Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203433333537.roa
File:                     3139342e3132372e3136342e302f32322d3234203d3e203433333537.roa (raw, json)
Hash identifier:          apLNw0fujy5rYSvhM9mbHKWV68k0TBSQN0Zyg9s34Ts=
Subject key identifier:   88:C6:2B:B1:C7:4D:63:7E:49:8B:D2:A3:8E:49:0E:76:1A:81:2B:A2
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       5CB4FC51D5F51D35D6F49D3C90B35E2ABB749EC5
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203433333537.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     43357
IP address blocks:        194.127.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:b4:fc:51:d5:f5:1d:35:d6:f4:9d:3c:90:b3:5e:2a:bb:74:9e:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=88C62BB1C74D637E498BD2A38E490E761A812BA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:28:08:10:28:c3:55:ee:59:a3:c4:e3:ca:99:
                    2a:59:88:9e:25:c1:a0:2d:5e:16:1b:2f:d9:19:3a:
                    49:09:f0:17:ea:4a:07:63:55:94:fc:0c:9f:74:dc:
                    fc:15:6a:42:c4:9c:30:f6:b6:34:4b:54:ee:ef:ac:
                    a6:52:d2:ec:41:0b:44:15:42:f9:5d:1d:bf:f8:4f:
                    08:08:a4:1b:42:1f:a4:d7:cb:62:b7:a5:92:d7:a5:
                    26:1f:f9:bb:f4:b4:cc:70:b5:6a:de:3c:47:5d:7b:
                    a8:fc:2a:d2:05:86:2a:43:fb:d3:20:3c:9e:ae:6a:
                    a8:0a:ec:66:d6:98:a5:43:09:a7:ab:2c:1d:6f:27:
                    a9:ef:fe:68:0f:99:b1:8b:42:4b:03:65:56:0f:ec:
                    d0:fe:cb:73:17:a4:9c:b7:8e:73:14:12:02:5b:87:
                    87:26:ab:a0:65:ad:c4:9d:5b:fd:b6:30:fa:92:13:
                    06:aa:29:e0:f2:91:15:b1:b0:ad:09:58:ab:eb:18:
                    7c:27:d1:47:b4:36:84:23:1f:31:2a:f1:06:95:0f:
                    e6:b9:a1:7e:ac:52:f1:18:6d:92:72:df:65:8e:5c:
                    aa:fa:68:db:12:ad:53:e5:67:99:93:7b:fe:00:a6:
                    84:0f:a0:21:63:6c:8d:c8:e3:77:04:13:15:02:b4:
                    46:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:C6:2B:B1:C7:4D:63:7E:49:8B:D2:A3:8E:49:0E:76:1A:81:2B:A2
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32322d3234203d3e203433333537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:e4:8d:04:63:37:3c:ce:50:e3:67:56:4f:9d:e6:86:76:71:
         a8:62:7f:01:f5:19:29:98:aa:f7:6e:c9:72:57:f5:de:25:c3:
         31:bf:fc:a4:07:bb:e8:59:5a:52:a9:00:17:d0:cd:50:e0:4d:
         11:8a:11:28:14:79:51:ba:4a:a5:f4:70:18:0e:88:91:c0:8c:
         79:bb:fc:cc:7e:45:25:e9:1f:ce:9c:4a:08:b3:3e:11:20:5b:
         24:a9:e2:b0:8f:4f:c7:19:56:ca:2e:1b:14:f0:e7:ce:a3:66:
         0b:29:8a:d7:ac:ae:30:68:a7:a9:6d:0c:92:9c:fa:b8:e2:2e:
         cd:00:34:ba:8f:0d:99:e6:d6:89:47:63:8e:c0:33:68:96:6a:
         22:90:68:4d:4f:52:a5:86:9b:66:4f:b6:6c:04:75:05:09:9f:
         1f:24:8c:03:a1:3a:30:89:c5:90:46:95:fe:5a:18:07:4f:5d:
         21:d6:08:a2:10:38:e8:46:f6:e8:70:09:a5:fa:c4:ac:2d:28:
         6b:79:a2:35:05:3f:7e:3f:2e:87:d3:de:bf:17:6d:44:45:cd:
         36:7c:d1:c9:e9:0c:15:74:b8:e8:5d:3a:19:16:64:2c:39:be:
         8c:d6:0b:41:97:0e:e3:f8:b0:c7:db:85:96:1e:27:e8:6f:3c:
         06:ce:11:5d
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUXLT8UdX1HTXW9J08kLNeKrt0nsUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKDg4QzYyQkIxQzc0RDYzN0U0OThCRDJBMzhFNDkwRTc2MUE4MTJCQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjKAgQKMNV7lmjxOPKmSpZiJ4l
waAtXhYbL9kZOkkJ8BfqSgdjVZT8DJ903PwVakLEnDD2tjRLVO7vrKZS0uxBC0QV
QvldHb/4TwgIpBtCH6TXy2K3pZLXpSYf+bv0tMxwtWrePEdde6j8KtIFhipD+9Mg
PJ6uaqgK7GbWmKVDCaerLB1vJ6nv/mgPmbGLQksDZVYP7ND+y3MXpJy3jnMUEgJb
h4cmq6BlrcSdW/22MPqSEwaqKeDykRWxsK0JWKvrGHwn0Ue0NoQjHzEq8QaVD+a5
oX6sUvEYbZJy32WOXKr6aNsSrVPlZ5mTe/4ApoQPoCFjbI3I43cEExUCtEbNAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUiMYrscdNY35Ji9KjjkkOdhqBK6IwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzQyZTMwMmYzMjMyMmQz
MjM0MjAzZDNlMjAzNDMzMzMzNTM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwn+kMA0GCSqGSIb3DQEB
CwUAA4IBAQBc5I0EYzc8zlDjZ1ZPneaGdnGoYn8B9RkpmKr3bslyV/XeJcMxv/yk
B7voWVpSqQAX0M1Q4E0RihEoFHlRukql9HAYDoiRwIx5u/zMfkUl6R/OnEoIsz4R
IFskqeKwj0/HGVbKLhsU8OfOo2YLKYrXrK4waKepbQySnPq44i7NADS6jw2Z5taJ
R2OOwDNolmoikGhNT1KlhptmT7ZsBHUFCZ8fJIwDoTowicWQRpX+WhgHT10h1gii
EDjoRvbocAml+sSsLShreaI1BT9+Py6H096/F21ERc02fNHJ6QwVdLjoXToZFmQs
Ob6M1gtBlw7j+LDH24WWHifobzwGzhFd
-----END CERTIFICATE-----