Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa
File:                     326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa (raw, json)
Hash identifier:          2KtajmyUdzRIkMM9Ug+ljNQ5z6f5/Py0R9eqPV5N89E=
Subject key identifier:   EF:66:C2:90:12:DF:38:10:5B:61:EF:44:5E:46:BB:9B:77:D0:D2:C0
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       5414664DE808A50BAB1806906714A6539CD4AAA2
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa
Signing time:             Wed 22 Nov 2023 20:16:28 +0000
ROA not before:           Wed 22 Nov 2023 20:11:28 +0000
ROA not after:            Wed 20 Nov 2024 20:16:28 +0000
asID:                     43357
IP address blocks:        2a07:d880:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:14:66:4d:e8:08:a5:0b:ab:18:06:90:67:14:a6:53:9c:d4:aa:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Nov 22 20:11:28 2023 GMT
            Not After : Nov 20 20:16:28 2024 GMT
        Subject: CN=EF66C29012DF38105B61EF445E46BB9B77D0D2C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:01:3e:1c:5d:f6:d4:0f:34:75:88:07:85:6b:
                    67:d1:98:1f:45:ef:53:bd:a0:93:4b:8f:c2:77:4e:
                    37:97:73:78:a2:3c:f9:ce:25:67:ce:9f:e7:a4:31:
                    3d:be:73:f0:2c:91:b7:55:09:ea:18:ab:12:f0:a2:
                    98:3a:f6:21:47:df:55:d4:20:33:1b:88:cc:61:0f:
                    e7:b9:c6:9b:1e:9c:30:c3:4a:a0:05:c3:c7:7b:78:
                    30:c4:7b:b0:fd:3a:66:d1:b2:1d:fa:9f:48:be:99:
                    d1:0d:28:fe:73:58:25:26:eb:74:db:3d:5d:ee:20:
                    52:89:7f:14:2d:4a:f7:0c:0d:08:c3:5a:1c:73:2e:
                    7e:91:94:9c:2a:e1:47:9c:f7:16:b2:d6:b4:40:07:
                    cc:2e:0a:48:f5:98:f7:34:8a:1b:55:e6:c2:13:6e:
                    93:6c:69:b9:46:2a:2b:b4:b7:d3:5e:21:ea:ef:fb:
                    00:d4:54:6c:ce:ec:f5:c2:9b:ac:b6:c2:c6:24:b0:
                    e6:6a:eb:36:2e:83:64:4e:2f:d3:ff:4a:95:02:f8:
                    85:7d:4f:06:a8:ec:b8:6d:8f:43:bd:78:da:24:c4:
                    77:5e:16:11:fa:3a:75:d4:64:f4:42:87:d8:54:0e:
                    76:e6:31:3a:d1:66:d7:fc:8c:d5:f5:f1:88:56:fb:
                    37:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:66:C2:90:12:DF:38:10:5B:61:EF:44:5E:46:BB:9B:77:D0:D2:C0
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d880:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:80:8a:bb:48:17:71:5b:b4:ce:f8:2d:6b:3f:d4:0f:c0:c2:
         c6:07:b8:37:9f:92:65:45:a9:55:e9:80:5a:9d:0e:6e:bc:ee:
         b6:7a:48:e4:83:f3:9e:fc:5e:a2:f5:7d:85:02:93:7a:2c:ef:
         c6:e6:23:05:25:6a:a7:72:ba:19:80:6b:f9:f5:61:92:50:0a:
         b6:27:9d:91:9a:21:f0:6d:46:54:f2:a8:7e:8c:54:a6:27:a2:
         89:20:d5:15:4d:e7:ec:ea:d0:59:81:4c:59:67:58:a6:03:bc:
         92:43:b8:02:8f:e1:09:65:90:e4:14:58:33:72:e9:f6:2d:ac:
         ef:ab:ab:b9:cc:01:e2:09:9c:91:0e:e3:b1:12:68:32:97:66:
         d8:f0:3d:bc:c5:de:7f:38:fe:58:fd:ad:c0:db:26:af:ad:e5:
         a9:27:1e:68:07:bb:ea:b6:7b:c1:54:37:3a:61:51:6c:3a:57:
         2a:a8:15:2c:fb:14:74:f5:92:ba:97:65:fb:a5:06:8c:d9:7d:
         a7:9d:0d:f9:5b:a5:7c:3f:30:1a:5a:54:0c:94:8a:a7:31:4d:
         9f:91:35:ee:2b:c8:95:12:e0:58:17:43:bf:e3:ad:e2:d8:0d:
         f9:c9:6a:d0:2a:bc:e1:c7:b2:4b:27:78:55:07:0f:29:f8:76:
         e6:60:e9:25
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUVBRmTegIpQurGAaQZxSmU5zUqqIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzExMjIyMDExMjhaFw0yNDExMjAyMDE2MjhaMDMxMTAvBgNV
BAMTKEVGNjZDMjkwMTJERjM4MTA1QjYxRUY0NDVFNDZCQjlCNzdEMEQyQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSAT4cXfbUDzR1iAeFa2fRmB9F
71O9oJNLj8J3TjeXc3iiPPnOJWfOn+ekMT2+c/AskbdVCeoYqxLwopg69iFH31XU
IDMbiMxhD+e5xpsenDDDSqAFw8d7eDDEe7D9OmbRsh36n0i+mdENKP5zWCUm63Tb
PV3uIFKJfxQtSvcMDQjDWhxzLn6RlJwq4Uec9xay1rRAB8wuCkj1mPc0ihtV5sIT
bpNsablGKiu0t9NeIerv+wDUVGzO7PXCm6y2wsYksOZq6zYug2ROL9P/SpUC+IV9
Twao7Lhtj0O9eNokxHdeFhH6OnXUZPRCh9hUDnbmMTrRZtf8jNX18YhW+zflAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQU72bCkBLfOBBbYe9EXka7m3fQ0sAwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMDNhMzIzYTNhMmYzNDM4MmQz
NDM4MjAzZDNlMjAzNDMzMzMzNTM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgfYgAACMA0GCSqGSIb3
DQEBCwUAA4IBAQAQgIq7SBdxW7TO+C1rP9QPwMLGB7g3n5JlRalV6YBanQ5uvO62
ekjkg/Oe/F6i9X2FApN6LO/G5iMFJWqncroZgGv59WGSUAq2J52RmiHwbUZU8qh+
jFSmJ6KJINUVTefs6tBZgUxZZ1imA7ySQ7gCj+EJZZDkFFgzcun2Lazvq6u5zAHi
CZyRDuOxEmgyl2bY8D28xd5/OP5Y/a3A2yavreWpJx5oB7vqtnvBVDc6YVFsOlcq
qBUs+xR09ZK6l2X7pQaM2X2nnQ35W6V8PzAaWlQMlIqnMU2fkTXuK8iVEuBYF0O/
463i2A35yWrQKrzhx7JLJ3hVBw8p+HbmYOkl
-----END CERTIFICATE-----