Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203232373733.roa
File:                     3139342e3132372e3136362e302f32342d3234203d3e203232373733.roa (raw, json)
Hash identifier:          78Mapp0UzmTAjt1ukKdhZn51sRO9tRdHJ6dIhGoTJoI=
Subject key identifier:   09:C2:03:35:29:5F:E5:51:C1:3E:DA:42:D5:1A:D8:AC:8D:13:77:E3
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       7BE0B709B5184A6721580EDAB09BCF976F44DE9C
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203232373733.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     22773
IP address blocks:        194.127.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:e0:b7:09:b5:18:4a:67:21:58:0e:da:b0:9b:cf:97:6f:44:de:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=09C20335295FE551C13EDA42D51AD8AC8D1377E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:53:08:be:fb:df:47:2a:a7:21:de:ae:d8:b4:
                    5c:91:7b:40:5b:5a:d4:cc:b0:94:c1:79:49:49:38:
                    f5:ec:d5:04:37:01:8e:06:91:e5:7a:05:c6:18:65:
                    10:63:08:05:01:cb:dc:2f:a9:67:9b:11:8a:01:30:
                    a4:22:e4:10:81:99:c5:0c:89:e5:b0:f9:e5:34:0a:
                    72:2c:cd:fd:2b:3f:94:34:5b:b1:32:97:1c:61:a6:
                    9f:44:05:1c:bd:60:cf:3e:f7:8e:03:2a:7d:c8:60:
                    28:b8:cc:79:96:ca:bb:92:85:a4:8a:87:80:c5:4e:
                    d5:71:c6:da:61:04:2a:aa:d3:5f:f1:ef:62:64:38:
                    33:cf:93:fa:ea:f1:b3:e8:e6:7a:cf:10:29:8f:b2:
                    32:f4:1e:17:53:48:d3:fc:b5:25:e7:6c:ca:d6:96:
                    89:fa:95:c0:ec:0c:7e:54:72:ef:8c:49:33:82:6b:
                    41:7e:d3:a9:83:1e:f5:e4:26:a4:c6:ee:46:7a:5f:
                    87:96:b8:60:64:ea:03:ea:5d:be:b6:c0:d4:09:a6:
                    c6:25:fe:6b:3a:b5:60:83:6b:91:06:b8:79:6a:5c:
                    c1:84:8f:b5:48:26:4a:63:d1:1a:19:e2:42:9f:52:
                    af:6c:8a:98:1f:a4:6d:d8:18:35:b9:0c:b4:b2:58:
                    35:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C2:03:35:29:5F:E5:51:C1:3E:DA:42:D5:1A:D8:AC:8D:13:77:E3
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203232373733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:91:a5:d3:b3:9b:c5:38:6c:ce:f8:c6:8b:ae:79:9a:de:60:
         cd:c9:81:6e:6f:5e:70:71:16:3b:38:21:e0:d9:7c:b9:91:fd:
         b4:6b:ef:1c:9b:b2:fd:6f:25:db:6d:a1:70:d2:c6:ab:e0:48:
         c1:fa:64:88:74:7b:b4:27:11:69:7c:dc:3a:a6:2d:ce:c2:88:
         9d:35:2d:70:b4:d2:12:bc:e1:00:88:84:bf:ed:34:dd:e5:aa:
         f9:09:56:da:f6:6f:2a:f4:26:9e:9b:01:ea:d0:c2:5a:df:fe:
         2e:07:23:6e:09:47:82:53:a8:93:41:ad:7d:3e:0c:8c:66:bd:
         c3:58:42:76:08:df:5f:8b:03:2d:fc:09:a1:24:40:78:3f:70:
         e4:22:15:36:31:18:72:88:db:08:33:56:9c:3b:81:08:0c:cf:
         ef:85:dd:e1:f9:56:4b:5f:e1:46:ed:d1:85:a9:17:85:86:9d:
         12:9e:c7:3d:20:ee:cb:7f:12:dc:7e:73:cd:1e:e3:c7:4c:f0:
         ae:17:9d:51:e6:7c:b3:ed:2e:b1:f5:db:b0:47:60:2f:c7:5d:
         50:e7:1b:e7:5b:88:a3:95:db:bb:10:2b:70:db:1c:4a:43:74:
         ba:01:85:b4:46:8d:6f:32:75:4b:b5:5c:36:ef:0d:03:e9:29:
         0d:f2:55:7d
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUe+C3CbUYSmchWA7asJvPl29E3pwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKDA5QzIwMzM1Mjk1RkU1NTFDMTNFREE0MkQ1MUFEOEFDOEQxMzc3RTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpUwi++99HKqch3q7YtFyRe0Bb
WtTMsJTBeUlJOPXs1QQ3AY4GkeV6BcYYZRBjCAUBy9wvqWebEYoBMKQi5BCBmcUM
ieWw+eU0CnIszf0rP5Q0W7Eylxxhpp9EBRy9YM8+944DKn3IYCi4zHmWyruShaSK
h4DFTtVxxtphBCqq01/x72JkODPPk/rq8bPo5nrPECmPsjL0HhdTSNP8tSXnbMrW
lon6lcDsDH5Ucu+MSTOCa0F+06mDHvXkJqTG7kZ6X4eWuGBk6gPqXb62wNQJpsYl
/ms6tWCDa5EGuHlqXMGEj7VIJkpj0RoZ4kKfUq9sipgfpG3YGDW5DLSyWDUFAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUCcIDNSlf5VHBPtpC1RrYrI0Td+MwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzYyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzMjMyMzczNzMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+mMA0GCSqGSIb3DQEB
CwUAA4IBAQClkaXTs5vFOGzO+MaLrnma3mDNyYFub15wcRY7OCHg2Xy5kf20a+8c
m7L9byXbbaFw0sar4EjB+mSIdHu0JxFpfNw6pi3OwoidNS1wtNISvOEAiIS/7TTd
5ar5CVba9m8q9CaemwHq0MJa3/4uByNuCUeCU6iTQa19PgyMZr3DWEJ2CN9fiwMt
/AmhJEB4P3DkIhU2MRhyiNsIM1acO4EIDM/vhd3h+VZLX+FG7dGFqReFhp0Snsc9
IO7LfxLcfnPNHuPHTPCuF51R5nyz7S6x9duwR2Avx11Q5xvnW4ijldu7ECtw2xxK
Q3S6AYW0Ro1vMnVLtVw27w0D6SkN8lV9
-----END CERTIFICATE-----