Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203232373733.roa
File:                     3139342e3132372e3136352e302f32342d3234203d3e203232373733.roa (raw, json)
Hash identifier:          pUgIIaXSIHYvu1OT4wqm+OVpdJK4/y8oxsYc6ZA0rao=
Subject key identifier:   32:B9:49:7D:7E:07:8C:F0:A0:3B:8C:4B:2E:38:6D:4B:A1:D6:CC:60
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       7C15F4A8EBFA0CC54F1934F967F5877224A11FC0
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203232373733.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     22773
IP address blocks:        194.127.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:15:f4:a8:eb:fa:0c:c5:4f:19:34:f9:67:f5:87:72:24:a1:1f:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=32B9497D7E078CF0A03B8C4B2E386D4BA1D6CC60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:74:4e:d8:e2:3d:16:76:e4:7e:38:a7:8e:3d:
                    d4:11:d5:ed:69:7e:42:b0:bb:cc:26:c2:98:e3:ea:
                    5e:7d:84:69:67:c8:7d:96:a4:9b:a3:2f:51:ef:4e:
                    69:9b:6e:53:ce:e0:4f:2a:de:9a:3c:eb:ec:69:4b:
                    a1:cc:dd:61:f6:bf:47:e8:39:fc:9e:36:02:fd:bb:
                    d0:cf:0e:4b:e0:12:f5:ce:85:eb:ba:70:fd:22:75:
                    f0:14:65:05:22:61:0f:c6:f3:6f:5f:76:32:8b:c8:
                    a5:4f:87:e7:3b:bf:99:f5:be:10:42:a7:b3:ec:db:
                    db:33:9f:9d:46:06:15:73:f6:14:b2:0e:d1:eb:81:
                    56:b0:24:97:56:07:8b:34:a9:92:d9:ad:42:88:cd:
                    e5:05:0d:48:02:76:dc:d8:fd:09:3e:90:82:ff:7e:
                    e6:d9:f3:be:e1:a4:1e:af:39:f0:29:70:2e:6b:99:
                    95:45:1c:65:3a:ae:12:36:88:a6:13:45:de:30:c3:
                    45:88:8d:ab:f1:c2:80:ac:80:bb:f4:ec:9d:a1:b5:
                    62:b3:45:de:87:9b:2b:34:66:16:02:91:28:d6:b1:
                    cf:71:7f:dc:2b:a6:27:90:75:e6:0d:ff:e8:61:c9:
                    85:39:a7:c1:62:e4:38:28:79:41:f3:c5:10:03:47:
                    7b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:B9:49:7D:7E:07:8C:F0:A0:3B:8C:4B:2E:38:6D:4B:A1:D6:CC:60
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203232373733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:0f:3a:bd:f9:8d:dd:af:63:a4:c4:17:6e:e7:6c:36:1f:f8:
         88:d7:f1:ca:db:2f:0f:8b:99:77:e6:5f:f8:bb:42:1e:54:c5:
         99:3e:3e:6a:ea:a8:b0:80:9e:b6:f0:5a:e7:c7:7c:44:bd:2d:
         3f:87:03:36:6c:ba:54:38:53:2a:10:a4:af:87:89:76:c3:d8:
         ba:0c:1b:8c:2e:75:1a:d9:06:8c:01:1a:7e:78:3d:53:7c:9b:
         e0:0a:0c:ee:d3:59:a5:1b:86:9c:b3:0a:9a:96:69:df:05:19:
         22:bb:d7:a3:70:a4:4e:da:25:7c:b5:96:41:3f:31:c2:88:41:
         0f:69:32:c6:e8:2b:17:3e:27:69:11:50:e3:d1:9d:be:d6:b9:
         b5:b0:8c:66:7c:b6:ae:6b:00:37:60:46:b7:a1:d8:fe:15:5d:
         4b:93:27:fa:d5:0a:1e:b9:d7:3c:e6:58:d9:49:61:13:fe:84:
         78:f4:9b:93:6e:b9:a9:ca:46:ea:14:65:34:66:d0:8e:45:36:
         5a:15:c1:2c:02:50:38:99:a5:96:ad:16:22:ed:2c:15:a0:8d:
         eb:45:45:91:f5:ca:1e:13:a3:8d:4f:14:ca:8f:a7:e7:5f:51:
         0c:07:de:eb:0d:22:4e:41:e6:2e:fc:73:0a:48:f7:b3:64:4e:
         84:15:01:dd
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUfBX0qOv6DMVPGTT5Z/WHciShH8AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKDMyQjk0OTdEN0UwNzhDRjBBMDNCOEM0QjJFMzg2RDRCQTFENkNDNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMdE7Y4j0WduR+OKeOPdQR1e1p
fkKwu8wmwpjj6l59hGlnyH2WpJujL1HvTmmbblPO4E8q3po86+xpS6HM3WH2v0fo
OfyeNgL9u9DPDkvgEvXOheu6cP0idfAUZQUiYQ/G829fdjKLyKVPh+c7v5n1vhBC
p7Ps29szn51GBhVz9hSyDtHrgVawJJdWB4s0qZLZrUKIzeUFDUgCdtzY/Qk+kIL/
fubZ877hpB6vOfApcC5rmZVFHGU6rhI2iKYTRd4ww0WIjavxwoCsgLv07J2htWKz
Rd6Hmys0ZhYCkSjWsc9xf9wrpieQdeYN/+hhyYU5p8Fi5DgoeUHzxRADR3vLAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUMrlJfX4HjPCgO4xLLjhtS6HWzGAwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzUyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzMjMyMzczNzMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+lMA0GCSqGSIb3DQEB
CwUAA4IBAQCzDzq9+Y3dr2OkxBdu52w2H/iI1/HK2y8Pi5l35l/4u0IeVMWZPj5q
6qiwgJ628Frnx3xEvS0/hwM2bLpUOFMqEKSvh4l2w9i6DBuMLnUa2QaMARp+eD1T
fJvgCgzu01mlG4acswqalmnfBRkiu9ejcKRO2iV8tZZBPzHCiEEPaTLG6CsXPidp
EVDj0Z2+1rm1sIxmfLauawA3YEa3odj+FV1Lkyf61Qoeudc85ljZSWET/oR49JuT
brmpykbqFGU0ZtCORTZaFcEsAlA4maWWrRYi7SwVoI3rRUWR9coeE6ONTxTKj6fn
X1EMB97rDSJOQeYu/HMKSPezZE6EFQHd
-----END CERTIFICATE-----