Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838333a3130303a3a2f34302d3438203d3e20323038343736.roa
File:                     326130373a643838333a3130303a3a2f34302d3438203d3e20323038343736.roa (raw, json)
Hash identifier:          6xE6DoCzFe0vupIiAD4Jo8SzPwgBUas5RuH/GRpEa14=
Subject key identifier:   82:31:B3:CE:E4:99:A4:4E:2E:EB:B7:4B:8A:91:78:B0:14:EA:38:EC
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       02CF4A48101FDAC5F9D08AEB6B76690D8E9D2E5E
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838333a3130303a3a2f34302d3438203d3e20323038343736.roa
Signing time:             Thu 12 Sep 2024 16:46:53 +0000
ROA not before:           Thu 12 Sep 2024 16:41:53 +0000
ROA not after:            Thu 11 Sep 2025 16:46:53 +0000
asID:                     208476
IP address blocks:        2a07:d883:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:cf:4a:48:10:1f:da:c5:f9:d0:8a:eb:6b:76:69:0d:8e:9d:2e:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 12 16:41:53 2024 GMT
            Not After : Sep 11 16:46:53 2025 GMT
        Subject: CN=8231B3CEE499A44E2EEBB74B8A9178B014EA38EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8e:97:a8:3b:94:92:85:13:35:ed:d6:2c:49:
                    7f:77:53:96:46:6e:2a:f3:64:18:39:77:b6:3f:23:
                    ab:08:85:89:f2:21:7e:d3:0f:da:e0:ca:a0:2e:b1:
                    83:7d:ba:da:24:04:05:cc:34:ab:6f:3e:37:92:4f:
                    b9:44:b4:63:25:07:d6:15:bb:52:27:4b:9e:dd:fb:
                    12:79:0a:35:9e:e1:8b:2c:60:ba:97:68:41:d5:a2:
                    5a:90:47:2d:e3:81:ea:db:84:fe:ba:67:09:1a:22:
                    7c:94:1c:b5:db:f5:1c:be:1f:75:c2:56:d9:f0:7e:
                    88:84:02:c7:7d:53:ce:79:a3:56:a0:d8:38:52:97:
                    a9:61:01:5c:31:77:c3:c8:5b:ed:eb:ae:f5:d1:13:
                    d8:41:a4:04:31:55:d7:65:0d:eb:50:e4:03:01:bb:
                    3c:a7:19:34:af:ee:20:61:2b:d3:60:4c:c8:a7:ae:
                    81:d6:1b:94:9c:14:9e:75:c0:2a:30:1a:9d:e1:4d:
                    bc:1a:fc:7f:9b:eb:fb:49:71:e9:20:45:2e:b4:7f:
                    b4:2b:bc:88:95:0c:3a:57:56:ea:86:53:4c:be:47:
                    e5:bd:8e:15:f1:e6:26:4b:b3:cc:76:c6:7c:9f:36:
                    5b:6a:17:96:0f:c1:d0:af:a2:69:eb:f6:88:81:ae:
                    a4:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:31:B3:CE:E4:99:A4:4E:2E:EB:B7:4B:8A:91:78:B0:14:EA:38:EC
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838333a3130303a3a2f34302d3438203d3e20323038343736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d883:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         6b:31:b9:8f:18:4f:b2:97:9e:d1:7c:24:26:ab:8b:97:c6:b1:
         f2:b7:3c:68:a3:ef:53:63:b2:cd:4f:14:a4:d6:8d:94:8d:e1:
         dd:dc:f8:e0:55:b1:50:b6:85:ec:b6:1a:77:84:67:79:03:88:
         34:59:a8:c0:26:73:89:50:53:59:51:00:9b:fc:5e:d5:11:11:
         5d:2f:f5:e0:cd:d7:d7:23:7f:20:0f:bd:ad:38:b8:26:90:33:
         f8:5c:63:29:9d:9f:5e:f0:f0:aa:e9:fa:bf:07:b3:8b:c9:27:
         98:fa:af:6b:30:33:7c:01:2e:81:8a:1b:67:76:d1:88:84:c8:
         9a:9e:ee:96:32:66:ee:ff:17:73:48:9c:94:fe:58:59:12:85:
         15:9e:e9:5d:65:7d:89:1b:2d:47:33:fd:bb:29:4a:ef:e6:bb:
         20:15:62:cc:c9:b5:15:15:e4:51:04:74:1a:a2:00:cd:49:05:
         f0:67:a9:58:bf:90:6c:98:2d:c3:7a:d7:81:e9:6b:f6:7e:6c:
         57:d9:18:2c:f0:d6:c0:44:a6:98:5a:77:45:aa:f0:71:34:66:
         54:bf:a1:d0:3a:67:9e:54:34:60:40:ba:f2:1c:09:9d:38:58:
         d4:c3:31:54:3b:28:0e:e9:c7:3c:1b:24:0a:e8:bd:b3:07:b9:
         21:81:b7:01
-----BEGIN CERTIFICATE-----
MIIEzDCCA7SgAwIBAgIUAs9KSBAf2sX50Irra3ZpDY6dLl4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA5MTIxNjQxNTNaFw0yNTA5MTExNjQ2NTNaMDMxMTAvBgNV
BAMTKDgyMzFCM0NFRTQ5OUE0NEUyRUVCQjc0QjhBOTE3OEIwMTRFQTM4RUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsjpeoO5SShRM17dYsSX93U5ZG
birzZBg5d7Y/I6sIhYnyIX7TD9rgyqAusYN9utokBAXMNKtvPjeST7lEtGMlB9YV
u1InS57d+xJ5CjWe4YssYLqXaEHVolqQRy3jgerbhP66ZwkaInyUHLXb9Ry+H3XC
VtnwfoiEAsd9U855o1ag2DhSl6lhAVwxd8PIW+3rrvXRE9hBpAQxVddlDetQ5AMB
uzynGTSv7iBhK9NgTMinroHWG5ScFJ51wCowGp3hTbwa/H+b6/tJcekgRS60f7Qr
vIiVDDpXVuqGU0y+R+W9jhXx5iZLs8x2xnyfNltqF5YPwdCvomnr9oiBrqTHAgMB
AAGjggHWMIIB0jAdBgNVHQ4EFgQUgjGzzuSZpE4u67dLipF4sBTqOOwwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
fgYIKwYBBQUHAQsEcjBwMG4GCCsGAQUFBzALhmJyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMzNhMzEzMDMwM2EzYTJmMzQz
MDJkMzQzODIwM2QzZTIwMzIzMDM4MzQzNzM2LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgfYgwEwDQYJ
KoZIhvcNAQELBQADggEBAGsxuY8YT7KXntF8JCari5fGsfK3PGij71Njss1PFKTW
jZSN4d3c+OBVsVC2hey2GneEZ3kDiDRZqMAmc4lQU1lRAJv8XtUREV0v9eDN19cj
fyAPva04uCaQM/hcYymdn17w8Krp+r8Hs4vJJ5j6r2swM3wBLoGKG2d20YiEyJqe
7pYyZu7/F3NInJT+WFkShRWe6V1lfYkbLUcz/bspSu/muyAVYszJtRUV5FEEdBqi
AM1JBfBnqVi/kGyYLcN614Hpa/Z+bFfZGCzw1sBEpphad0Wq8HE0ZlS/odA6Z55U
NGBAuvIcCZ04WNTDMVQ7KA7pxzwbJArovbMHuSGBtwE=
-----END CERTIFICATE-----