Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f33322d3438203d3e2033323134.roa
File:                     326130373a643838303a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          rWIoNH9J30TepJvALHnWlQuj8d4Csn9LrqJ4DzSY7gk=
Subject key identifier:   70:20:3E:F2:35:E6:76:28:A3:A2:0A:7A:B2:ED:63:30:B5:32:79:82
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       178379AEAF8EC892DDA2516045EEA3AE7E9B8C8B
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f33322d3438203d3e2033323134.roa
Signing time:             Thu 12 Sep 2024 16:46:53 +0000
ROA not before:           Thu 12 Sep 2024 16:41:53 +0000
ROA not after:            Thu 11 Sep 2025 16:46:53 +0000
asID:                     3214
IP address blocks:        2a07:d880::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:83:79:ae:af:8e:c8:92:dd:a2:51:60:45:ee:a3:ae:7e:9b:8c:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 12 16:41:53 2024 GMT
            Not After : Sep 11 16:46:53 2025 GMT
        Subject: CN=70203EF235E67628A3A20A7AB2ED6330B5327982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:56:6b:ca:7a:61:0b:f9:40:c5:fa:87:41:0f:
                    4c:c6:63:33:5c:70:f7:3c:de:9a:96:37:d3:8c:2a:
                    91:2f:8a:c7:a5:7a:77:46:90:d1:6a:18:8c:77:84:
                    12:a4:d1:83:d4:6d:1c:f8:47:dc:5b:5b:37:ed:6c:
                    47:1d:5d:8d:52:0b:0e:44:c5:51:9f:cf:17:28:d4:
                    e4:70:f6:f5:e1:cd:3b:d0:7d:f8:fa:c5:ed:21:5b:
                    1f:0b:97:06:91:bc:6d:5f:22:de:6e:b5:08:55:de:
                    40:3b:01:20:3f:94:5d:aa:a5:6b:61:29:cd:46:f6:
                    d4:ac:41:78:87:88:a0:be:8d:1e:50:f7:80:3c:ec:
                    4b:76:e1:04:77:b2:d1:9c:00:ce:3d:97:b2:04:8e:
                    a6:eb:cf:9e:26:53:e5:e0:69:ea:36:3b:3e:a0:6c:
                    0a:50:be:b8:65:86:6a:5b:8c:8a:3e:6a:28:ab:70:
                    ae:5a:86:d9:e0:01:fd:95:b4:46:93:63:5f:fd:28:
                    83:37:f0:24:38:a9:64:43:bf:d8:54:24:8a:df:ca:
                    c1:e5:e1:32:79:ce:4e:dd:60:cf:3b:45:93:84:9c:
                    9f:90:8a:fa:cf:82:aa:31:1c:8b:79:ad:59:f4:2c:
                    7c:7f:99:e5:15:34:f0:da:7d:b5:f3:d1:a7:eb:3a:
                    c1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:20:3E:F2:35:E6:76:28:A3:A2:0A:7A:B2:ED:63:30:B5:32:79:82
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d880::/32

    Signature Algorithm: sha256WithRSAEncryption
         ce:be:c7:1f:cb:2e:6a:1e:3d:3d:ac:10:85:f8:91:08:d4:89:
         7d:7f:ed:71:30:49:e9:21:a2:f8:f8:28:87:b9:2a:67:a7:c1:
         3b:19:35:6a:b4:66:d4:90:91:16:e0:1d:23:34:70:e0:9e:15:
         6f:63:c5:58:f6:dd:ec:14:96:20:d6:8f:e7:0b:33:b8:8d:07:
         30:99:87:b7:8a:9a:5f:1e:6a:b4:bb:84:cb:72:f6:07:0c:22:
         fa:c0:25:bd:91:23:0a:74:af:39:6e:41:36:61:21:25:e7:32:
         41:2d:7e:57:a5:ee:d4:bc:1c:dc:a2:72:a3:1a:a6:27:f1:23:
         e4:4e:cb:95:46:5d:25:f8:8c:c0:36:a8:52:e0:0d:75:50:08:
         52:ca:0d:3b:71:b3:7a:36:8b:71:4f:99:a1:75:6e:0a:da:08:
         0c:63:dc:1e:e7:91:1f:ca:98:c9:6f:81:04:75:f3:af:c3:22:
         c3:2e:49:1d:89:04:b7:2a:3b:19:63:3a:1d:fd:76:2a:fd:2e:
         86:48:e5:99:4c:97:11:70:1d:39:d2:f5:73:2a:c1:96:79:61:
         4f:aa:b4:c2:b3:a2:cd:02:39:fa:72:57:2d:bb:bf:00:7f:c4:
         c7:98:35:fe:75:51:84:bb:d9:5f:8d:9a:a9:89:df:d5:47:e2:
         35:59:40:bd
-----BEGIN CERTIFICATE-----
MIIEvzCCA6egAwIBAgIUF4N5rq+OyJLdolFgRe6jrn6bjIswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA5MTIxNjQxNTNaFw0yNTA5MTExNjQ2NTNaMDMxMTAvBgNV
BAMTKDcwMjAzRUYyMzVFNjc2MjhBM0EyMEE3QUIyRUQ2MzMwQjUzMjc5ODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgVmvKemEL+UDF+odBD0zGYzNc
cPc83pqWN9OMKpEviselendGkNFqGIx3hBKk0YPUbRz4R9xbWzftbEcdXY1SCw5E
xVGfzxco1ORw9vXhzTvQffj6xe0hWx8LlwaRvG1fIt5utQhV3kA7ASA/lF2qpWth
Kc1G9tSsQXiHiKC+jR5Q94A87Et24QR3stGcAM49l7IEjqbrz54mU+Xgaeo2Oz6g
bApQvrhlhmpbjIo+aiircK5ahtngAf2VtEaTY1/9KIM38CQ4qWRDv9hUJIrfysHl
4TJ5zk7dYM87RZOEnJ+QivrPgqoxHIt5rVn0LHx/meUVNPDafbXz0afrOsGXAgMB
AAGjggHJMIIBxTAdBgNVHQ4EFgQUcCA+8jXmdiijogp6su1jMLUyeYIwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
cgYIKwYBBQUHAQsEZjBkMGIGCCsGAQUFBzALhlZyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMDNhM2EyZjMzMzIyZDM0Mzgy
MDNkM2UyMDMzMzIzMTM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAG
CCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgfYgDANBgkqhkiG9w0BAQsFAAOC
AQEAzr7HH8suah49PawQhfiRCNSJfX/tcTBJ6SGi+Pgoh7kqZ6fBOxk1arRm1JCR
FuAdIzRw4J4Vb2PFWPbd7BSWINaP5wszuI0HMJmHt4qaXx5qtLuEy3L2Bwwi+sAl
vZEjCnSvOW5BNmEhJecyQS1+V6Xu1Lwc3KJyoxqmJ/Ej5E7LlUZdJfiMwDaoUuAN
dVAIUsoNO3GzejaLcU+ZoXVuCtoIDGPcHueRH8qYyW+BBHXzr8Miwy5JHYkEtyo7
GWM6Hf12Kv0uhkjlmUyXEXAdOdL1cyrBlnlhT6q0wrOizQI5+nJXLbu/AH/Ex5g1
/nVRhLvZX42aqYnf1UfiNVlAvQ==
-----END CERTIFICATE-----