Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e203433333537.roa
File:                     3139342e3132372e3136372e302f32342d3234203d3e203433333537.roa (raw, json)
Hash identifier:          Exd3RIBdEHz+TKi5w7OUtCMDzwVKej60sMMkK1M2cp4=
Subject key identifier:   3D:E0:AF:80:74:73:18:8B:D3:B3:40:6F:D7:0E:61:F8:18:DB:94:67
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       29AE746327008000CCD0346B1352CA0C953A7763
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e203433333537.roa
Signing time:             Wed 22 Nov 2023 20:16:28 +0000
ROA not before:           Wed 22 Nov 2023 20:11:28 +0000
ROA not after:            Wed 20 Nov 2024 20:16:28 +0000
asID:                     43357
IP address blocks:        194.127.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:ae:74:63:27:00:80:00:cc:d0:34:6b:13:52:ca:0c:95:3a:77:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Nov 22 20:11:28 2023 GMT
            Not After : Nov 20 20:16:28 2024 GMT
        Subject: CN=3DE0AF807473188BD3B3406FD70E61F818DB9467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:7d:94:91:29:6c:02:79:41:7c:08:51:03:e8:
                    28:f6:ba:f6:93:1e:e6:f9:39:08:f5:28:55:f3:4d:
                    e4:c3:9f:b7:47:99:6e:20:60:b4:5d:2b:26:ac:96:
                    cc:29:90:af:61:d2:08:86:06:fd:67:84:c3:90:21:
                    48:6f:8f:46:1f:d2:ec:b9:a2:68:ac:a0:46:94:95:
                    0f:c1:5e:d4:26:c9:c6:1c:05:9b:54:f7:30:07:4f:
                    23:18:52:16:df:ef:32:90:bd:e9:c2:6b:cb:87:ce:
                    eb:70:9b:bc:35:c9:52:cf:46:d1:a3:15:50:7d:77:
                    96:5d:24:cf:49:2b:aa:23:62:51:eb:b2:5e:cf:16:
                    87:3b:46:29:b6:7c:f2:7c:ea:73:12:9a:b2:e6:3b:
                    ac:1a:02:31:d2:f7:2a:b8:27:55:95:34:82:ee:c2:
                    f0:ec:33:84:9f:97:e8:01:90:ed:c3:2f:ad:9f:54:
                    2a:f3:bd:1c:82:96:ce:67:0d:d6:95:1b:8d:94:15:
                    d3:61:03:30:ab:8f:ce:bd:dd:48:63:29:9f:77:5c:
                    c2:37:34:9f:fe:42:d1:11:bd:cc:18:4f:8e:ad:60:
                    a2:1d:07:32:4b:e2:b2:81:17:be:e3:f5:9f:3a:ed:
                    a9:85:a0:b4:2e:f6:98:d3:7a:1c:e2:0a:cc:aa:e0:
                    6b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E0:AF:80:74:73:18:8B:D3:B3:40:6F:D7:0E:61:F8:18:DB:94:67
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136372e302f32342d3234203d3e203433333537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:bd:ad:37:57:e9:b5:63:f6:bf:d6:95:6b:8b:de:6b:66:01:
         52:34:40:3d:21:ff:87:3e:1e:49:8e:17:66:89:7f:7b:4b:24:
         ac:a7:f0:cd:9d:8e:26:ff:34:f5:48:a7:73:68:da:30:2c:b7:
         49:e5:30:60:bb:2a:2a:aa:af:ab:d8:fc:34:cd:38:7b:37:cd:
         fc:bc:c4:49:c6:59:14:17:1e:9b:30:bd:d0:b0:9e:6c:ed:25:
         13:51:80:f4:6b:61:16:24:7d:02:62:b2:ce:ef:4d:ce:77:00:
         e3:23:03:a8:23:9e:00:f8:21:03:ce:91:39:60:82:2a:e0:cf:
         3a:ae:ca:40:c5:be:91:c3:f4:c5:2f:c9:bc:13:9c:fa:17:99:
         16:68:dc:0c:21:36:9c:c5:f6:dd:52:19:0b:ad:cd:f8:70:67:
         8a:30:70:5b:80:2e:23:8a:b3:c4:b8:4b:7e:8a:d3:46:09:ec:
         ca:b1:2c:07:b1:3b:39:4b:a8:15:04:ed:80:bc:2d:da:2c:50:
         2d:8d:df:e6:d2:dc:63:8f:47:09:69:8f:4e:c4:5e:d1:8f:c3:
         ad:33:81:0d:32:21:30:3c:c9:01:98:95:10:8b:97:96:b9:2f:
         82:af:8c:9f:df:ed:1d:46:9d:6a:33:91:13:ec:6f:00:38:4b:
         41:12:28:4f
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUKa50YycAgADM0DRrE1LKDJU6d2MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzExMjIyMDExMjhaFw0yNDExMjAyMDE2MjhaMDMxMTAvBgNV
BAMTKDNERTBBRjgwNzQ3MzE4OEJEM0IzNDA2RkQ3MEU2MUY4MThEQjk0NjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDofZSRKWwCeUF8CFED6Cj2uvaT
Hub5OQj1KFXzTeTDn7dHmW4gYLRdKyaslswpkK9h0giGBv1nhMOQIUhvj0Yf0uy5
omisoEaUlQ/BXtQmycYcBZtU9zAHTyMYUhbf7zKQvenCa8uHzutwm7w1yVLPRtGj
FVB9d5ZdJM9JK6ojYlHrsl7PFoc7Rim2fPJ86nMSmrLmO6waAjHS9yq4J1WVNILu
wvDsM4Sfl+gBkO3DL62fVCrzvRyCls5nDdaVG42UFdNhAzCrj8693UhjKZ93XMI3
NJ/+QtERvcwYT46tYKIdBzJL4rKBF77j9Z867amFoLQu9pjTehziCsyq4GuHAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUPeCvgHRzGIvTs0Bv1w5h+BjblGcwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzcyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzNDMzMzMzNTM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+nMA0GCSqGSIb3DQEB
CwUAA4IBAQDIva03V+m1Y/a/1pVri95rZgFSNEA9If+HPh5JjhdmiX97SySsp/DN
nY4m/zT1SKdzaNowLLdJ5TBguyoqqq+r2Pw0zTh7N838vMRJxlkUFx6bML3QsJ5s
7SUTUYD0a2EWJH0CYrLO703OdwDjIwOoI54A+CEDzpE5YIIq4M86rspAxb6Rw/TF
L8m8E5z6F5kWaNwMITacxfbdUhkLrc34cGeKMHBbgC4jirPEuEt+itNGCezKsSwH
sTs5S6gVBO2AvC3aLFAtjd/m0txjj0cJaY9OxF7Rj8OtM4ENMiEwPMkBmJUQi5eW
uS+Cr4yf3+0dRp1qM5ET7G8AOEtBEihP
-----END CERTIFICATE-----