Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203433333537.roa
File:                     3139342e3132372e3136342e302f32322d3234203d3e203433333537.roa (raw, json)
Hash identifier:          aFPS6RHVH0D5kNs0GwecpacsvHPCRd2kw+yDq9EP184=
Subject key identifier:   18:EA:43:05:7B:A1:CA:E9:58:44:E6:11:28:0E:CD:E6:EB:94:4C:29
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       3864888FEC0A2678A5E640F60176AE9B77376971
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203433333537.roa
Signing time:             Thu 12 Sep 2024 16:46:53 +0000
ROA not before:           Thu 12 Sep 2024 16:41:53 +0000
ROA not after:            Thu 11 Sep 2025 16:46:53 +0000
asID:                     43357
IP address blocks:        194.127.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:64:88:8f:ec:0a:26:78:a5:e6:40:f6:01:76:ae:9b:77:37:69:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 12 16:41:53 2024 GMT
            Not After : Sep 11 16:46:53 2025 GMT
        Subject: CN=18EA43057BA1CAE95844E611280ECDE6EB944C29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:c4:5b:43:92:32:8c:27:de:38:62:57:26:fa:
                    3e:fe:2e:aa:4b:0f:27:50:6a:28:e7:56:76:4a:02:
                    33:1c:bb:03:14:45:3c:d5:61:d7:c0:8c:83:32:e8:
                    1e:13:3e:3b:6f:88:73:36:d9:ae:4d:25:3a:4f:9b:
                    7b:99:3f:fd:38:56:d9:74:94:8d:a3:25:10:19:b1:
                    ac:c0:93:97:81:60:4b:10:ca:b1:93:46:4c:e2:7b:
                    f4:06:2f:39:44:68:9f:9e:a0:fc:d7:03:b0:8e:21:
                    f5:7c:35:2f:5a:88:48:c6:6d:26:1e:eb:a1:96:04:
                    66:7c:31:8b:ef:43:21:7a:68:0f:6f:96:46:50:52:
                    57:3b:6b:82:6a:ee:09:b1:6b:3d:6d:ad:3b:10:d1:
                    cc:e4:9e:4d:aa:57:74:9a:00:7e:44:e5:cf:69:43:
                    66:f0:93:66:70:ed:54:71:d7:0e:e0:ef:9e:fc:42:
                    40:c9:f1:78:dd:23:d2:f4:21:eb:64:6d:ed:ad:8e:
                    b6:f7:92:b4:8e:8e:09:73:f9:fa:c0:95:6e:dc:b1:
                    1e:99:09:e6:45:ce:b3:3c:bd:3a:8f:fd:5f:49:ed:
                    78:d4:03:6a:3e:ce:43:1e:2b:5b:39:07:4d:90:b0:
                    e4:67:36:34:67:67:d6:ca:db:c3:b7:ef:57:25:e9:
                    df:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:EA:43:05:7B:A1:CA:E9:58:44:E6:11:28:0E:CD:E6:EB:94:4C:29
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203433333537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b4:85:9f:65:c5:f1:a4:ae:c6:1e:1e:4c:73:b0:f5:87:60:7e:
         54:62:60:ad:3c:60:1d:a6:92:d1:60:9a:70:4c:33:ec:5d:8e:
         c8:a5:2b:70:8c:a0:93:17:a1:ce:7c:49:08:2a:3e:ba:04:f3:
         f9:b9:55:3a:b8:33:e1:69:da:16:21:11:fc:c1:c7:e9:6d:54:
         78:33:71:35:50:21:6b:9d:86:36:7b:5d:bc:5e:30:60:38:75:
         98:ba:3b:64:c7:17:bb:9a:cb:e7:28:e3:39:49:ac:36:b4:51:
         0a:59:c5:1f:a4:d1:0a:65:20:b5:85:75:af:78:4b:45:87:65:
         ed:48:d1:ea:77:47:4b:60:f0:6f:24:e6:b4:b0:5f:63:02:57:
         50:9c:10:50:9f:5b:a0:5a:20:fa:2d:a0:01:34:c7:da:a3:7c:
         ba:61:64:ef:95:e9:fa:d4:32:a3:01:8f:45:8f:eb:85:ad:87:
         09:f5:d0:d8:64:ae:67:c2:79:1d:f9:1a:a9:bf:4d:21:7b:89:
         fe:34:cb:97:59:f6:3f:fb:f6:7f:f2:5b:16:6c:b3:be:fe:08:
         4a:bc:37:98:02:ea:56:c5:ab:1f:8f:d6:35:57:8a:d2:69:58:
         ae:e5:b3:8a:2f:6a:2c:f9:b7:c7:71:2d:36:2d:53:b5:eb:3f:
         24:34:b2:0f
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUOGSIj+wKJnil5kD2AXaum3c3aXEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA5MTIxNjQxNTNaFw0yNTA5MTExNjQ2NTNaMDMxMTAvBgNV
BAMTKDE4RUE0MzA1N0JBMUNBRTk1ODQ0RTYxMTI4MEVDREU2RUI5NDRDMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvxFtDkjKMJ944Ylcm+j7+LqpL
DydQaijnVnZKAjMcuwMURTzVYdfAjIMy6B4TPjtviHM22a5NJTpPm3uZP/04Vtl0
lI2jJRAZsazAk5eBYEsQyrGTRkzie/QGLzlEaJ+eoPzXA7COIfV8NS9aiEjGbSYe
66GWBGZ8MYvvQyF6aA9vlkZQUlc7a4Jq7gmxaz1trTsQ0czknk2qV3SaAH5E5c9p
Q2bwk2Zw7VRx1w7g7578QkDJ8XjdI9L0Ietkbe2tjrb3krSOjglz+frAlW7csR6Z
CeZFzrM8vTqP/V9J7XjUA2o+zkMeK1s5B02QsORnNjRnZ9bK28O371cl6d87AgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUGOpDBXuhyulYROYRKA7N5uuUTCkwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzQyZTMwMmYzMjMyMmQz
MjM0MjAzZDNlMjAzNDMzMzMzNTM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwn+kMA0GCSqGSIb3DQEB
CwUAA4IBAQC0hZ9lxfGkrsYeHkxzsPWHYH5UYmCtPGAdppLRYJpwTDPsXY7IpStw
jKCTF6HOfEkIKj66BPP5uVU6uDPhadoWIRH8wcfpbVR4M3E1UCFrnYY2e128XjBg
OHWYujtkxxe7msvnKOM5Saw2tFEKWcUfpNEKZSC1hXWveEtFh2XtSNHqd0dLYPBv
JOa0sF9jAldQnBBQn1ugWiD6LaABNMfao3y6YWTvlen61DKjAY9Fj+uFrYcJ9dDY
ZK5nwnkd+Rqpv00he4n+NMuXWfY/+/Z/8lsWbLO+/ghKvDeYAupWxasfj9Y1V4rS
aViu5bOKL2os+bfHcS02LVO16z8kNLIP
-----END CERTIFICATE-----