Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f33322d3438203d3e2033323134.roa
File:                     326130373a643838303a3a2f33322d3438203d3e2033323134.roa (raw, json)
Hash identifier:          TTgyy1BxltMKK0bpAu8gO/WGwWb3aKvCSPTEoohixZ8=
Subject key identifier:   46:EA:99:48:64:2A:AD:ED:99:74:3A:28:0F:09:F8:54:89:6B:BB:C1
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       3D1371A6AE202CFE61CFC21CA4BA114291A0A6AF
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f33322d3438203d3e2033323134.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     3214
IP address blocks:        2a07:d880::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 04:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:13:71:a6:ae:20:2c:fe:61:cf:c2:1c:a4:ba:11:42:91:a0:a6:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=46EA9948642AADED99743A280F09F854896BBBC1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d8:df:ca:32:92:fe:a9:88:7f:76:ea:1b:c8:
                    01:25:cd:e0:ff:29:6c:0c:fd:ab:69:64:c9:a4:fa:
                    6e:6d:93:81:10:9e:ab:d5:75:8a:c4:8b:6d:62:32:
                    fc:de:45:07:2a:fd:d8:3d:58:25:99:0c:e9:b8:dd:
                    ce:39:b0:c8:27:c5:0c:66:92:12:00:e1:c1:af:0a:
                    f2:80:d9:09:36:e8:97:93:4d:bb:ec:78:bb:f6:99:
                    65:77:af:66:a2:2b:df:b9:55:35:6c:38:9d:14:63:
                    21:bb:38:5c:6e:6d:3c:3d:43:d1:e1:b0:91:99:ce:
                    e7:1d:89:ca:b6:c2:f3:fa:b6:61:51:c5:57:84:b8:
                    a2:5c:32:2c:9d:4c:c6:89:c7:d7:64:12:db:d9:2a:
                    a2:21:0e:1b:ad:07:27:98:02:c6:58:d0:55:4a:ad:
                    ea:ce:59:4d:74:ee:71:5f:32:62:3a:7c:bf:c8:e8:
                    b7:b1:3c:8d:b5:a9:9b:fa:75:13:5e:ea:e4:f0:70:
                    af:22:45:0f:f4:f3:67:bd:8c:0d:3a:73:d0:32:2c:
                    96:45:60:68:e9:c6:6f:a2:83:df:d1:ff:dc:93:0f:
                    14:c7:49:c3:e0:92:29:04:b3:20:3f:d7:00:2f:58:
                    64:de:dc:cf:1f:54:4a:61:07:19:ff:83:70:6a:03:
                    b6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:EA:99:48:64:2A:AD:ED:99:74:3A:28:0F:09:F8:54:89:6B:BB:C1
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a3a2f33322d3438203d3e2033323134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d880::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:b8:21:48:15:6f:6b:a6:14:f0:c5:5a:ce:20:00:f4:37:be:
         ae:bf:c2:8c:c6:b1:95:5c:e4:a1:e4:2b:c2:1c:14:fb:77:f6:
         4d:45:07:85:f0:03:89:fa:87:9d:7f:60:0f:15:f5:4c:cf:65:
         cb:a0:35:5c:55:b7:0b:e4:a3:c2:f6:6e:45:bd:20:c3:80:a9:
         5d:b4:c8:16:dc:7e:51:34:16:49:d5:48:57:5d:a5:09:c5:41:
         8c:ae:84:09:c9:4f:b2:91:7f:81:df:04:b8:5d:9e:aa:b8:88:
         eb:79:af:f9:1c:15:fd:9a:7d:bb:7a:6f:35:43:af:bc:cc:5a:
         f1:f7:88:2b:a4:fd:84:1c:53:ce:36:83:1c:93:93:8a:37:a6:
         ec:d3:cf:25:4c:81:5c:e9:e5:e7:53:5c:7e:44:a2:99:3c:97:
         63:c0:e5:2b:85:e0:95:29:16:e5:99:77:67:5c:ad:cc:98:dd:
         a2:ad:aa:08:00:e3:15:76:1f:c5:c5:ff:39:ea:8d:41:a9:a3:
         17:e1:ae:f8:15:61:62:76:21:26:4a:71:70:d9:33:9e:97:ab:
         bd:75:b0:20:15:51:e1:18:22:eb:5a:61:69:c0:29:0f:78:56:
         ce:09:71:18:c8:74:8c:77:b9:32:76:5c:81:6e:79:82:33:b8:
         fc:94:18:a6
-----BEGIN CERTIFICATE-----
MIIEvzCCA6egAwIBAgIUPRNxpq4gLP5hz8IcpLoRQpGgpq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKDQ2RUE5OTQ4NjQyQUFERUQ5OTc0M0EyODBGMDlGODU0ODk2QkJCQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY2N/KMpL+qYh/duobyAElzeD/
KWwM/atpZMmk+m5tk4EQnqvVdYrEi21iMvzeRQcq/dg9WCWZDOm43c45sMgnxQxm
khIA4cGvCvKA2Qk26JeTTbvseLv2mWV3r2aiK9+5VTVsOJ0UYyG7OFxubTw9Q9Hh
sJGZzucdicq2wvP6tmFRxVeEuKJcMiydTMaJx9dkEtvZKqIhDhutByeYAsZY0FVK
rerOWU107nFfMmI6fL/I6LexPI21qZv6dRNe6uTwcK8iRQ/082e9jA06c9AyLJZF
YGjpxm+ig9/R/9yTDxTHScPgkikEsyA/1wAvWGTe3M8fVEphBxn/g3BqA7Z/AgMB
AAGjggHJMIIBxTAdBgNVHQ4EFgQURuqZSGQqre2ZdDooDwn4VIlru8EwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
cgYIKwYBBQUHAQsEZjBkMGIGCCsGAQUFBzALhlZyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMDNhM2EyZjMzMzIyZDM0Mzgy
MDNkM2UyMDMzMzIzMTM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAG
CCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgfYgDANBgkqhkiG9w0BAQsFAAOC
AQEAOLghSBVva6YU8MVaziAA9De+rr/CjMaxlVzkoeQrwhwU+3f2TUUHhfADifqH
nX9gDxX1TM9ly6A1XFW3C+SjwvZuRb0gw4CpXbTIFtx+UTQWSdVIV12lCcVBjK6E
CclPspF/gd8EuF2eqriI63mv+RwV/Zp9u3pvNUOvvMxa8feIK6T9hBxTzjaDHJOT
ijem7NPPJUyBXOnl51NcfkSimTyXY8DlK4XglSkW5Zl3Z1ytzJjdoq2qCADjFXYf
xcX/OeqNQamjF+Gu+BVhYnYhJkpxcNkznpervXWwIBVR4Rgi61phacApD3hWzglx
GMh0jHe5MnZcgW55gjO4/JQYpg==
-----END CERTIFICATE-----