Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838333a3130303a3a2f34302d3438203d3e20323038343736.roa
File:                     326130373a643838333a3130303a3a2f34302d3438203d3e20323038343736.roa (raw, json)
Hash identifier:          GBltCEEaVAySgOvE3GP9Cbr+kKIFCbEN1Ny20m3NzO4=
Subject key identifier:   F7:B9:36:4A:39:67:74:34:BD:D9:F3:47:2C:0B:44:8C:48:77:9C:4F
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       3689C9DBDBF389D4870363FE84FA485BFCCCA9EA
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838333a3130303a3a2f34302d3438203d3e20323038343736.roa
Signing time:             Thu 12 Oct 2023 15:59:56 +0000
ROA not before:           Thu 12 Oct 2023 15:54:56 +0000
ROA not after:            Thu 10 Oct 2024 15:59:56 +0000
asID:                     208476
IP address blocks:        2a07:d883:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:89:c9:db:db:f3:89:d4:87:03:63:fe:84:fa:48:5b:fc:cc:a9:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Oct 12 15:54:56 2023 GMT
            Not After : Oct 10 15:59:56 2024 GMT
        Subject: CN=F7B9364A39677434BDD9F3472C0B448C48779C4F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:49:04:24:78:65:07:24:35:b9:5e:69:bd:45:
                    8a:9a:f5:e2:0a:5e:2b:04:12:57:79:7a:2b:d8:e6:
                    20:96:f6:3a:a2:a3:a8:ee:27:27:6a:f1:e0:15:2e:
                    64:b6:69:23:d0:6e:13:6f:aa:fc:9a:fa:e4:d6:2c:
                    a9:ee:c9:6e:b8:5a:ae:b9:8f:e8:2d:cc:e2:d3:92:
                    aa:74:2a:9e:e4:a3:e6:2a:48:2b:5d:f8:3c:ad:d9:
                    ce:fe:7e:04:03:a2:dc:76:89:7e:33:2d:47:2c:43:
                    bd:09:fd:69:aa:dc:f2:e8:24:65:ef:c3:75:e1:e6:
                    06:8a:db:40:8d:11:97:87:9b:27:8e:2a:81:b2:da:
                    b6:80:d0:18:6c:15:5e:55:9a:d2:e6:ef:8b:1b:62:
                    ed:bc:3a:ed:3f:7e:c2:b0:81:1c:49:27:bc:c4:eb:
                    d5:5b:d0:5f:bf:a6:76:64:f8:cd:09:13:e8:c7:6d:
                    f7:ef:93:00:ce:f9:80:30:74:3b:c8:48:0b:15:d7:
                    5b:ee:6f:37:91:3f:5e:b4:92:41:84:dd:ab:61:dc:
                    3f:30:73:3f:89:64:b9:31:d0:5a:8b:64:1b:81:b5:
                    30:83:6e:f0:48:32:64:f9:c3:0e:8f:cf:7c:4a:03:
                    74:18:58:16:72:c0:06:0e:6d:b2:b9:39:f6:f2:41:
                    f6:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B9:36:4A:39:67:74:34:BD:D9:F3:47:2C:0B:44:8C:48:77:9C:4F
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838333a3130303a3a2f34302d3438203d3e20323038343736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d883:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         1a:17:af:ae:7f:56:01:ad:5d:2e:bd:ce:b0:d1:1c:a7:17:12:
         4d:a5:4e:dd:c9:43:0e:b8:45:70:5d:bb:74:0c:c8:a2:c8:ee:
         e6:90:8e:52:cd:d8:bd:7c:d1:7b:01:97:f5:2d:07:70:3c:51:
         18:48:8e:5c:51:b2:75:30:24:5b:9d:a9:d6:31:ed:a5:43:e8:
         42:4c:d9:cc:18:b5:1f:ed:5f:8a:5f:ac:88:62:dc:5f:c3:f8:
         fc:24:0c:bd:11:d4:56:d3:7d:3d:5a:fb:ab:75:4d:ea:53:3d:
         a2:e2:56:0f:26:4d:13:05:ce:20:61:f0:76:9c:8c:8b:a2:ca:
         93:d7:fb:d3:d4:04:57:8d:d4:a1:ad:e6:08:57:f4:3f:f7:36:
         03:b2:ac:19:8c:9f:2a:8f:4e:78:c0:73:2f:be:58:99:2a:6d:
         77:f9:39:82:1d:87:98:0f:95:6e:c8:2f:65:df:5a:77:c3:d0:
         c1:f7:39:3c:d5:ae:8b:78:fe:50:d6:da:4a:b2:a7:4c:31:42:
         53:7d:2a:aa:4a:50:33:d8:0e:f6:a9:2b:0d:cb:dd:b7:92:ae:
         cd:71:2e:ea:05:36:8d:63:d7:2f:26:95:ae:e3:13:d9:f4:7e:
         b1:f4:66:18:57:c2:2e:21:42:8c:1d:4d:e1:4d:f3:7a:89:ac:
         c2:51:c0:3f
-----BEGIN CERTIFICATE-----
MIIEzDCCA7SgAwIBAgIUNonJ29vzidSHA2P+hPpIW/zMqeowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yMzEwMTIxNTU0NTZaFw0yNDEwMTAxNTU5NTZaMDMxMTAvBgNV
BAMTKEY3QjkzNjRBMzk2Nzc0MzRCREQ5RjM0NzJDMEI0NDhDNDg3NzlDNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkSQQkeGUHJDW5Xmm9RYqa9eIK
XisEEld5eivY5iCW9jqio6juJydq8eAVLmS2aSPQbhNvqvya+uTWLKnuyW64Wq65
j+gtzOLTkqp0Kp7ko+YqSCtd+Dyt2c7+fgQDotx2iX4zLUcsQ70J/Wmq3PLoJGXv
w3Xh5gaK20CNEZeHmyeOKoGy2raA0BhsFV5VmtLm74sbYu28Ou0/fsKwgRxJJ7zE
69Vb0F+/pnZk+M0JE+jHbffvkwDO+YAwdDvISAsV11vubzeRP160kkGE3ath3D8w
cz+JZLkx0FqLZBuBtTCDbvBIMmT5ww6Pz3xKA3QYWBZywAYObbK5OfbyQfZjAgMB
AAGjggHWMIIB0jAdBgNVHQ4EFgQU97k2SjlndDS92fNHLAtEjEh3nE8wHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
fgYIKwYBBQUHAQsEcjBwMG4GCCsGAQUFBzALhmJyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMzNhMzEzMDMwM2EzYTJmMzQz
MDJkMzQzODIwM2QzZTIwMzIzMDM4MzQzNzM2LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgfYgwEwDQYJ
KoZIhvcNAQELBQADggEBABoXr65/VgGtXS69zrDRHKcXEk2lTt3JQw64RXBdu3QM
yKLI7uaQjlLN2L180XsBl/UtB3A8URhIjlxRsnUwJFudqdYx7aVD6EJM2cwYtR/t
X4pfrIhi3F/D+PwkDL0R1FbTfT1a+6t1TepTPaLiVg8mTRMFziBh8HacjIuiypPX
+9PUBFeN1KGt5ghX9D/3NgOyrBmMnyqPTnjAcy++WJkqbXf5OYIdh5gPlW7IL2Xf
WnfD0MH3OTzVrot4/lDW2kqyp0wxQlN9KqpKUDPYDvapKw3L3beSrs1xLuoFNo1j
1y8mla7jE9n0frH0ZhhXwi4hQowdTeFN83qJrMJRwD8=
-----END CERTIFICATE-----