Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203232373733.roa
File:                     3139342e3132372e3136352e302f32342d3234203d3e203232373733.roa (raw, json)
Hash identifier:          FWPdFbgcNSfUQZX9aENBQQxP7Zq1OUzJVny1WKljDUo=
Subject key identifier:   FD:F2:6F:16:5C:D0:97:23:0C:EC:25:17:3A:AD:B0:30:BB:77:E7:28
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       3CBA92CC4A04DB48C7610DCC64520CD212944060
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203232373733.roa
Signing time:             Thu 12 Sep 2024 16:46:53 +0000
ROA not before:           Thu 12 Sep 2024 16:41:53 +0000
ROA not after:            Thu 11 Sep 2025 16:46:53 +0000
asID:                     22773
IP address blocks:        194.127.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:ba:92:cc:4a:04:db:48:c7:61:0d:cc:64:52:0c:d2:12:94:40:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 12 16:41:53 2024 GMT
            Not After : Sep 11 16:46:53 2025 GMT
        Subject: CN=FDF26F165CD097230CEC25173AADB030BB77E728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:64:0a:d3:e9:fc:25:0e:d5:e5:39:4d:f4:ab:
                    45:db:1a:fc:7e:ab:8f:3e:62:08:d7:e1:c3:58:66:
                    e2:1e:bd:92:19:27:74:17:65:8e:ef:ca:8d:d1:d5:
                    db:20:65:3b:2c:25:b6:f9:5f:ab:11:91:58:45:22:
                    76:03:e2:c4:b2:46:84:b6:22:ed:38:35:39:40:57:
                    1a:2a:ce:c7:bb:29:30:81:8d:82:4e:c6:58:65:a6:
                    bb:dc:21:2c:04:e6:52:dc:78:d2:87:27:de:79:6d:
                    97:ce:d2:79:8a:c8:64:34:f3:4c:c3:82:a0:1c:76:
                    bf:3c:c2:81:43:e9:11:76:1d:60:28:06:ba:17:3b:
                    38:7d:f5:63:8f:a4:25:1c:d2:4e:3c:b4:c3:8d:f4:
                    dc:24:3b:50:b4:e4:20:40:2b:7f:79:54:14:6e:b1:
                    5e:01:c2:eb:1a:3d:7e:53:95:62:d6:7a:8b:80:d3:
                    5e:17:b8:53:8c:00:2c:10:a8:43:d1:eb:3e:58:1e:
                    49:72:f9:93:d1:90:00:a9:24:ea:f8:46:2c:1f:41:
                    cd:53:e3:8d:8a:8c:63:e5:c8:4b:75:9c:04:44:9c:
                    05:33:e3:67:4a:01:36:f9:8c:df:09:28:f0:9b:1f:
                    b3:dd:0d:dd:d5:77:20:a8:8c:d2:8b:a8:c9:52:56:
                    7b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:F2:6F:16:5C:D0:97:23:0C:EC:25:17:3A:AD:B0:30:BB:77:E7:28
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203232373733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:13:51:57:9f:c1:6d:04:32:37:84:d0:d7:34:74:44:1f:d7:
         63:15:30:80:96:ca:cc:dd:b2:76:46:80:f2:a2:8e:fd:14:ef:
         16:5a:62:e5:dc:ac:b9:8b:a5:a5:7f:00:fc:f5:f6:f4:21:2f:
         4a:8d:40:64:73:1c:62:bf:61:24:d3:29:a1:d5:0a:0c:47:04:
         85:98:57:12:e3:84:ee:5f:c0:1b:d6:fa:28:e0:8f:e1:07:93:
         5a:ce:37:4c:14:e7:4e:15:f0:a0:e6:d6:3c:cb:5b:80:e6:18:
         6a:31:6a:1f:05:77:1c:26:b6:8d:3a:1b:47:b5:f0:bf:9d:f4:
         c4:19:c4:ec:f9:35:c1:27:1f:22:86:1d:12:75:3c:72:65:9b:
         4a:ba:78:93:25:da:af:96:5a:92:67:da:6e:d4:cc:11:e4:02:
         c1:c6:44:ec:e5:b3:83:47:1b:4d:26:e7:0d:1f:36:d7:e5:a2:
         e5:16:b3:39:28:e2:43:cb:7b:2a:2c:c6:23:2b:1c:76:29:f6:
         cf:d0:4c:06:55:72:9f:bf:ba:a6:ff:11:37:00:a0:1c:8a:3a:
         51:e7:39:ff:c8:56:86:f9:4e:b6:bb:e8:60:3e:c5:f9:89:31:
         2b:33:ed:fb:ef:67:34:b7:65:b1:0b:27:2e:43:b6:98:e8:19:
         22:7c:3f:d5
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUPLqSzEoE20jHYQ3MZFIM0hKUQGAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA5MTIxNjQxNTNaFw0yNTA5MTExNjQ2NTNaMDMxMTAvBgNV
BAMTKEZERjI2RjE2NUNEMDk3MjMwQ0VDMjUxNzNBQURCMDMwQkI3N0U3MjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvZArT6fwlDtXlOU30q0XbGvx+
q48+YgjX4cNYZuIevZIZJ3QXZY7vyo3R1dsgZTssJbb5X6sRkVhFInYD4sSyRoS2
Iu04NTlAVxoqzse7KTCBjYJOxlhlprvcISwE5lLceNKHJ955bZfO0nmKyGQ080zD
gqAcdr88woFD6RF2HWAoBroXOzh99WOPpCUc0k48tMON9NwkO1C05CBAK395VBRu
sV4BwusaPX5TlWLWeouA014XuFOMACwQqEPR6z5YHkly+ZPRkACpJOr4RiwfQc1T
442KjGPlyEt1nAREnAUz42dKATb5jN8JKPCbH7PdDd3VdyCojNKLqMlSVnunAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQU/fJvFlzQlyMM7CUXOq2wMLt35ygwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzUyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzMjMyMzczNzMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+lMA0GCSqGSIb3DQEB
CwUAA4IBAQAhE1FXn8FtBDI3hNDXNHREH9djFTCAlsrM3bJ2RoDyoo79FO8WWmLl
3Ky5i6WlfwD89fb0IS9KjUBkcxxiv2Ek0ymh1QoMRwSFmFcS44TuX8Ab1voo4I/h
B5NazjdMFOdOFfCg5tY8y1uA5hhqMWofBXccJraNOhtHtfC/nfTEGcTs+TXBJx8i
hh0SdTxyZZtKuniTJdqvllqSZ9pu1MwR5ALBxkTs5bODRxtNJucNHzbX5aLlFrM5
KOJDy3sqLMYjKxx2KfbP0EwGVXKfv7qm/xE3AKAcijpR5zn/yFaG+U62u+hgPsX5
iTErM+3772c0t2WxCycuQ7aY6BkifD/V
-----END CERTIFICATE-----