Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e2033323134.roa
File:                     3139342e3132372e3136372e302f32342d3234203d3e2033323134.roa (raw, json)
Hash identifier:          9B/CeEr7YZYhafd9fS42dUGmUO+eFz9ZbTce8KFtTE0=
Subject key identifier:   C6:AB:18:6A:CD:1E:A5:30:24:D9:76:19:99:43:19:F2:C5:51:21:8E
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       71D885B665CAF10F512417670EECC7ABE667AA4C
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e2033323134.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     3214
IP address blocks:        194.127.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:d8:85:b6:65:ca:f1:0f:51:24:17:67:0e:ec:c7:ab:e6:67:aa:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=C6AB186ACD1EA53024D97619994319F2C551218E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:77:63:19:8d:64:6a:31:78:0e:84:ee:2b:ec:
                    98:ed:c0:3d:bc:c0:60:17:a4:7f:a6:5c:08:b6:b9:
                    e8:09:a0:c6:46:1c:0a:fb:e4:d7:83:eb:31:fb:df:
                    3d:2f:82:8f:21:bc:b3:78:0e:8c:74:98:14:78:30:
                    9f:35:05:ad:b9:82:4e:ae:75:a2:70:10:aa:a9:b0:
                    90:56:f3:82:70:eb:d7:7f:a6:bc:7e:66:53:ef:00:
                    eb:e2:4f:c0:2f:74:21:49:40:a6:5c:76:cc:8f:0a:
                    fc:99:c7:d3:e7:45:3d:4f:ec:83:a5:1f:e3:e0:eb:
                    ef:58:e2:fc:e5:99:f2:25:b3:4a:fe:e0:fb:f9:74:
                    68:60:af:bb:23:7b:5b:d0:2a:f7:a9:c1:8a:a9:66:
                    72:c5:89:c0:4a:03:d5:7b:5b:58:b6:09:f4:b3:64:
                    0c:e2:11:a9:12:e6:a0:0e:ec:ee:28:45:36:84:c0:
                    dc:55:6e:64:83:b4:9b:85:c8:0b:27:5c:f2:2c:81:
                    1b:f0:4c:dd:95:99:1a:b4:dd:0b:c2:8a:f3:69:e8:
                    44:fd:5e:c2:02:bf:85:32:7f:14:70:f5:a1:ec:88:
                    48:6a:a5:34:44:31:bd:c4:b2:67:dc:02:d5:91:32:
                    f3:64:f8:04:21:86:c5:7a:55:2d:85:6e:ab:a3:6c:
                    39:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:AB:18:6A:CD:1E:A5:30:24:D9:76:19:99:43:19:F2:C5:51:21:8E
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:bf:04:93:86:db:a8:27:2a:0a:7d:f3:63:40:d0:8c:41:d0:
         86:de:2e:ae:fa:86:f3:84:63:69:28:fc:f0:8e:0b:25:9a:28:
         24:20:78:10:74:4a:c2:50:27:89:d3:67:4a:ac:33:72:a8:53:
         53:a7:2f:c1:69:e2:7d:ef:a6:07:5a:5c:51:27:ed:2a:ea:c7:
         38:d5:92:83:31:be:76:af:fd:83:00:84:71:06:73:20:71:55:
         ec:a8:28:e6:4c:bd:19:26:8b:02:05:77:5b:7f:85:36:0e:7f:
         41:94:7b:14:53:45:7f:41:b6:ee:22:f2:9e:d4:04:3d:1a:0b:
         83:52:8c:06:a4:c9:68:ad:2d:00:da:71:83:bc:61:0f:2f:61:
         ed:4c:65:e0:54:55:8a:2a:a8:df:6c:67:30:02:5f:0e:09:e4:
         bd:5f:bd:24:75:dc:6f:68:fa:ae:78:a3:fc:26:ae:da:df:d6:
         53:4a:a7:05:96:a1:20:1d:9e:8b:9f:97:85:6b:4a:85:70:b4:
         44:09:0b:aa:0c:b4:d2:03:a2:ce:59:32:42:90:f0:6c:63:5c:
         1f:a2:d1:88:13:c9:40:e6:a8:55:9d:c2:27:2c:27:82:f2:dc:
         e1:75:f8:57:b2:17:e2:63:63:0e:7d:29:9d:7d:0a:0d:b2:0b:
         b6:6b:6f:21
-----BEGIN CERTIFICATE-----
MIIEwjCCA6qgAwIBAgIUcdiFtmXK8Q9RJBdnDuzHq+ZnqkwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKEM2QUIxODZBQ0QxRUE1MzAyNEQ5NzYxOTk5NDMxOUYyQzU1MTIxOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3d2MZjWRqMXgOhO4r7JjtwD28
wGAXpH+mXAi2uegJoMZGHAr75NeD6zH73z0vgo8hvLN4Dox0mBR4MJ81Ba25gk6u
daJwEKqpsJBW84Jw69d/prx+ZlPvAOviT8AvdCFJQKZcdsyPCvyZx9PnRT1P7IOl
H+Pg6+9Y4vzlmfIls0r+4Pv5dGhgr7sje1vQKvepwYqpZnLFicBKA9V7W1i2CfSz
ZAziEakS5qAO7O4oRTaEwNxVbmSDtJuFyAsnXPIsgRvwTN2VmRq03QvCivNp6ET9
XsICv4UyfxRw9aHsiEhqpTREMb3EsmfcAtWRMvNk+AQhhsV6VS2FbqujbDknAgMB
AAGjggHMMIIByDAdBgNVHQ4EFgQUxqsYas0epTAk2XYZmUMZ8sVRIY4wHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
dgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzcyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzMzMyMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMJ/pzANBgkqhkiG9w0BAQsF
AAOCAQEAQL8Ek4bbqCcqCn3zY0DQjEHQht4urvqG84RjaSj88I4LJZooJCB4EHRK
wlAnidNnSqwzcqhTU6cvwWnife+mB1pcUSftKurHONWSgzG+dq/9gwCEcQZzIHFV
7Kgo5ky9GSaLAgV3W3+FNg5/QZR7FFNFf0G27iLyntQEPRoLg1KMBqTJaK0tANpx
g7xhDy9h7Uxl4FRViiqo32xnMAJfDgnkvV+9JHXcb2j6rnij/Cau2t/WU0qnBZah
IB2ei5+XhWtKhXC0RAkLqgy00gOizlkyQpDwbGNcH6LRiBPJQOaoVZ3CJywngvLc
4XX4V7IX4mNjDn0pnX0KDbILtmtvIQ==
-----END CERTIFICATE-----