Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f32392d3438203d3e203233393539.roa
File:                     326130373a643838303a3a2f32392d3438203d3e203233393539.roa (raw, json)
Hash identifier:          O0UWEd4G4Q7k3+fRY6Jz+riVEGcekQeGPVHTs3+tIhA=
Subject key identifier:   CC:C6:0E:4F:55:83:DC:DB:6A:5B:E0:A6:68:F1:11:50:F4:D0:EF:74
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       4332705C5BD1EC4893AAE7A572860FA573BBD884
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f32392d3438203d3e203233393539.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     23959
IP address blocks:        2a07:d880::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:32:70:5c:5b:d1:ec:48:93:aa:e7:a5:72:86:0f:a5:73:bb:d8:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=CCC60E4F5583DCDB6A5BE0A668F11150F4D0EF74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ea:7e:ba:48:07:cc:b6:e5:4f:f8:fb:e5:d3:
                    26:09:99:6e:8b:5f:75:15:45:09:c7:63:5e:be:09:
                    88:5d:99:a0:4d:f4:2a:43:f2:fa:f7:9d:bf:c6:8d:
                    35:59:40:40:23:5a:b6:43:d9:c4:58:98:5e:5d:aa:
                    1d:97:5f:55:f4:ca:0b:6b:cd:f2:8c:36:35:aa:d2:
                    8c:10:50:01:af:87:6f:07:c9:c3:bc:60:ce:fa:07:
                    d1:2a:a4:c1:84:83:6b:4a:a9:04:b3:1b:f8:fb:b0:
                    3c:db:4c:19:e1:c9:64:a8:8a:e4:49:06:ac:31:df:
                    ed:4b:35:d9:3f:bc:22:80:f0:a9:2d:51:23:a3:aa:
                    d0:c3:e5:46:55:dc:4b:96:f9:63:ef:1b:97:71:0b:
                    b3:f1:bc:06:6b:32:2e:08:13:c0:6b:d9:6b:f2:c7:
                    ab:e1:de:ad:e5:1a:86:68:5d:68:78:32:61:fa:30:
                    50:01:c1:6c:ee:f6:80:af:08:91:7b:dd:b5:26:4a:
                    99:f7:49:5e:91:d3:db:bc:39:d5:35:f0:e7:17:f8:
                    9c:7b:e9:0f:5e:00:9c:c7:bc:ce:f7:b8:f6:a1:a4:
                    0a:e2:b8:e1:c5:81:60:96:e9:73:c6:4a:27:e8:cf:
                    b8:96:a3:0b:aa:24:36:e1:51:03:25:ec:3d:42:09:
                    5c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:C6:0E:4F:55:83:DC:DB:6A:5B:E0:A6:68:F1:11:50:F4:D0:EF:74
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f32392d3438203d3e203233393539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d880::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:ea:5a:8b:a5:dc:e4:ea:69:75:23:af:80:b3:33:3f:bf:ea:
         30:e1:c5:88:27:f2:97:45:19:e2:a2:7a:81:b2:96:35:51:53:
         aa:27:74:b7:81:f4:f2:82:5c:fe:95:ca:bb:2e:64:da:3f:ce:
         9b:94:8f:5d:4b:96:f4:42:93:8b:4d:e5:fe:79:05:2c:95:31:
         b2:f6:36:21:b0:a5:10:7a:1e:11:fc:c3:c2:90:62:c8:58:58:
         b7:21:51:cc:96:74:0c:00:87:52:6c:0d:46:09:93:cd:7b:69:
         01:7e:2e:9c:e4:2a:41:a7:f7:67:1a:8c:c6:a9:60:0b:4f:47:
         7c:6c:3c:7e:a1:25:b2:36:17:f9:13:7e:03:61:b2:65:eb:d0:
         68:ef:6d:43:d8:44:26:4f:07:63:97:02:b5:7c:b3:39:83:c4:
         6b:17:54:ec:8c:33:29:bd:1b:4e:f1:6a:79:c1:11:f1:3c:bb:
         69:a3:4d:99:42:16:fe:4a:6d:1d:8e:52:96:58:a7:58:5d:16:
         3a:31:71:2a:c4:8f:af:0f:c2:5c:1a:7b:1d:8f:f3:52:14:eb:
         d7:c2:df:4b:ac:dd:16:43:ae:1e:ec:b0:3c:a3:f4:4f:4e:7d:
         0f:fa:ee:34:47:fa:2e:ce:ce:89:c9:ca:ae:7d:83:7b:30:fb:
         a3:0a:ab:55
-----BEGIN CERTIFICATE-----
MIIEwTCCA6mgAwIBAgIUQzJwXFvR7EiTquelcoYPpXO72IQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKENDQzYwRTRGNTU4M0RDREI2QTVCRTBBNjY4RjExMTUwRjREMEVGNzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY6n66SAfMtuVP+Pvl0yYJmW6L
X3UVRQnHY16+CYhdmaBN9CpD8vr3nb/GjTVZQEAjWrZD2cRYmF5dqh2XX1X0ygtr
zfKMNjWq0owQUAGvh28HycO8YM76B9EqpMGEg2tKqQSzG/j7sDzbTBnhyWSoiuRJ
Bqwx3+1LNdk/vCKA8KktUSOjqtDD5UZV3EuW+WPvG5dxC7PxvAZrMi4IE8Br2Wvy
x6vh3q3lGoZoXWh4MmH6MFABwWzu9oCvCJF73bUmSpn3SV6R09u8OdU18OcX+Jx7
6Q9eAJzHvM73uPahpAriuOHFgWCW6XPGSifoz7iWowuqJDbhUQMl7D1CCVyRAgMB
AAGjggHLMIIBxzAdBgNVHQ4EFgQUzMYOT1WD3NtqW+CmaPERUPTQ73QwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
dAYIKwYBBQUHAQsEaDBmMGQGCCsGAQUFBzALhlhyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMDNhM2EyZjMyMzkyZDM0Mzgy
MDNkM2UyMDMyMzMzOTM1Mzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqB9iAMA0GCSqGSIb3DQEBCwUA
A4IBAQB66lqLpdzk6ml1I6+AszM/v+ow4cWIJ/KXRRnionqBspY1UVOqJ3S3gfTy
glz+lcq7LmTaP86blI9dS5b0QpOLTeX+eQUslTGy9jYhsKUQeh4R/MPCkGLIWFi3
IVHMlnQMAIdSbA1GCZPNe2kBfi6c5CpBp/dnGozGqWALT0d8bDx+oSWyNhf5E34D
YbJl69Bo721D2EQmTwdjlwK1fLM5g8RrF1TsjDMpvRtO8Wp5wRHxPLtpo02ZQhb+
Sm0djlKWWKdYXRY6MXEqxI+vD8JcGnsdj/NSFOvXwt9LrN0WQ64e7LA8o/RPTn0P
+u40R/ouzs6JycqufYN7MPujCqtV
-----END CERTIFICATE-----