Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203437353533.roa
File:                     3139342e3132372e3136352e302f32342d3234203d3e203437353533.roa (raw, json)
Hash identifier:          wG+A+Pv6eX6bqhvLtChmKIF6GKs1K77/Cl/9pKjS50w=
Subject key identifier:   5B:9B:BD:3B:E0:BB:48:8A:9F:8E:F6:53:AC:0E:D2:EF:AC:81:46:C6
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       665FC97ACA1C8319C71F12A9B27276528B38185C
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203437353533.roa
Signing time:             Thu 12 Sep 2024 16:46:53 +0000
ROA not before:           Thu 12 Sep 2024 16:41:53 +0000
ROA not after:            Thu 11 Sep 2025 16:46:53 +0000
asID:                     47553
IP address blocks:        194.127.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:5f:c9:7a:ca:1c:83:19:c7:1f:12:a9:b2:72:76:52:8b:38:18:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 12 16:41:53 2024 GMT
            Not After : Sep 11 16:46:53 2025 GMT
        Subject: CN=5B9BBD3BE0BB488A9F8EF653AC0ED2EFAC8146C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:2a:03:d0:23:90:ac:d8:2d:55:d4:9b:c0:df:
                    c7:bf:54:7e:22:16:00:9f:d0:05:bc:f9:31:67:6a:
                    10:72:f4:1d:ac:dd:78:da:53:b8:ce:59:4d:45:ce:
                    b5:5c:3c:79:5b:a8:44:f2:42:b0:e1:b6:89:25:7e:
                    e4:7a:ae:36:48:80:78:98:70:e5:94:fc:84:f2:be:
                    bc:37:f9:50:46:59:fc:7e:93:41:39:17:85:b2:f1:
                    79:bc:f0:6c:f0:f4:71:7d:48:47:c5:71:70:6f:03:
                    b4:17:e7:c5:29:b8:8a:2b:c7:42:14:ed:c2:1a:79:
                    af:2c:f7:eb:43:2b:c6:d4:40:8c:db:07:96:58:13:
                    ce:04:7f:fc:95:f9:9e:1b:50:a1:11:59:89:08:8f:
                    25:48:aa:20:4c:34:e9:eb:e0:bb:70:76:28:a5:98:
                    ce:54:27:fb:dc:5e:38:ce:af:e3:f4:b0:be:6e:5d:
                    e0:39:bf:60:59:3d:88:32:1a:d0:a3:1f:a9:62:2e:
                    e1:dc:68:a7:8b:ed:90:97:c1:be:c7:c3:fc:64:ac:
                    b6:2b:48:d1:c4:50:ed:0d:7e:0f:84:95:62:3e:4e:
                    78:bf:b3:f3:3b:2f:c3:b2:da:d0:6e:b6:f1:a3:90:
                    21:82:8a:6d:02:bf:d7:ff:99:14:49:f1:04:85:3d:
                    ee:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:9B:BD:3B:E0:BB:48:8A:9F:8E:F6:53:AC:0E:D2:EF:AC:81:46:C6
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203437353533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:9a:8c:9d:fb:2c:8d:73:c6:e5:af:fc:cf:d1:92:3a:d6:57:
         b5:46:82:a7:41:cc:8c:aa:6d:24:97:f7:28:71:97:86:13:95:
         19:d7:f3:34:0a:85:63:36:e7:90:75:ce:35:04:5d:c2:0e:11:
         dc:20:11:e3:71:f4:f6:8e:62:13:69:94:80:35:d9:b2:1a:bd:
         0f:f9:c7:a5:df:6f:3d:b3:d4:c2:79:a7:f6:ac:10:a2:d0:97:
         89:8d:41:19:9b:9b:b8:73:4a:df:a6:24:74:27:43:4a:67:2d:
         c2:16:77:c1:73:0f:ca:f4:06:6f:79:fd:56:6a:2b:ef:e2:76:
         27:98:74:ed:56:65:98:cc:6f:5d:ca:b1:81:0f:60:47:82:9c:
         91:1b:f1:4e:b2:1f:40:34:bf:67:82:ab:1a:8f:e5:23:15:9d:
         fd:8a:b8:ce:ed:37:84:31:9c:8a:3c:65:d1:bb:67:ca:e3:74:
         60:cf:a9:b9:66:86:6c:17:c3:d3:07:65:21:d2:b3:ea:46:fa:
         6a:e0:0e:92:7a:54:89:5b:6c:21:45:a0:a7:25:5f:25:9b:75:
         a5:b8:01:0c:62:4f:5d:49:cd:9f:31:a9:49:4e:ed:6c:0a:ea:
         bf:e0:19:a5:ca:73:7b:93:1b:dc:38:28:78:83:f4:89:16:bf:
         99:8c:0a:5c
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUZl/JesocgxnHHxKpsnJ2Uos4GFwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA5MTIxNjQxNTNaFw0yNTA5MTExNjQ2NTNaMDMxMTAvBgNV
BAMTKDVCOUJCRDNCRTBCQjQ4OEE5RjhFRjY1M0FDMEVEMkVGQUM4MTQ2QzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrKgPQI5Cs2C1V1JvA38e/VH4i
FgCf0AW8+TFnahBy9B2s3XjaU7jOWU1FzrVcPHlbqETyQrDhtoklfuR6rjZIgHiY
cOWU/ITyvrw3+VBGWfx+k0E5F4Wy8Xm88Gzw9HF9SEfFcXBvA7QX58UpuIorx0IU
7cIaea8s9+tDK8bUQIzbB5ZYE84Ef/yV+Z4bUKERWYkIjyVIqiBMNOnr4Ltwdiil
mM5UJ/vcXjjOr+P0sL5uXeA5v2BZPYgyGtCjH6liLuHcaKeL7ZCXwb7Hw/xkrLYr
SNHEUO0Nfg+ElWI+Tni/s/M7L8Oy2tButvGjkCGCim0Cv9f/mRRJ8QSFPe6xAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUW5u9O+C7SIqfjvZTrA7S76yBRsYwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzUyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzNDM3MzUzNTMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+lMA0GCSqGSIb3DQEB
CwUAA4IBAQCzmoyd+yyNc8blr/zP0ZI61le1RoKnQcyMqm0kl/cocZeGE5UZ1/M0
CoVjNueQdc41BF3CDhHcIBHjcfT2jmITaZSANdmyGr0P+cel3289s9TCeaf2rBCi
0JeJjUEZm5u4c0rfpiR0J0NKZy3CFnfBcw/K9AZvef1Waivv4nYnmHTtVmWYzG9d
yrGBD2BHgpyRG/FOsh9ANL9ngqsaj+UjFZ39irjO7TeEMZyKPGXRu2fK43Rgz6m5
ZoZsF8PTB2Uh0rPqRvpq4A6SelSJW2whRaCnJV8lm3WluAEMYk9dSc2fMalJTu1s
Cuq/4BmlynN7kxvcOCh4g/SJFr+ZjApc
-----END CERTIFICATE-----