:92:43:d2:ba:
                    ee:da:bb:f9:96:53:bf:fd:30:47:93:c5:92:4b:54:
                    91:d8:c7:03:b3:e7:c0:99:11:bd:04:3b:77:db:7f:
                    9d:47:ca:a8:92:ea:f2:c5:90:50:d8:c7:e1:93:fc:
                    55:0c:e2:3a:f4:28:c8:48:96:fb:90:f6:be:05:ab:
                    f2:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:98:56:48:93:C8:D4:6B:4F:41:70:C0:DD:91:DD:02:DB:6B:A9:AF
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203233393539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c6:4a:b4:9e:0b:d7:25:a9:e5:e3:60:a5:d6:e9:8f:d7:e8:67:
         78:25:68:0d:a4:26:a5:82:9d:fa:07:a1:d0:19:7a:14:38:4e:
         aa:19:85:08:7c:d1:18:bb:2f:dd:ce:b4:43:3a:ca:60:ea:8f:
         6b:ca:ee:77:f8:31:11:5f:46:b6:27:09:d2:cc:15:ba:8d:ed:
         48:43:27:be:8d:67:ce:b0:43:91:ba:5b:68:a1:4c:4d:ca:5d:
         52:be:4e:e0:44:1b:78:8e:e5:00:8e:58:bc:28:5f:1a:3e:36:
         c2:90:68:41:5b:08:0e:ad:ba:40:49:42:31:76:a6:54:c6:53:
         94:05:e7:3b:cf:38:54:fa:76:0b:ee:59:82:69:6a:41:8e:ec:
         0b:17:09:5f:ec:0e:32:02:bd:b2:1e:0a:56:89:c1:f9:96:ef:
         9e:45:59:c3:03:af:97:ee:b5:6f:27:7a:7f:f2:e2:36:9b:cc:
         16:79:92:4a:47:ee:b1:7e:5e:4b:bf:64:eb:de:83:7b:55:1f:
         66:eb:ec:49:70:a9:0a:82:aa:05:4d:e7:3f:0e:c2:fa:9e:56:
         26:b7:e7:52:e5:51:69:a6:aa:13:dd:d2:cc:65:d4:ff:40:36:
         78:fc:f6:1f:cc:05:74:bb:f9:f5:39:e9:e5:28:fe:23:38:7a:
         a3:06:af:6e
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUDDkivB/XuHiwibOLjpp2Zb9EoK4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA5MTIxNjQxNTNaFw0yNTA5MTExNjQ2NTNaMDMxMTAvBgNV
BAMTKDVCOTg1NjQ4OTNDOEQ0NkI0RjQxNzBDMEREOTFERDAyREI2QkE5QUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7Sm01vkU5ZmurU8MQCwb06bG8
jfl8zY2dS0k/15SYdvECj4J6bgMF/+TnYK90s3BK6ytYK/LvnAKsZQu/oTnavCYx
5ErcbvHgujk6ZxyM5YKPcP1IHGyC2vrP6K2OU6jhZYbU/297TDXl0sPrDE74rriO
MYKTMzaRjaqvzMMiQRy1865+qvRd2ekBTHQM/rUOCmNytUiNpoe8bVYCm5PCJR2e
3bCUpQKZbtp+BZn6htOIlh+tntrcc2/kGv1OkkPSuu7au/mWU7/9MEeTxZJLVJHY
xwOz58CZEb0EO3fbf51HyqiS6vLFkFDYx+GT/FUM4jr0KMhIlvuQ9r4Fq/IDAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUW5hWSJPI1GtPQXDA3ZHdAttrqa8wHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzQyZTMwMmYzMjMyMmQz
MjM0MjAzZDNlMjAzMjMzMzkzNTM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwn+kMA0GCSqGSIb3DQEB
CwUAA4IBAQDGSrSeC9clqeXjYKXW6Y/X6Gd4JWgNpCalgp36B6HQGXoUOE6qGYUI
fNEYuy/dzrRDOspg6o9ryu53+DERX0a2JwnSzBW6je1IQye+jWfOsEORultooUxN
yl1Svk7gRBt4juUAjli8KF8aPjbCkGhBWwgOrbpASUIxdqZUxlOUBec7zzhU+nYL
7lmCaWpBjuwLFwlf7A4yAr2yHgpWicH5lu+eRVnDA6+X7rVvJ3p/8uI2m8wWeZJK
R+6xfl5Lv2Tr3oN7VR9m6+xJcKkKgqoFTec/DsL6nlYmt+dS5VFppqoT3dLMZdT/
QDZ4/PYfzAV0u/n1OenlKP4jOHqjBq9u
-----END CERTIFICATE-----