Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f32392d3438203d3e203433333537.roa
File:                     326130373a643838303a3a2f32392d3438203d3e203433333537.roa (raw, json)
Hash identifier:          OXdRXAWV8yqto2wmtb/jXRXv05xnsB/nSlq5SB2s6vc=
Subject key identifier:   E3:A1:49:E2:07:6C:37:DE:41:D3:89:28:1A:2E:1C:05:D2:48:34:EA
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       2CA7BE00639AC6FD2270EBC78F15A915D8CD11A1
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f32392d3438203d3e203433333537.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     43357
IP address blocks:        2a07:d880::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:a7:be:00:63:9a:c6:fd:22:70:eb:c7:8f:15:a9:15:d8:cd:11:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=E3A149E2076C37DE41D389281A2E1C05D24834EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:35:e0:03:b2:ee:b1:9d:5e:38:94:1a:8a:73:
                    f6:31:c9:cf:55:e9:3c:f7:72:f8:e6:c1:47:50:95:
                    7b:1d:51:cc:fd:57:26:15:ca:da:c0:17:70:d6:a2:
                    70:61:48:c9:ab:f7:ab:9d:f8:1b:59:6a:f5:7e:d1:
                    d1:a1:65:48:cc:74:65:b0:9b:37:ab:e5:00:56:3a:
                    86:1f:24:c1:98:93:93:24:19:f9:e0:d8:40:7b:0d:
                    2d:41:9e:d3:75:c8:c4:3e:61:6d:3f:f4:1e:69:d7:
                    8a:9f:11:cb:a6:ac:45:0c:13:49:57:93:6c:f5:e3:
                    56:90:b3:06:99:98:18:26:be:62:4c:53:78:99:06:
                    1d:36:38:d6:da:ef:e7:35:1f:3c:ea:bd:e4:ed:f1:
                    22:43:98:4e:35:18:b1:00:83:0f:4e:14:c5:f4:8d:
                    ee:b1:42:d6:f6:26:fd:47:85:6d:76:88:80:86:4d:
                    4a:e4:bf:0f:1e:1d:1a:90:f0:64:1f:30:74:64:00:
                    98:74:26:52:64:a1:44:c4:98:f6:c4:74:ad:d5:f9:
                    17:18:0f:86:23:36:ce:76:59:bd:85:ab:aa:7f:21:
                    19:30:15:a2:e2:3c:60:f6:bc:7c:e0:01:36:2d:27:
                    75:c9:54:a1:b5:85:9e:c4:53:80:e1:1f:86:dc:c2:
                    db:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:A1:49:E2:07:6C:37:DE:41:D3:89:28:1A:2E:1C:05:D2:48:34:EA
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f32392d3438203d3e203433333537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d880::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:e5:3c:67:16:c3:b4:3f:19:08:e8:2a:0c:97:79:e9:80:24:
         f7:e8:3b:4d:c8:79:ad:c1:49:58:9f:91:83:f7:f9:6c:d6:7c:
         7c:a6:2f:01:b7:88:fe:b6:63:8c:be:09:19:4a:ba:87:7b:8b:
         90:ae:ff:7d:d9:ab:88:c4:69:95:d0:f8:f1:51:b6:31:3c:60:
         b2:84:78:97:b4:47:61:be:a3:40:e3:a3:e9:c5:c4:cc:4c:1b:
         f3:f4:7b:da:64:e8:55:07:cd:e2:a1:f3:c2:23:bd:25:62:9a:
         0a:6d:53:0a:ce:af:8c:12:84:40:5e:e7:5a:5b:23:a5:c3:75:
         4a:58:5d:86:8a:e4:59:a9:5e:57:12:8d:61:4a:50:cf:99:85:
         56:ed:82:14:73:27:a4:90:19:14:61:dd:b5:f6:96:75:89:5a:
         2c:11:81:c0:35:a2:68:ac:21:0c:86:28:a1:97:d8:0f:66:d0:
         b6:e5:09:66:e0:6a:75:4b:d2:a3:f1:cc:b4:1a:9d:ba:ac:7d:
         16:22:03:e1:27:e0:b1:b6:b4:01:ca:44:6e:15:6e:76:44:c9:
         64:8b:47:cf:8d:4b:17:40:41:dd:de:fe:4d:fd:41:bf:06:96:
         d5:3d:20:f3:ff:10:88:27:1d:e1:96:ae:c1:b3:ba:3f:75:64:
         13:69:20:9d
-----BEGIN CERTIFICATE-----
MIIEwTCCA6mgAwIBAgIULKe+AGOaxv0icOvHjxWpFdjNEaEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKEUzQTE0OUUyMDc2QzM3REU0MUQzODkyODFBMkUxQzA1RDI0ODM0RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdNeADsu6xnV44lBqKc/Yxyc9V
6Tz3cvjmwUdQlXsdUcz9VyYVytrAF3DWonBhSMmr96ud+BtZavV+0dGhZUjMdGWw
mzer5QBWOoYfJMGYk5MkGfng2EB7DS1BntN1yMQ+YW0/9B5p14qfEcumrEUME0lX
k2z141aQswaZmBgmvmJMU3iZBh02ONba7+c1HzzqveTt8SJDmE41GLEAgw9OFMX0
je6xQtb2Jv1HhW12iICGTUrkvw8eHRqQ8GQfMHRkAJh0JlJkoUTEmPbEdK3V+RcY
D4YjNs52Wb2Fq6p/IRkwFaLiPGD2vHzgATYtJ3XJVKG1hZ7EU4DhH4bcwtsxAgMB
AAGjggHLMIIBxzAdBgNVHQ4EFgQU46FJ4gdsN95B04koGi4cBdJINOowHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
dAYIKwYBBQUHAQsEaDBmMGQGCCsGAQUFBzALhlhyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMDNhM2EyZjMyMzkyZDM0Mzgy
MDNkM2UyMDM0MzMzMzM1Mzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqB9iAMA0GCSqGSIb3DQEBCwUA
A4IBAQCM5TxnFsO0PxkI6CoMl3npgCT36DtNyHmtwUlYn5GD9/ls1nx8pi8Bt4j+
tmOMvgkZSrqHe4uQrv992auIxGmV0PjxUbYxPGCyhHiXtEdhvqNA46PpxcTMTBvz
9HvaZOhVB83iofPCI70lYpoKbVMKzq+MEoRAXudaWyOlw3VKWF2GiuRZqV5XEo1h
SlDPmYVW7YIUcyekkBkUYd219pZ1iVosEYHANaJorCEMhiihl9gPZtC25Qlm4Gp1
S9Kj8cy0Gp26rH0WIgPhJ+CxtrQBykRuFW52RMlki0fPjUsXQEHd3v5N/UG/BpbV
PSDz/xCIJx3hlq7Bs7o/dWQTaSCd
-----END CERTIFICATE-----