Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e203433333537.roa
File:                     3139342e3132372e3136372e302f32342d3234203d3e203433333537.roa (raw, json)
Hash identifier:          x9lIzzpYrOSL7ZekbaVY9gmPvQBovL/8FejcCCw9RcE=
Subject key identifier:   74:72:B2:43:61:48:30:5C:36:EA:60:97:83:AD:BD:02:F8:FE:8F:D8
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       0A6FBE2DA4D4EAA72A27A986377E65498E3F7E12
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e203433333537.roa
Signing time:             Wed 23 Oct 2024 20:46:58 +0000
ROA not before:           Wed 23 Oct 2024 20:41:58 +0000
ROA not after:            Wed 22 Oct 2025 20:46:58 +0000
asID:                     43357
IP address blocks:        194.127.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:6f:be:2d:a4:d4:ea:a7:2a:27:a9:86:37:7e:65:49:8e:3f:7e:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 23 20:41:58 2024 GMT
            Not After : Oct 22 20:46:58 2025 GMT
        Subject: CN=7472B2436148305C36EA609783ADBD02F8FE8FD8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:14:ea:a9:33:6d:0e:25:17:02:b9:db:67:14:
                    08:c4:77:37:07:68:28:20:69:34:ea:c5:bd:d1:4e:
                    c9:37:46:59:68:9f:d4:c3:7d:cd:74:ed:b7:97:93:
                    3f:91:59:03:a4:e7:6f:b7:57:f1:c6:4b:fb:fb:38:
                    de:39:33:c4:0b:a1:05:11:93:6b:99:a0:e5:f1:3b:
                    b0:a9:ff:fe:82:1f:f3:17:32:2e:86:63:4c:9e:09:
                    ac:d0:11:e7:d4:75:8a:37:a9:9a:4d:44:b5:6d:b6:
                    e8:a2:8b:f4:e5:0e:b5:1f:bf:63:64:69:80:e2:83:
                    b5:cc:d8:43:24:84:90:e4:66:79:e7:c2:32:47:b3:
                    18:23:4c:23:34:bd:e9:63:46:f0:bd:4d:ae:25:e4:
                    95:9c:98:a8:13:ed:cc:ce:da:05:d5:ff:d0:27:5c:
                    96:31:d4:40:2b:a1:b7:72:fe:35:fb:1f:83:36:b4:
                    31:39:0f:99:d3:e9:cc:94:0e:fc:e6:06:ff:79:e1:
                    ca:6d:9b:c9:f3:26:67:c5:aa:04:db:cf:6b:d0:42:
                    12:ce:68:62:88:63:51:63:4a:26:a1:a3:ab:e5:e1:
                    0b:f7:d1:63:b9:41:31:29:d2:8e:1e:e8:dd:c0:0e:
                    cc:c3:83:c9:0b:db:26:45:5a:ba:df:13:af:f7:c4:
                    a9:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:72:B2:43:61:48:30:5C:36:EA:60:97:83:AD:BD:02:F8:FE:8F:D8
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e203433333537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:d7:9e:35:97:57:8c:4b:db:d7:db:21:49:44:1c:6e:04:83:
         6b:6d:7f:cc:ae:2a:06:2f:c2:14:db:fc:ee:d6:ca:f7:5f:a9:
         36:3f:c0:cb:d0:15:f5:b3:ef:6c:a5:54:9c:ca:48:d7:b7:d2:
         c5:60:38:97:b2:cd:fb:14:55:27:92:47:25:77:a4:a7:e8:18:
         ec:31:e7:3c:07:2d:b3:b9:81:a5:ed:90:f0:b5:e7:24:c4:ed:
         b1:71:c0:e3:28:73:c6:c9:17:3c:b3:42:b4:5d:42:3a:b0:b7:
         36:e8:f7:09:69:cb:ad:6a:2b:73:d1:1b:df:b7:d9:8a:7b:ff:
         33:fc:19:1a:ae:b8:86:43:37:16:82:0e:1c:5f:b9:f3:28:9b:
         89:21:39:d7:14:5b:47:d6:9a:62:af:f6:4b:90:8a:90:56:16:
         3e:85:ee:ed:bf:20:f3:ec:90:25:f5:15:4d:a0:0c:06:f9:41:
         b0:66:f8:1f:6a:0a:a5:e1:33:50:3e:c9:4d:60:0a:0a:b5:1e:
         b9:f3:27:35:cc:04:34:a1:ad:5c:10:c2:53:58:81:86:69:56:
         f7:1f:45:e0:de:63:5e:73:51:b5:5a:9e:aa:2e:ba:3f:10:b6:
         10:52:63:80:1e:0e:e0:ee:95:4a:49:52:b5:6e:c6:60:02:9b:
         4f:ab:c0:f6
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUCm++LaTU6qcqJ6mGN35lSY4/fhIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDEwMjMyMDQxNThaFw0yNTEwMjIyMDQ2NThaMDMxMTAvBgNV
BAMTKDc0NzJCMjQzNjE0ODMwNUMzNkVBNjA5NzgzQURCRDAyRjhGRThGRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnFOqpM20OJRcCudtnFAjEdzcH
aCggaTTqxb3RTsk3Rllon9TDfc107beXkz+RWQOk52+3V/HGS/v7ON45M8QLoQUR
k2uZoOXxO7Cp//6CH/MXMi6GY0yeCazQEefUdYo3qZpNRLVttuiii/TlDrUfv2Nk
aYDig7XM2EMkhJDkZnnnwjJHsxgjTCM0veljRvC9Ta4l5JWcmKgT7czO2gXV/9An
XJYx1EArobdy/jX7H4M2tDE5D5nT6cyUDvzmBv954cptm8nzJmfFqgTbz2vQQhLO
aGKIY1FjSiaho6vl4Qv30WO5QTEp0o4e6N3ADszDg8kL2yZFWrrfE6/3xKmdAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUdHKyQ2FIMFw26mCXg629Avj+j9gwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzcyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzNDMzMzMzNTM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+nMA0GCSqGSIb3DQEB
CwUAA4IBAQCk1541l1eMS9vX2yFJRBxuBINrbX/MrioGL8IU2/zu1sr3X6k2P8DL
0BX1s+9spVScykjXt9LFYDiXss37FFUnkkcld6Sn6BjsMec8By2zuYGl7ZDwteck
xO2xccDjKHPGyRc8s0K0XUI6sLc26PcJacutaitz0Rvft9mKe/8z/BkarriGQzcW
gg4cX7nzKJuJITnXFFtH1ppir/ZLkIqQVhY+he7tvyDz7JAl9RVNoAwG+UGwZvgf
agql4TNQPslNYAoKtR658yc1zAQ0oa1cEMJTWIGGaVb3H0Xg3mNec1G1Wp6qLro/
ELYQUmOAHg7g7pVKSVK1bsZgAptPq8D2
-----END CERTIFICATE-----