Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203232373733.roa
File:                     3139342e3132372e3136362e302f32342d3234203d3e203232373733.roa (raw, json)
Hash identifier:          FzFYFbn2bphsArsBikjP8udT/1yHxbuTmc1cEBQMWCg=
Subject key identifier:   1B:6F:AA:B8:B0:EB:5D:CF:20:46:F7:27:CE:1A:65:5B:C0:CB:A5:F6
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       27671F1F07535D227889D0A50B94BA48ACC4E67B
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203232373733.roa
Signing time:             Thu 12 Sep 2024 16:46:53 +0000
ROA not before:           Thu 12 Sep 2024 16:41:53 +0000
ROA not after:            Thu 11 Sep 2025 16:46:53 +0000
asID:                     22773
IP address blocks:        194.127.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:67:1f:1f:07:53:5d:22:78:89:d0:a5:0b:94:ba:48:ac:c4:e6:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 12 16:41:53 2024 GMT
            Not After : Sep 11 16:46:53 2025 GMT
        Subject: CN=1B6FAAB8B0EB5DCF2046F727CE1A655BC0CBA5F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:8f:84:e9:7f:5d:c1:74:24:8e:90:d6:b5:0e:
                    b8:09:e3:db:9e:df:80:cc:1f:ba:73:33:5f:29:75:
                    36:ec:76:ea:92:da:72:8f:52:19:48:8a:c7:86:0f:
                    b5:52:96:6b:f4:7d:12:04:1d:b7:3a:6b:33:60:03:
                    68:ad:54:4f:c9:fe:51:ab:36:fa:56:93:ad:71:bf:
                    aa:9c:4f:39:c6:03:d9:b0:c5:39:cb:e4:5c:49:0d:
                    83:5d:a5:ed:85:21:a0:5d:84:73:91:53:21:4d:eb:
                    78:e4:2a:73:1a:b2:4b:e5:e8:b3:a5:f4:d0:64:8a:
                    49:2c:2b:2a:f4:1b:8c:a7:1a:e9:2a:5d:03:ff:33:
                    ec:97:6d:43:d7:42:2b:0d:56:ef:23:8e:00:57:65:
                    62:ff:f5:80:34:93:16:74:1b:46:a1:6a:4d:e1:41:
                    4a:35:3b:e3:90:17:03:aa:5f:77:33:5a:ae:75:f3:
                    67:56:ba:6a:48:23:f4:89:78:1d:71:c9:89:41:fb:
                    5a:7d:1d:3a:49:92:c1:7d:6c:b3:3c:3f:f4:d6:a8:
                    f5:45:3b:8e:12:28:a3:ae:54:cd:85:ed:cc:e0:83:
                    2f:53:0c:bc:28:ae:f3:c6:5c:12:83:3a:99:b8:90:
                    8d:1c:12:1e:57:94:f0:77:17:9b:fd:60:62:66:ab:
                    7c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:6F:AA:B8:B0:EB:5D:CF:20:46:F7:27:CE:1A:65:5B:C0:CB:A5:F6
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203232373733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:8e:05:ea:2e:b7:69:e4:e8:1d:b4:70:31:ff:0a:26:e3:82:
         cc:c9:08:0f:3e:5f:a7:a9:09:c5:38:cd:1e:5e:42:f8:41:74:
         9b:c3:49:80:0f:c1:9d:5b:95:a2:1d:23:fc:0f:9d:75:a9:bd:
         f3:90:c4:21:0b:47:dc:a3:4f:fb:37:e0:c9:93:cd:d5:b5:61:
         b5:a4:2a:6c:96:77:f9:88:cf:3c:c8:0d:49:f4:37:e6:53:2c:
         b9:e0:6b:15:81:f3:97:96:9e:68:73:08:80:5a:df:b9:6d:bc:
         5f:a8:c8:db:05:ad:39:9c:30:e9:dc:b4:2b:43:86:ef:ba:37:
         26:98:21:0f:f1:ed:67:cf:0d:62:f9:bc:1a:2b:79:d7:f1:ec:
         c7:62:de:e8:2d:c7:1c:7f:89:d9:d0:19:fb:c1:1e:d2:01:24:
         5c:cb:16:a3:71:8c:4a:d4:a1:27:1d:26:35:f4:5a:18:47:80:
         97:9d:d0:0d:df:e7:3b:1d:28:71:05:64:d6:93:98:4f:f5:51:
         14:5b:15:c7:58:3d:75:75:fa:9a:b1:9c:01:53:3a:b5:b0:4d:
         a2:aa:a7:79:9e:83:27:4f:be:85:cc:4d:09:fe:2c:7c:06:80:
         e7:e2:57:c3:ea:37:5b:32:d0:4a:13:c4:50:5c:c3:b7:ac:93:
         f2:56:e9:51
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUJ2cfHwdTXSJ4idClC5S6SKzE5nswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA5MTIxNjQxNTNaFw0yNTA5MTExNjQ2NTNaMDMxMTAvBgNV
BAMTKDFCNkZBQUI4QjBFQjVEQ0YyMDQ2RjcyN0NFMUE2NTVCQzBDQkE1RjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkj4Tpf13BdCSOkNa1DrgJ49ue
34DMH7pzM18pdTbsduqS2nKPUhlIiseGD7VSlmv0fRIEHbc6azNgA2itVE/J/lGr
NvpWk61xv6qcTznGA9mwxTnL5FxJDYNdpe2FIaBdhHORUyFN63jkKnMaskvl6LOl
9NBkikksKyr0G4ynGukqXQP/M+yXbUPXQisNVu8jjgBXZWL/9YA0kxZ0G0ahak3h
QUo1O+OQFwOqX3czWq5182dWumpII/SJeB1xyYlB+1p9HTpJksF9bLM8P/TWqPVF
O44SKKOuVM2F7czggy9TDLworvPGXBKDOpm4kI0cEh5XlPB3F5v9YGJmq3yPAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUG2+quLDrXc8gRvcnzhplW8DLpfYwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzYyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzMjMyMzczNzMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+mMA0GCSqGSIb3DQEB
CwUAA4IBAQACjgXqLrdp5OgdtHAx/wom44LMyQgPPl+nqQnFOM0eXkL4QXSbw0mA
D8GdW5WiHSP8D511qb3zkMQhC0fco0/7N+DJk83VtWG1pCpslnf5iM88yA1J9Dfm
Uyy54GsVgfOXlp5ocwiAWt+5bbxfqMjbBa05nDDp3LQrQ4bvujcmmCEP8e1nzw1i
+bwaK3nX8ezHYt7oLcccf4nZ0Bn7wR7SASRcyxajcYxK1KEnHSY19FoYR4CXndAN
3+c7HShxBWTWk5hP9VEUWxXHWD11dfqasZwBUzq1sE2iqqd5noMnT76FzE0J/ix8
BoDn4lfD6jdbMtBKE8RQXMO3rJPyVulR
-----END CERTIFICATE-----