Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa
File:                     326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa (raw, json)
Hash identifier:          /4DLC5svluL3/XaiUY9woF403K833GGx7AhIA89BR74=
Subject key identifier:   9C:64:5C:18:D1:77:9D:6A:BC:1F:64:EB:EC:AB:AC:9A:AD:7B:8F:93
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       04BB9765425B462F6A55FA4DF1E54B10C36ECA04
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa
Signing time:             Wed 23 Oct 2024 20:46:58 +0000
ROA not before:           Wed 23 Oct 2024 20:41:58 +0000
ROA not after:            Wed 22 Oct 2025 20:46:58 +0000
asID:                     43357
IP address blocks:        2a07:d880:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:bb:97:65:42:5b:46:2f:6a:55:fa:4d:f1:e5:4b:10:c3:6e:ca:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 23 20:41:58 2024 GMT
            Not After : Oct 22 20:46:58 2025 GMT
        Subject: CN=9C645C18D1779D6ABC1F64EBECABAC9AAD7B8F93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:da:54:f2:55:87:5d:a9:8c:0a:1d:13:61:37:
                    39:09:7e:cd:31:18:2a:ca:a7:07:ff:db:83:59:d9:
                    a0:bf:8e:77:18:db:e5:81:46:48:2d:36:82:a3:5d:
                    97:71:30:e2:cd:9a:94:e8:83:22:8f:26:36:54:90:
                    90:37:11:36:32:d0:c2:7d:54:42:23:bc:52:53:0a:
                    46:56:3f:12:35:b9:59:10:73:79:25:80:89:a7:59:
                    b6:2b:59:65:c6:6c:9b:6b:54:64:6d:f2:d4:dd:b2:
                    2c:1c:c9:69:02:ef:83:a3:13:14:49:2a:d7:d2:ad:
                    03:7a:e6:f1:f0:0f:92:19:d6:62:6c:68:3e:7a:b8:
                    d3:c3:0b:86:f9:cb:93:96:2a:79:7c:64:da:87:2c:
                    41:62:62:3d:dd:a8:8e:97:16:e7:c2:e9:2a:4a:c2:
                    a8:47:32:3e:67:b0:a5:99:4d:46:bf:3a:46:92:26:
                    63:99:07:67:11:16:35:36:ef:e4:3c:d8:96:a7:02:
                    4a:f3:42:36:57:11:fa:32:c0:09:15:b8:0a:4b:11:
                    eb:9a:a8:16:5b:cc:b8:8a:4f:45:e6:7d:d3:e4:29:
                    28:7b:ba:25:69:0f:62:34:09:e8:f8:e1:e9:b1:bf:
                    fa:4e:77:ee:a1:17:eb:ce:db:d4:23:24:49:13:13:
                    7d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:64:5C:18:D1:77:9D:6A:BC:1F:64:EB:EC:AB:AC:9A:AD:7B:8F:93
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d880:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         de:c3:7a:bf:fc:bc:4a:cd:bb:46:20:07:d2:07:3e:0b:69:1e:
         d5:e3:c1:0e:73:ff:49:f0:d0:84:e1:2c:c9:d0:88:58:bc:70:
         92:cc:f4:dd:02:8f:95:57:23:e2:25:b0:4f:68:6f:05:7c:0c:
         57:07:61:89:40:3c:50:d4:c2:0d:9d:7e:51:eb:7c:4b:e8:9a:
         c6:65:3c:e2:5b:fc:e4:dc:f6:6f:93:1d:a3:3c:a5:21:7a:89:
         79:16:c4:1a:18:7a:28:4b:24:7e:80:14:67:01:da:10:94:af:
         39:cb:65:b4:31:40:c0:9b:d7:da:b6:0f:1b:8a:5c:32:05:92:
         72:c5:f1:60:90:42:fb:4d:32:5a:df:b1:35:77:ea:45:69:6c:
         a2:09:28:ee:58:b2:1e:fe:ec:49:7d:b6:20:0c:ba:53:9f:89:
         e6:1f:4a:27:bc:07:0f:be:4f:45:e6:21:d3:98:55:0e:22:0a:
         83:ee:af:55:42:47:f4:7e:1b:0f:e6:42:33:10:58:3d:38:4c:
         95:b4:a3:86:5e:61:5e:db:b7:cf:9c:5c:5a:a5:26:91:b6:2f:
         dc:e0:0a:1c:04:75:45:6a:df:f1:3b:dd:7e:3e:19:4d:b5:c4:
         57:09:36:25:90:ca:58:c5:99:76:4b:f0:69:f3:b0:20:e2:fe:
         f1:bb:65:2a
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUBLuXZUJbRi9qVfpN8eVLEMNuygQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDEwMjMyMDQxNThaFw0yNTEwMjIyMDQ2NThaMDMxMTAvBgNV
BAMTKDlDNjQ1QzE4RDE3NzlENkFCQzFGNjRFQkVDQUJBQzlBQUQ3QjhGOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu2lTyVYddqYwKHRNhNzkJfs0x
GCrKpwf/24NZ2aC/jncY2+WBRkgtNoKjXZdxMOLNmpTogyKPJjZUkJA3ETYy0MJ9
VEIjvFJTCkZWPxI1uVkQc3klgImnWbYrWWXGbJtrVGRt8tTdsiwcyWkC74OjExRJ
KtfSrQN65vHwD5IZ1mJsaD56uNPDC4b5y5OWKnl8ZNqHLEFiYj3dqI6XFufC6SpK
wqhHMj5nsKWZTUa/OkaSJmOZB2cRFjU27+Q82JanAkrzQjZXEfoywAkVuApLEeua
qBZbzLiKT0XmfdPkKSh7uiVpD2I0Cej44emxv/pOd+6hF+vO29QjJEkTE30nAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUnGRcGNF3nWq8H2Tr7Kusmq17j5MwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMDNhMzIzYTNhMmYzNDM4MmQz
NDM4MjAzZDNlMjAzNDMzMzMzNTM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgfYgAACMA0GCSqGSIb3
DQEBCwUAA4IBAQDew3q//LxKzbtGIAfSBz4LaR7V48EOc/9J8NCE4SzJ0IhYvHCS
zPTdAo+VVyPiJbBPaG8FfAxXB2GJQDxQ1MINnX5R63xL6JrGZTziW/zk3PZvkx2j
PKUheol5FsQaGHooSyR+gBRnAdoQlK85y2W0MUDAm9fatg8bilwyBZJyxfFgkEL7
TTJa37E1d+pFaWyiCSjuWLIe/uxJfbYgDLpTn4nmH0onvAcPvk9F5iHTmFUOIgqD
7q9VQkf0fhsP5kIzEFg9OEyVtKOGXmFe27fPnFxapSaRti/c4AocBHVFat/xO91+
PhlNtcRXCTYlkMpYxZl2S/Bp87Ag4v7xu2Uq
-----END CERTIFICATE-----