Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203437353533.roa
File:                     3139342e3132372e3136352e302f32342d3234203d3e203437353533.roa (raw, json)
Hash identifier:          PVB+9VKsvQIx2ieWPcvksq9JNVQBjYN1Y43cX42HLqY=
Subject key identifier:   E1:08:94:F4:0D:D2:E1:8C:C7:8E:D4:78:D3:C0:EF:2F:F6:FA:3B:BA
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       65FD1E424B03B3D32FB269B9FDE9ACFC2BFBC5AE
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203437353533.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     47553
IP address blocks:        194.127.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:fd:1e:42:4b:03:b3:d3:2f:b2:69:b9:fd:e9:ac:fc:2b:fb:c5:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=E10894F40DD2E18CC78ED478D3C0EF2FF6FA3BBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7e:23:9f:cd:36:05:2a:f3:d7:05:ff:4d:8f:
                    80:5a:66:b5:ea:17:6c:66:e8:6b:b9:20:a9:55:a4:
                    31:80:30:16:b3:e7:3a:a9:ca:89:63:da:9a:f9:ee:
                    2b:0f:4e:e9:25:9c:6e:b6:8b:5e:9f:b3:35:75:1d:
                    05:82:78:51:80:ff:fc:ba:00:19:d7:36:49:9f:ea:
                    19:a9:5e:41:3c:9e:99:36:96:3f:b9:ba:db:af:38:
                    39:d9:a2:89:b0:c6:fe:69:c2:ec:76:36:f9:0c:d2:
                    44:e7:6d:9f:8c:d8:db:bc:62:06:dc:2e:1d:22:a6:
                    77:15:7d:a2:a3:f0:9b:41:c1:22:2e:ce:b9:95:75:
                    87:19:ab:73:82:e5:48:3e:c8:51:2c:be:6f:f9:4d:
                    9b:bb:d2:38:50:07:80:21:2b:49:64:a5:a8:29:06:
                    06:f2:1a:8b:a7:f1:98:11:b0:34:ef:1d:5a:78:49:
                    e1:50:2f:6a:cb:b0:b2:f7:eb:2b:79:e0:8e:1a:66:
                    de:07:81:a8:79:88:45:3a:2d:79:51:a7:ca:b1:f9:
                    79:84:aa:79:e6:e4:31:57:dd:ac:db:6a:f4:aa:2e:
                    50:0e:08:2b:dd:73:8d:40:f1:91:ce:6d:e3:2c:42:
                    c2:0e:02:c9:7c:4a:29:12:a7:e5:f5:c7:a8:ae:be:
                    8b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:08:94:F4:0D:D2:E1:8C:C7:8E:D4:78:D3:C0:EF:2F:F6:FA:3B:BA
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136352e302f32342d3234203d3e203437353533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e3:9f:ea:a0:00:75:2d:65:97:86:b1:19:f5:b4:3e:46:0a:ac:
         20:83:9c:e7:2b:3c:26:82:90:8e:a9:e1:ee:30:50:d4:a2:72:
         b0:d2:3c:e9:90:00:58:36:c6:76:41:52:d1:ba:4b:0e:cc:5c:
         bc:fb:72:6d:9e:4a:cc:07:63:41:7d:e7:e2:ca:66:06:9b:a7:
         05:a7:f5:8d:e6:ab:ec:e7:6c:b2:67:61:67:26:95:5b:be:30:
         15:9c:81:37:30:e5:67:3c:fd:58:3b:aa:8a:19:01:ea:04:b5:
         74:04:de:6d:4b:99:6e:8c:06:2e:83:cc:a2:cd:f3:d2:f8:ae:
         65:aa:a8:34:16:4c:00:8b:8f:57:5b:84:04:98:16:06:08:a7:
         13:47:41:dc:0f:54:25:0f:13:53:ff:e4:c6:01:38:4a:4a:53:
         6d:85:ed:23:91:ed:a5:a4:29:90:70:e7:a9:1e:b1:e8:db:f5:
         9e:4c:77:05:d4:35:5a:de:75:3c:da:62:38:e6:d5:33:d8:4a:
         df:51:08:24:16:64:1c:37:5f:13:12:aa:82:c2:7f:62:09:94:
         1a:f4:0c:be:a9:d3:36:82:38:c7:7c:4b:94:9a:35:89:7a:e7:
         c5:d4:4f:f5:0a:39:c9:0b:c1:01:45:46:8f:0a:d7:38:a4:14:
         62:54:e9:87
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUZf0eQksDs9Mvsmm5/ems/Cv7xa4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKEUxMDg5NEY0MEREMkUxOENDNzhFRDQ3OEQzQzBFRjJGRjZGQTNCQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7fiOfzTYFKvPXBf9Nj4BaZrXq
F2xm6Gu5IKlVpDGAMBaz5zqpyolj2pr57isPTuklnG62i16fszV1HQWCeFGA//y6
ABnXNkmf6hmpXkE8npk2lj+5utuvODnZoomwxv5pwux2NvkM0kTnbZ+M2Nu8Ygbc
Lh0ipncVfaKj8JtBwSIuzrmVdYcZq3OC5Ug+yFEsvm/5TZu70jhQB4AhK0lkpagp
BgbyGoun8ZgRsDTvHVp4SeFQL2rLsLL36yt54I4aZt4Hgah5iEU6LXlRp8qx+XmE
qnnm5DFX3azbavSqLlAOCCvdc41A8ZHObeMsQsIOAsl8SikSp+X1x6iuvotpAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQU4QiU9A3S4YzHjtR408DvL/b6O7owHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzUyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzNDM3MzUzNTMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+lMA0GCSqGSIb3DQEB
CwUAA4IBAQDjn+qgAHUtZZeGsRn1tD5GCqwgg5znKzwmgpCOqeHuMFDUonKw0jzp
kABYNsZ2QVLRuksOzFy8+3JtnkrMB2NBfefiymYGm6cFp/WN5qvs52yyZ2FnJpVb
vjAVnIE3MOVnPP1YO6qKGQHqBLV0BN5tS5lujAYug8yizfPS+K5lqqg0FkwAi49X
W4QEmBYGCKcTR0HcD1QlDxNT/+TGAThKSlNthe0jke2lpCmQcOepHrHo2/WeTHcF
1DVa3nU82mI45tUz2ErfUQgkFmQcN18TEqqCwn9iCZQa9Ay+qdM2gjjHfEuUmjWJ
eufF1E/1CjnJC8EBRUaPCtc4pBRiVOmH
-----END CERTIFICATE-----