Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32342d3234203d3e2033323134.roa
File:                     3139342e3132372e3136342e302f32342d3234203d3e2033323134.roa (raw, json)
Hash identifier:          Buc0pgiq3L5JK6UwSdx/CRWD3KWwlBfL61fqLeb2Kms=
Subject key identifier:   7B:33:E2:DB:EF:FE:D3:F3:14:FD:60:5E:EA:FB:16:A2:A5:29:7D:00
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       68925109140F1CDD6A3FF86E39350B5E21A157C1
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32342d3234203d3e2033323134.roa
Signing time:             Thu 12 Sep 2024 16:46:53 +0000
ROA not before:           Thu 12 Sep 2024 16:41:53 +0000
ROA not after:            Thu 11 Sep 2025 16:46:53 +0000
asID:                     3214
IP address blocks:        194.127.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:92:51:09:14:0f:1c:dd:6a:3f:f8:6e:39:35:0b:5e:21:a1:57:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 12 16:41:53 2024 GMT
            Not After : Sep 11 16:46:53 2025 GMT
        Subject: CN=7B33E2DBEFFED3F314FD605EEAFB16A2A5297D00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:8b:30:e0:08:dd:b5:cd:20:1f:ac:44:0a:86:
                    d9:74:66:6e:99:d8:8a:3e:01:c8:31:79:12:a8:3e:
                    c4:75:d1:3b:bd:99:95:cc:d4:28:2c:df:68:58:47:
                    1b:53:6e:de:ff:50:79:99:a4:59:cb:78:0c:b1:2d:
                    82:ef:b8:3d:2b:2b:7e:9e:e6:a8:52:90:d6:76:a8:
                    42:9a:7d:0c:b4:b1:52:15:37:41:0a:78:06:5e:e5:
                    31:08:e0:2c:c7:a9:c5:36:88:65:60:b2:85:f2:40:
                    2e:b2:93:b9:31:7f:fa:db:b2:4b:ab:ea:9b:ac:4c:
                    ce:78:09:94:c7:06:75:e4:f1:6d:66:8e:ed:63:fb:
                    45:a1:a4:58:c8:1b:3e:04:1e:70:cc:20:8d:0d:e6:
                    f1:c4:35:c9:4a:e7:c3:f0:5c:39:34:e3:be:b0:6a:
                    e5:59:dd:f9:a6:bc:40:c1:65:ba:78:70:0e:6d:f3:
                    5f:8d:d7:d1:e0:d4:db:3d:08:0e:a9:92:2c:48:2c:
                    27:90:d8:5c:dd:c9:b0:9c:5e:59:de:b1:40:89:15:
                    97:1b:33:02:c4:a5:15:c7:06:46:1c:5f:84:f3:29:
                    48:ac:08:a8:c3:40:1c:96:fd:c1:09:c5:d6:3a:bd:
                    e2:05:c2:88:5e:da:e2:13:7d:57:36:e4:c1:da:82:
                    03:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:33:E2:DB:EF:FE:D3:F3:14:FD:60:5E:EA:FB:16:A2:A5:29:7D:00
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136342e302f32342d3234203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:8c:4e:f8:eb:ac:cc:09:46:a7:82:26:0f:5b:3e:84:f7:c9:
         f8:4d:f1:c4:e1:51:5b:39:89:e0:00:a7:54:08:f1:58:47:d8:
         16:47:58:d8:56:a5:32:87:da:9a:64:51:af:56:4a:45:f2:8b:
         48:5d:86:44:6a:8e:a7:9c:c9:36:f5:d5:80:2e:04:90:08:d6:
         3a:93:62:d3:0b:5d:ef:93:0a:78:86:12:39:55:1f:d8:1f:98:
         04:86:7d:18:f4:20:cd:0f:e5:22:1e:f1:fd:a3:7c:80:ae:99:
         7f:bc:17:7c:f8:8d:d4:3f:e5:d3:cf:47:77:46:94:c0:01:52:
         8c:71:75:9b:60:13:f0:c7:90:57:3b:d4:09:25:0b:e6:ae:89:
         b0:15:6c:db:39:e1:7c:09:40:fd:0d:d9:bf:d2:e6:89:b6:8f:
         ab:5f:42:58:bb:19:0c:76:68:da:f7:1c:7f:ff:be:0c:5e:f6:
         c4:ed:05:6b:b8:48:92:02:d0:6c:7c:96:3f:b4:8b:fd:49:ce:
         44:02:b5:e7:47:eb:51:d4:14:1c:9b:d6:a6:c0:58:66:3a:7c:
         26:74:17:14:7e:02:fc:9e:e6:b7:c2:fc:d4:d9:65:7f:50:b5:
         7a:8a:d0:d3:07:54:f4:cf:ae:27:7e:34:52:4e:ad:71:4e:b1:
         1b:a1:97:34
-----BEGIN CERTIFICATE-----
MIIEwjCCA6qgAwIBAgIUaJJRCRQPHN1qP/huOTULXiGhV8EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA5MTIxNjQxNTNaFw0yNTA5MTExNjQ2NTNaMDMxMTAvBgNV
BAMTKDdCMzNFMkRCRUZGRUQzRjMxNEZENjA1RUVBRkIxNkEyQTUyOTdEMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOizDgCN21zSAfrEQKhtl0Zm6Z
2Io+AcgxeRKoPsR10Tu9mZXM1Cgs32hYRxtTbt7/UHmZpFnLeAyxLYLvuD0rK36e
5qhSkNZ2qEKafQy0sVIVN0EKeAZe5TEI4CzHqcU2iGVgsoXyQC6yk7kxf/rbskur
6pusTM54CZTHBnXk8W1mju1j+0WhpFjIGz4EHnDMII0N5vHENclK58PwXDk0476w
auVZ3fmmvEDBZbp4cA5t81+N19Hg1Ns9CA6pkixILCeQ2FzdybCcXlnesUCJFZcb
MwLEpRXHBkYcX4TzKUisCKjDQByW/cEJxdY6veIFwohe2uITfVc25MHaggMTAgMB
AAGjggHMMIIByDAdBgNVHQ4EFgQUezPi2+/+0/MU/WBe6vsWoqUpfQAwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
dgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzQyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMJ/pDANBgkqhkiG9w0BAQsF
AAOCAQEAEIxO+OuszAlGp4ImD1s+hPfJ+E3xxOFRWzmJ4ACnVAjxWEfYFkdY2Fal
MofammRRr1ZKRfKLSF2GRGqOp5zJNvXVgC4EkAjWOpNi0wtd75MKeIYSOVUf2B+Y
BIZ9GPQgzQ/lIh7x/aN8gK6Zf7wXfPiN1D/l089Hd0aUwAFSjHF1m2AT8MeQVzvU
CSUL5q6JsBVs2znhfAlA/Q3Zv9LmibaPq19CWLsZDHZo2vccf/++DF72xO0Fa7hI
kgLQbHyWP7SL/UnORAK150frUdQUHJvWpsBYZjp8JnQXFH4C/J7mt8L81Nllf1C1
eorQ0wdU9M+uJ340Uk6tcU6xG6GXNA==
-----END CERTIFICATE-----