Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e2033323134.roa
File:                     3139342e3132372e3136372e302f32342d3234203d3e2033323134.roa (raw, json)
Hash identifier:          xJ7wK8ZetYGabxV0L/Z8amL6l8pGU18uL77rcVWxF6A=
Subject key identifier:   17:01:3F:94:77:41:30:D5:B8:A0:AB:6E:16:34:AA:51:2A:E6:1D:BA
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       7DE05957693C51FD33027F82513B9C1D0034D701
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e2033323134.roa
Signing time:             Thu 12 Sep 2024 16:46:53 +0000
ROA not before:           Thu 12 Sep 2024 16:41:53 +0000
ROA not after:            Thu 11 Sep 2025 16:46:53 +0000
asID:                     3214
IP address blocks:        194.127.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:e0:59:57:69:3c:51:fd:33:02:7f:82:51:3b:9c:1d:00:34:d7:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 12 16:41:53 2024 GMT
            Not After : Sep 11 16:46:53 2025 GMT
        Subject: CN=17013F94774130D5B8A0AB6E1634AA512AE61DBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ba:b5:c7:d1:78:09:cf:e2:3f:63:d4:2a:0b:
                    07:1c:70:42:60:f6:fd:12:62:18:2f:73:f0:02:d0:
                    61:67:df:99:da:65:46:01:a6:ae:6c:e6:4c:88:25:
                    8f:f3:2a:40:76:09:9d:18:d2:e4:e5:a6:4b:a3:bc:
                    20:5e:9d:69:96:c5:6b:f7:da:ab:e9:d3:1b:c5:3e:
                    db:92:44:35:1e:9f:23:42:fa:1e:ef:7d:10:69:0a:
                    08:22:bd:6c:66:b0:03:f9:46:dd:18:f8:2f:fa:a0:
                    ab:cc:0b:67:07:ec:22:a2:11:86:35:27:30:f6:e4:
                    83:6c:b9:d0:b0:46:28:ea:fe:e5:72:57:a7:44:3b:
                    c8:dd:09:b6:e5:7a:02:6a:a1:11:5b:bb:22:9d:c0:
                    63:ec:be:39:7d:3b:50:04:62:5d:5d:36:95:22:74:
                    ad:56:99:61:63:b7:6e:70:f6:0f:4e:d3:ec:5b:8d:
                    3e:fa:90:57:81:6d:c6:6b:a4:38:3f:25:b2:d0:9f:
                    c5:26:e4:bb:dd:ad:39:fe:fa:a8:a7:d4:ab:76:66:
                    f9:d4:f9:94:ae:db:bc:3d:4d:04:e4:56:ec:bd:99:
                    de:d5:46:56:2f:64:df:83:a9:7d:eb:d8:43:95:e2:
                    44:83:3e:9a:a1:93:31:c4:b4:ba:76:91:ae:50:a6:
                    9d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:01:3F:94:77:41:30:D5:B8:A0:AB:6E:16:34:AA:51:2A:E6:1D:BA
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:d3:a9:31:6d:f8:fc:48:ce:81:7a:2e:06:9b:dc:3c:48:74:
         7c:7f:c6:6c:bd:02:e6:86:41:a6:e4:0d:85:f7:4e:76:01:2b:
         c2:10:0d:f9:ef:47:33:89:e7:6d:c7:f5:5d:63:8e:f6:0a:77:
         e1:df:94:ee:51:a6:51:0d:43:1a:73:d5:38:cc:7c:e7:5c:38:
         e9:3e:e6:19:cd:50:af:ca:ac:23:97:12:ec:25:e5:66:31:c9:
         c6:91:94:99:0c:10:44:94:7a:df:63:02:43:b4:15:31:bb:14:
         31:8b:f0:d5:dd:c6:59:ab:8b:14:16:0f:7e:ca:f7:52:20:0a:
         51:db:3f:e9:69:b2:99:77:a5:93:17:11:dc:7e:63:0b:ae:fc:
         0d:10:ef:59:be:d5:82:4a:37:f6:87:a7:d9:39:47:87:50:44:
         1d:89:06:26:64:48:40:01:85:56:e0:d7:10:08:85:cf:f1:bc:
         58:b0:e4:6f:4a:68:f7:8a:b0:f4:3f:90:d5:1f:b9:38:40:ce:
         69:96:6c:06:b3:31:97:40:e1:51:15:36:e4:0b:16:56:f0:8e:
         47:45:6a:c6:7b:ad:12:9d:a2:df:79:58:94:40:58:ac:9b:59:
         d0:af:a1:57:8c:c9:e2:fa:7d:b8:d1:a8:6b:5c:30:fe:70:e5:
         a9:11:8a:95
-----BEGIN CERTIFICATE-----
MIIEwjCCA6qgAwIBAgIUfeBZV2k8Uf0zAn+CUTucHQA01wEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA5MTIxNjQxNTNaFw0yNTA5MTExNjQ2NTNaMDMxMTAvBgNV
BAMTKDE3MDEzRjk0Nzc0MTMwRDVCOEEwQUI2RTE2MzRBQTUxMkFFNjFEQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFurXH0XgJz+I/Y9QqCwcccEJg
9v0SYhgvc/AC0GFn35naZUYBpq5s5kyIJY/zKkB2CZ0Y0uTlpkujvCBenWmWxWv3
2qvp0xvFPtuSRDUenyNC+h7vfRBpCggivWxmsAP5Rt0Y+C/6oKvMC2cH7CKiEYY1
JzD25INsudCwRijq/uVyV6dEO8jdCbblegJqoRFbuyKdwGPsvjl9O1AEYl1dNpUi
dK1WmWFjt25w9g9O0+xbjT76kFeBbcZrpDg/JbLQn8Um5LvdrTn++qin1Kt2ZvnU
+ZSu27w9TQTkVuy9md7VRlYvZN+DqX3r2EOV4kSDPpqhkzHEtLp2ka5Qpp2bAgMB
AAGjggHMMIIByDAdBgNVHQ4EFgQUFwE/lHdBMNW4oKtuFjSqUSrmHbowHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
dgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzcyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMJ/pzANBgkqhkiG9w0BAQsF
AAOCAQEAZtOpMW34/EjOgXouBpvcPEh0fH/GbL0C5oZBpuQNhfdOdgErwhAN+e9H
M4nnbcf1XWOO9gp34d+U7lGmUQ1DGnPVOMx851w46T7mGc1Qr8qsI5cS7CXlZjHJ
xpGUmQwQRJR632MCQ7QVMbsUMYvw1d3GWauLFBYPfsr3UiAKUds/6WmymXelkxcR
3H5jC678DRDvWb7Vgko39oen2TlHh1BEHYkGJmRIQAGFVuDXEAiFz/G8WLDkb0po
94qw9D+Q1R+5OEDOaZZsBrMxl0DhURU25AsWVvCOR0VqxnutEp2i33lYlEBYrJtZ
0K+hV4zJ4vp9uNGoa1ww/nDlqRGKlQ==
-----END CERTIFICATE-----