Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa
File:                     3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa (raw, json)
Hash identifier:          3Ufgw6MIyo5N+pAxo5J4VRlgP3BpnPH4QDtHDnZzeR0=
Subject key identifier:   27:28:A9:0C:EF:C8:D9:FA:4A:42:3E:D9:49:F8:A4:5F:25:DB:34:4D
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       4B8BDC85F0AD87B099DDFC3B42F40B3E85489B3E
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     47553
IP address blocks:        194.127.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:8b:dc:85:f0:ad:87:b0:99:dd:fc:3b:42:f4:0b:3e:85:48:9b:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=2728A90CEFC8D9FA4A423ED949F8A45F25DB344D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:64:89:74:09:b3:ea:ec:c6:0d:29:3c:21:bc:
                    ab:c4:dd:28:77:a8:1b:e8:ff:3f:18:c5:ec:7b:d8:
                    b9:00:de:6b:48:b3:40:2d:42:01:4c:d3:76:36:81:
                    16:7f:29:aa:8c:77:82:0c:bf:fe:ca:3b:78:45:91:
                    1d:67:ef:ea:f0:33:9d:6c:ae:98:c0:ba:fb:42:87:
                    f8:7b:25:dd:89:73:38:5a:97:d7:50:c4:ea:13:dd:
                    ad:8b:8b:87:87:95:8c:a2:8f:02:5c:a1:ce:71:69:
                    98:0c:ea:e1:29:07:96:a7:04:22:08:6b:76:d0:bd:
                    ef:e7:96:b1:15:32:3f:79:e6:6d:0c:90:fc:dd:ab:
                    88:d7:76:24:2f:cb:e9:50:07:d5:59:5c:bb:c8:75:
                    13:a4:93:6c:5a:c2:a2:2f:c6:9c:7e:6c:50:6d:3e:
                    af:7b:2d:e3:2c:18:2a:1a:0f:58:0c:b9:b5:4e:61:
                    f6:54:3d:aa:a9:6d:2e:69:14:48:43:ee:5c:b1:9d:
                    b8:99:b5:9f:5b:fb:b4:13:ff:04:8f:f0:76:6a:c5:
                    e1:0f:3e:9f:ec:44:93:c7:43:2b:af:09:37:02:c6:
                    7d:52:9a:b8:40:36:78:64:2e:fa:b5:d0:29:04:5f:
                    67:c6:92:1b:ba:ce:16:57:69:49:af:4b:e3:7d:ab:
                    d9:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:28:A9:0C:EF:C8:D9:FA:4A:42:3E:D9:49:F8:A4:5F:25:DB:34:4D
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:4b:22:11:e1:e4:89:db:14:bb:e9:a7:7e:3c:38:ee:ff:91:
         ef:32:1e:61:f0:24:51:a8:ec:48:d0:60:cf:2f:8f:d3:42:f6:
         70:37:3e:c7:b5:c9:43:a0:76:03:18:1b:a2:8a:34:c8:c7:23:
         5f:3a:17:20:0c:6d:2a:47:ca:4d:6a:4f:6e:5c:24:72:9c:b4:
         08:42:38:ef:f4:ed:5a:58:88:c2:78:9d:bd:c2:76:94:26:df:
         ac:bf:d6:1e:be:50:d4:e0:10:43:82:7c:ac:7d:ec:6f:c1:07:
         de:f8:42:ed:f5:db:31:26:33:79:61:7c:bf:2f:fb:bc:8d:b3:
         7b:af:8e:9b:48:03:b1:34:ac:dc:dc:87:7f:93:fd:96:14:b2:
         d6:17:b2:86:9a:fc:d1:0c:42:e6:19:e4:4c:12:f6:30:dc:5d:
         f0:1d:f5:23:25:d1:01:57:01:dc:02:f7:97:ca:29:07:c9:84:
         6b:43:cf:0a:5b:f4:2f:ff:71:97:7c:bd:01:6c:33:93:10:55:
         7f:fa:b4:8a:ee:25:7c:24:1c:c7:26:77:71:4e:73:c7:74:ba:
         44:37:cf:4f:f1:e3:74:72:e4:54:dd:58:dd:a8:3b:bd:ac:04:
         9c:08:e4:14:1d:78:cb:e4:7c:50:32:3c:ac:47:ae:20:6a:81:
         89:d5:c2:a8
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUS4vchfCth7CZ3fw7QvQLPoVImz4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKDI3MjhBOTBDRUZDOEQ5RkE0QTQyM0VEOTQ5RjhBNDVGMjVEQjM0NEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8ZIl0CbPq7MYNKTwhvKvE3Sh3
qBvo/z8Yxex72LkA3mtIs0AtQgFM03Y2gRZ/KaqMd4IMv/7KO3hFkR1n7+rwM51s
rpjAuvtCh/h7Jd2Jczhal9dQxOoT3a2Li4eHlYyijwJcoc5xaZgM6uEpB5anBCII
a3bQve/nlrEVMj955m0MkPzdq4jXdiQvy+lQB9VZXLvIdROkk2xawqIvxpx+bFBt
Pq97LeMsGCoaD1gMubVOYfZUPaqpbS5pFEhD7lyxnbiZtZ9b+7QT/wSP8HZqxeEP
Pp/sRJPHQyuvCTcCxn1SmrhANnhkLvq10CkEX2fGkhu6zhZXaUmvS+N9q9nFAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUJyipDO/I2fpKQj7ZSfikXyXbNE0wHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzYyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzNDM3MzUzNTMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+mMA0GCSqGSIb3DQEB
CwUAA4IBAQBjSyIR4eSJ2xS76ad+PDju/5HvMh5h8CRRqOxI0GDPL4/TQvZwNz7H
tclDoHYDGBuiijTIxyNfOhcgDG0qR8pNak9uXCRynLQIQjjv9O1aWIjCeJ29wnaU
Jt+sv9YevlDU4BBDgnysfexvwQfe+ELt9dsxJjN5YXy/L/u8jbN7r46bSAOxNKzc
3Id/k/2WFLLWF7KGmvzRDELmGeRMEvYw3F3wHfUjJdEBVwHcAveXyikHyYRrQ88K
W/Qv/3GXfL0BbDOTEFV/+rSK7iV8JBzHJndxTnPHdLpEN89P8eN0cuRU3VjdqDu9
rAScCOQUHXjL5HxQMjysR64gaoGJ1cKo
-----END CERTIFICATE-----