Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f32392d3438203d3e203433333537.roa
File:                     326130373a643838303a3a2f32392d3438203d3e203433333537.roa (raw, json)
Hash identifier:          +JNQQSFbcpfVrXRHMbUgn+8M1DgRbaBcZUFxk/JbVII=
Subject key identifier:   9E:CE:9F:79:38:92:B1:5B:DB:75:85:5D:05:4A:48:57:7A:5F:D1:3E
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       6CF609B6C4AEA4BFA03BCB3A35BF98EFBEB84729
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f32392d3438203d3e203433333537.roa
Signing time:             Thu 12 Sep 2024 16:46:53 +0000
ROA not before:           Thu 12 Sep 2024 16:41:53 +0000
ROA not after:            Thu 11 Sep 2025 16:46:53 +0000
asID:                     43357
IP address blocks:        2a07:d880::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:f6:09:b6:c4:ae:a4:bf:a0:3b:cb:3a:35:bf:98:ef:be:b8:47:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 12 16:41:53 2024 GMT
            Not After : Sep 11 16:46:53 2025 GMT
        Subject: CN=9ECE9F793892B15BDB75855D054A48577A5FD13E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c7:6c:97:98:e1:06:c4:21:b5:0c:91:83:42:
                    d5:8e:0c:29:ce:6f:aa:92:0c:43:22:97:1a:6c:b4:
                    b4:e2:2e:ab:f3:a2:62:aa:03:22:3d:0c:7d:89:37:
                    7b:7e:1e:32:6a:e5:d4:de:03:41:e8:dc:95:d1:b6:
                    7e:35:37:41:fc:fc:80:bb:1d:e7:22:ce:1e:c7:b9:
                    64:d9:eb:d4:c9:c9:09:9a:04:22:81:59:d4:33:5e:
                    e0:bb:77:c3:40:87:d5:4f:08:a0:dc:91:13:7f:54:
                    a2:ec:ed:3e:a5:bb:0b:9e:f0:e2:d2:d7:b2:7c:bd:
                    86:86:33:80:6e:0e:4f:18:e4:85:08:5d:60:d1:a9:
                    02:d4:0c:8a:0c:66:73:3c:df:69:ec:09:c4:17:a1:
                    5a:01:60:f2:7a:1a:99:fb:ff:83:0b:a4:c2:03:82:
                    f9:7e:2e:ce:53:1e:0e:4e:c5:e1:10:be:c5:da:93:
                    e7:70:a1:7d:f1:84:33:2c:66:15:21:91:8e:54:52:
                    fb:d4:78:f7:55:97:9e:c5:83:52:67:d5:45:e3:46:
                    83:28:c6:f4:92:dd:4a:23:73:c2:53:a1:11:bc:f0:
                    50:84:eb:89:86:c4:88:c9:1c:23:a0:4d:a2:73:5a:
                    c5:91:e8:00:9b:9f:b2:bb:fc:50:c7:f0:28:9d:e6:
                    7a:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:CE:9F:79:38:92:B1:5B:DB:75:85:5D:05:4A:48:57:7A:5F:D1:3E
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f32392d3438203d3e203433333537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d880::/29

    Signature Algorithm: sha256WithRSAEncryption
         e1:d5:88:1a:be:a8:b6:c3:db:66:03:7c:70:3c:91:b7:c3:9c:
         8a:b0:34:15:9e:4c:d9:d7:51:17:f7:9a:24:39:0c:c6:98:23:
         33:d8:9b:a3:91:ab:05:e3:eb:21:3c:be:4a:6c:29:90:aa:c9:
         84:3b:d9:d2:bf:78:1e:6f:8b:08:fa:2f:fd:8d:b6:e5:1d:6b:
         6f:72:a4:21:ba:c9:10:2d:eb:16:e5:5a:cf:cc:d2:f3:4d:dc:
         2b:4c:37:8b:e0:b2:31:96:f2:0d:c5:61:b8:0c:54:d1:19:db:
         b7:1a:11:99:cb:81:3a:3f:84:d9:9b:99:6e:34:a7:8d:ed:e2:
         ce:d4:98:fc:91:a5:11:43:79:3e:d6:d8:35:e1:dd:f4:4d:55:
         af:de:d0:75:95:bd:69:8f:fb:18:f0:c9:4f:66:6a:f1:7b:ee:
         42:dc:5e:8c:16:90:26:47:1c:c7:e4:e3:1d:2b:31:57:ee:d9:
         9f:fb:76:ba:43:15:02:d3:35:91:4d:d2:11:2a:86:cd:18:35:
         ad:8b:e7:ae:09:d0:93:ce:be:95:c8:f3:a8:fc:d7:e8:50:82:
         06:00:f1:04:0a:de:d8:30:b7:6b:75:94:e3:62:7b:ce:03:4a:
         03:f9:38:49:24:16:9a:3f:42:bf:9b:27:ab:6e:08:62:3d:f4:
         4b:e5:db:0f
-----BEGIN CERTIFICATE-----
MIIEwTCCA6mgAwIBAgIUbPYJtsSupL+gO8s6Nb+Y7764RykwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA5MTIxNjQxNTNaFw0yNTA5MTExNjQ2NTNaMDMxMTAvBgNV
BAMTKDlFQ0U5Rjc5Mzg5MkIxNUJEQjc1ODU1RDA1NEE0ODU3N0E1RkQxM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnx2yXmOEGxCG1DJGDQtWODCnO
b6qSDEMilxpstLTiLqvzomKqAyI9DH2JN3t+HjJq5dTeA0Ho3JXRtn41N0H8/IC7
Hecizh7HuWTZ69TJyQmaBCKBWdQzXuC7d8NAh9VPCKDckRN/VKLs7T6luwue8OLS
17J8vYaGM4BuDk8Y5IUIXWDRqQLUDIoMZnM832nsCcQXoVoBYPJ6Gpn7/4MLpMID
gvl+Ls5THg5OxeEQvsXak+dwoX3xhDMsZhUhkY5UUvvUePdVl57Fg1Jn1UXjRoMo
xvSS3Uojc8JToRG88FCE64mGxIjJHCOgTaJzWsWR6ACbn7K7/FDH8Cid5nqNAgMB
AAGjggHLMIIBxzAdBgNVHQ4EFgQUns6feTiSsVvbdYVdBUpIV3pf0T4wHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
dAYIKwYBBQUHAQsEaDBmMGQGCCsGAQUFBzALhlhyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMDNhM2EyZjMyMzkyZDM0Mzgy
MDNkM2UyMDM0MzMzMzM1Mzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqB9iAMA0GCSqGSIb3DQEBCwUA
A4IBAQDh1Ygavqi2w9tmA3xwPJG3w5yKsDQVnkzZ11EX95okOQzGmCMz2JujkasF
4+shPL5KbCmQqsmEO9nSv3geb4sI+i/9jbblHWtvcqQhuskQLesW5VrPzNLzTdwr
TDeL4LIxlvINxWG4DFTRGdu3GhGZy4E6P4TZm5luNKeN7eLO1Jj8kaURQ3k+1tg1
4d30TVWv3tB1lb1pj/sY8MlPZmrxe+5C3F6MFpAmRxzH5OMdKzFX7tmf+3a6QxUC
0zWRTdIRKobNGDWti+euCdCTzr6VyPOo/NfoUIIGAPEECt7YMLdrdZTjYnvOA0oD
+ThJJBaaP0K/myerbghiPfRL5dsP
-----END CERTIFICATE-----