Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32342d3234203d3e2033323134.roa
File:                     3139342e3132372e3136342e302f32342d3234203d3e2033323134.roa (raw, json)
Hash identifier:          yRDwpizROgN3m/V0YdOYhks78qFgoT0UqBTKUlEw+6o=
Subject key identifier:   63:AA:C9:37:B2:3E:2B:EC:46:FA:6B:08:2A:BC:1C:B5:7E:8B:7D:F6
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       522967DC9A1DB527AA9D37FDB4AD043C64BB6480
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32342d3234203d3e2033323134.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     3214
IP address blocks:        194.127.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 04:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:29:67:dc:9a:1d:b5:27:aa:9d:37:fd:b4:ad:04:3c:64:bb:64:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=63AAC937B23E2BEC46FA6B082ABC1CB57E8B7DF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:74:7b:5c:21:08:92:75:f0:04:7c:e0:c2:83:
                    55:ed:44:0f:40:c6:d2:a0:c3:41:76:8b:97:67:b4:
                    e5:f1:73:83:54:bc:0f:a8:ac:a9:f3:ab:f8:bd:25:
                    9c:fc:10:26:1f:b8:bc:fc:a9:c0:fe:c9:52:19:26:
                    c1:2c:30:dc:b1:55:d8:90:27:c8:e7:67:cc:93:9c:
                    69:f2:2e:ea:82:cd:06:d8:62:0b:88:78:f4:e3:97:
                    3d:a8:71:94:1c:19:6d:90:75:85:4d:8f:6c:b1:60:
                    da:37:29:bc:75:a5:9f:60:29:1d:45:4b:40:3e:05:
                    11:0c:89:83:65:b9:38:fc:70:2b:53:c1:66:be:99:
                    df:a9:3f:4c:83:51:b6:e5:6c:0f:3b:20:c7:b8:75:
                    2b:da:71:6d:97:c3:32:1c:d4:3a:7d:4f:9c:9f:fe:
                    e4:d2:5d:90:21:61:8e:32:dc:2e:2a:7b:2d:6a:3e:
                    7d:f4:39:27:23:f3:2e:60:af:6e:58:21:26:45:65:
                    2e:1c:e8:e7:26:5a:b3:6f:a0:06:a1:39:5a:22:33:
                    d1:10:64:2c:b4:8f:64:f6:0d:50:da:d7:a0:38:02:
                    f4:ac:dc:0b:3a:ee:4d:92:28:5e:51:7d:73:d0:64:
                    a9:f8:33:89:10:3f:15:c6:70:87:a8:26:90:dc:58:
                    11:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:AA:C9:37:B2:3E:2B:EC:46:FA:6B:08:2A:BC:1C:B5:7E:8B:7D:F6
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32342d3234203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:78:fe:70:10:59:8a:1e:fe:96:b1:50:1a:67:91:1a:1e:8f:
         54:91:80:a7:8b:37:91:d7:1c:61:50:f3:3e:03:02:a9:91:93:
         67:40:d0:32:d8:e5:0f:1e:69:ac:93:33:fd:68:5d:bf:89:98:
         a0:6f:6c:05:b9:e4:c6:a1:9b:a2:c9:49:5f:90:4f:35:8f:0e:
         f5:41:f5:19:67:05:da:f6:26:7d:fb:42:1f:43:3a:b5:57:1c:
         7c:ee:52:9c:d1:71:3c:1f:da:78:b3:11:51:95:d7:b2:b9:c4:
         8f:70:3a:a4:e1:0d:4b:49:4a:16:78:b3:ff:94:9b:ef:ed:7f:
         64:79:09:98:46:d1:5d:9d:6c:46:52:a2:c9:13:70:ee:73:7f:
         17:50:cb:6a:bb:89:53:e2:db:37:52:61:46:07:30:7b:35:6c:
         f3:88:44:e1:ef:bf:fc:a6:29:e3:ec:2b:99:c6:17:26:03:e3:
         17:08:9b:3b:3c:a5:50:27:ad:b3:45:bc:e6:5d:5f:3e:87:71:
         ff:4f:14:36:e7:9d:85:f6:e6:9b:1f:2d:80:64:c7:c6:ca:52:
         80:60:66:ff:54:dc:c5:3f:04:4a:24:2b:ac:97:28:39:13:36:
         74:6d:be:1b:ac:3c:00:59:85:95:34:60:37:aa:8a:e1:11:f6:
         a9:fa:e5:a6
-----BEGIN CERTIFICATE-----
MIIEwjCCA6qgAwIBAgIUUiln3JodtSeqnTf9tK0EPGS7ZIAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKDYzQUFDOTM3QjIzRTJCRUM0NkZBNkIwODJBQkMxQ0I1N0U4QjdERjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWdHtcIQiSdfAEfODCg1XtRA9A
xtKgw0F2i5dntOXxc4NUvA+orKnzq/i9JZz8ECYfuLz8qcD+yVIZJsEsMNyxVdiQ
J8jnZ8yTnGnyLuqCzQbYYguIePTjlz2ocZQcGW2QdYVNj2yxYNo3Kbx1pZ9gKR1F
S0A+BREMiYNluTj8cCtTwWa+md+pP0yDUbblbA87IMe4dSvacW2XwzIc1Dp9T5yf
/uTSXZAhYY4y3C4qey1qPn30OScj8y5gr25YISZFZS4c6OcmWrNvoAahOVoiM9EQ
ZCy0j2T2DVDa16A4AvSs3As67k2SKF5RfXPQZKn4M4kQPxXGcIeoJpDcWBHLAgMB
AAGjggHMMIIByDAdBgNVHQ4EFgQUY6rJN7I+K+xG+msIKrwctX6LffYwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
dgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzQyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMJ/pDANBgkqhkiG9w0BAQsF
AAOCAQEAq3j+cBBZih7+lrFQGmeRGh6PVJGAp4s3kdccYVDzPgMCqZGTZ0DQMtjl
Dx5prJMz/Whdv4mYoG9sBbnkxqGboslJX5BPNY8O9UH1GWcF2vYmfftCH0M6tVcc
fO5SnNFxPB/aeLMRUZXXsrnEj3A6pOENS0lKFniz/5Sb7+1/ZHkJmEbRXZ1sRlKi
yRNw7nN/F1DLaruJU+LbN1JhRgcwezVs84hE4e+//KYp4+wrmcYXJgPjFwibOzyl
UCets0W85l1fPodx/08UNuedhfbmmx8tgGTHxspSgGBm/1TcxT8ESiQrrJcoORM2
dG2+G6w8AFmFlTRgN6qK4RH2qfrlpg==
-----END CERTIFICATE-----