Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa
File:                     3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa (raw, json)
Hash identifier:          tA/PEUXd4PGjxUrT0sNGjBrfA02ibxyf6HD0I+WMaXE=
Subject key identifier:   3E:A7:6B:DD:D9:AB:F9:B3:3A:3E:CA:A2:6D:7A:E4:B7:71:97:C7:98
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       335AFBA717030C10E9CA7BD22C5393BD89037141
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa
Signing time:             Thu 12 Sep 2024 16:46:53 +0000
ROA not before:           Thu 12 Sep 2024 16:41:53 +0000
ROA not after:            Thu 11 Sep 2025 16:46:53 +0000
asID:                     47553
IP address blocks:        194.127.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:5a:fb:a7:17:03:0c:10:e9:ca:7b:d2:2c:53:93:bd:89:03:71:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 12 16:41:53 2024 GMT
            Not After : Sep 11 16:46:53 2025 GMT
        Subject: CN=3EA76BDDD9ABF9B33A3ECAA26D7AE4B77197C798
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:95:c2:1b:58:6a:d0:63:fb:51:a8:19:68:37:
                    87:50:99:6e:82:d1:10:dc:c3:4b:ef:05:6a:6b:8f:
                    8c:9c:d6:12:7d:fd:80:d0:17:e9:b2:8a:48:ce:2f:
                    6e:1a:fc:b0:c8:a6:c3:23:f8:8a:0d:75:b3:67:37:
                    59:24:3f:ff:03:61:95:c1:46:81:44:9a:a7:d7:e3:
                    13:98:34:d0:ed:62:9b:cb:bb:8a:aa:c2:25:f9:fb:
                    7a:e6:1e:29:50:ce:19:90:75:0b:46:99:6e:db:f4:
                    67:ee:cc:e6:3e:29:10:58:b3:bc:53:b3:f4:62:f5:
                    4b:e2:37:56:5a:cc:7c:44:31:cc:4c:f1:ff:2a:a7:
                    b7:ad:f5:7d:a2:3a:d0:f9:d7:2b:2e:e8:c0:d2:71:
                    85:ce:f7:42:4a:70:ec:87:64:66:a9:0f:59:bb:8e:
                    74:a4:75:5d:4e:00:15:0f:40:af:b3:f4:e4:04:52:
                    01:60:e1:ea:86:21:2b:ce:95:87:29:3f:d4:03:4d:
                    ab:dc:2a:cc:14:d3:a4:8b:b3:03:a6:ae:40:ab:c7:
                    a7:a8:e3:bc:c5:79:da:2b:3c:3a:24:d4:2b:09:49:
                    9b:d2:d0:c6:74:a6:fe:01:15:0c:f0:1f:6a:f8:3c:
                    ca:f8:cc:3c:42:02:02:89:53:ac:c4:a7:59:64:32:
                    cc:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:A7:6B:DD:D9:AB:F9:B3:3A:3E:CA:A2:6D:7A:E4:B7:71:97:C7:98
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:16:18:a9:64:e8:0a:1e:18:7a:96:6a:50:4a:66:e9:66:3f:
         db:45:58:d8:51:1f:fb:92:a8:1b:b1:eb:87:c2:b1:6a:52:82:
         19:2f:33:7b:2a:67:ed:fb:a1:e1:0f:6a:00:ac:12:9a:87:6a:
         bb:f7:17:11:f6:96:55:42:d1:6e:f4:69:67:3c:4e:c3:b9:9a:
         8d:88:a9:79:e5:75:34:52:99:6a:8c:e3:40:6c:c7:aa:7b:7a:
         98:81:7d:74:d2:3c:b4:78:3e:29:51:93:46:6c:b6:88:bd:51:
         a7:a8:36:aa:ba:2f:d4:8b:86:37:1f:91:6a:f7:c3:cf:09:66:
         77:91:0d:38:6c:4a:0f:04:83:c6:a1:18:33:c2:7b:06:c8:47:
         de:a6:f1:05:50:cb:b4:b2:1c:a9:b5:27:bb:d9:14:66:a5:ff:
         fe:18:87:3c:b9:fb:0c:0b:a6:99:ce:ea:eb:e7:0a:cc:c2:be:
         b6:39:39:96:f3:0a:84:70:fc:13:69:28:5a:6c:1b:38:db:ef:
         f3:4f:71:70:b4:94:cd:e7:49:de:18:a2:09:8d:59:c0:a7:4c:
         5f:19:8f:b6:f5:03:14:25:d8:25:48:32:6b:74:b3:ff:13:b5:
         17:5b:45:b7:62:33:7d:c3:7b:13:ff:a7:0d:e1:b6:e9:71:c3:
         cb:8e:f7:95
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUM1r7pxcDDBDpynvSLFOTvYkDcUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA5MTIxNjQxNTNaFw0yNTA5MTExNjQ2NTNaMDMxMTAvBgNV
BAMTKDNFQTc2QkRERDlBQkY5QjMzQTNFQ0FBMjZEN0FFNEI3NzE5N0M3OTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/lcIbWGrQY/tRqBloN4dQmW6C
0RDcw0vvBWprj4yc1hJ9/YDQF+myikjOL24a/LDIpsMj+IoNdbNnN1kkP/8DYZXB
RoFEmqfX4xOYNNDtYpvLu4qqwiX5+3rmHilQzhmQdQtGmW7b9GfuzOY+KRBYs7xT
s/Ri9UviN1ZazHxEMcxM8f8qp7et9X2iOtD51ysu6MDScYXO90JKcOyHZGapD1m7
jnSkdV1OABUPQK+z9OQEUgFg4eqGISvOlYcpP9QDTavcKswU06SLswOmrkCrx6eo
47zFedorPDok1CsJSZvS0MZ0pv4BFQzwH2r4PMr4zDxCAgKJU6zEp1lkMsyVAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUPqdr3dmr+bM6PsqibXrkt3GXx5gwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzYyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzNDM3MzUzNTMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+mMA0GCSqGSIb3DQEB
CwUAA4IBAQCeFhipZOgKHhh6lmpQSmbpZj/bRVjYUR/7kqgbseuHwrFqUoIZLzN7
Kmft+6HhD2oArBKah2q79xcR9pZVQtFu9GlnPE7DuZqNiKl55XU0UplqjONAbMeq
e3qYgX100jy0eD4pUZNGbLaIvVGnqDaqui/Ui4Y3H5Fq98PPCWZ3kQ04bEoPBIPG
oRgzwnsGyEfepvEFUMu0shyptSe72RRmpf/+GIc8ufsMC6aZzurr5wrMwr62OTmW
8wqEcPwTaShabBs42+/zT3FwtJTN50neGKIJjVnAp0xfGY+29QMUJdglSDJrdLP/
E7UXW0W3YjN9w3sT/6cN4bbpccPLjveV
-----END CERTIFICATE-----