Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838333a3130303a3a2f34302d3438203d3e20323134333636.roa
File:                     326130373a643838333a3130303a3a2f34302d3438203d3e20323134333636.roa (raw, json)
Hash identifier:          68FPBQriambvQ+YvEq3Gjna6ckOLH0DsbtHxeTklIoA=
Subject key identifier:   ED:88:22:67:84:DD:29:2C:7F:22:60:93:13:2C:E7:43:B5:8B:72:8C
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       174BE0EF3CD51E600666D605878761CCBD6A50D1
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838333a3130303a3a2f34302d3438203d3e20323134333636.roa
Signing time:             Mon 19 Aug 2024 10:51:39 +0000
ROA not before:           Mon 19 Aug 2024 10:46:39 +0000
ROA not after:            Mon 18 Aug 2025 10:51:39 +0000
asID:                     214366
IP address blocks:        2a07:d883:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:4b:e0:ef:3c:d5:1e:60:06:66:d6:05:87:87:61:cc:bd:6a:50:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Aug 19 10:46:39 2024 GMT
            Not After : Aug 18 10:51:39 2025 GMT
        Subject: CN=ED88226784DD292C7F226093132CE743B58B728C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:18:92:bf:55:75:5a:2d:7f:81:75:10:47:f9:
                    d4:0a:eb:63:de:2f:3b:5f:d3:ed:17:87:fb:e3:09:
                    48:5f:a5:db:86:16:11:1b:8f:89:b7:e1:be:b3:22:
                    6d:a5:c9:09:bb:02:3f:80:a8:2f:fa:75:e9:47:22:
                    b9:8b:db:74:37:62:30:3d:a3:bc:c3:5e:74:c6:58:
                    0c:16:f3:eb:dd:30:e7:39:f0:9c:bf:a5:c0:47:c8:
                    51:5a:a6:26:f8:fe:90:15:a1:7e:61:b2:5c:88:53:
                    2c:00:73:2e:6c:69:90:c9:fd:5e:5d:9d:64:05:91:
                    23:39:fa:97:6a:0d:83:c4:0a:a7:ea:d5:d1:a1:fe:
                    04:ef:9f:e3:e6:09:09:3b:61:4d:47:b4:a2:52:44:
                    90:be:f0:e8:92:50:80:d2:95:45:95:5c:c6:f9:75:
                    31:cb:0b:ab:d5:f9:83:17:06:b0:77:bc:23:85:03:
                    c1:9d:b7:f7:aa:ae:d7:a7:ad:4f:d7:ec:68:f6:83:
                    b5:32:07:86:eb:3b:d3:e0:dd:db:9a:30:30:2f:cb:
                    a0:0c:cb:b6:97:da:21:ed:96:35:47:94:9f:b7:da:
                    03:a3:34:89:2b:6a:7e:77:a0:ad:cb:24:f9:24:cc:
                    e6:fa:d0:a3:84:b7:c1:b3:f8:4e:18:93:0d:ec:2e:
                    df:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:88:22:67:84:DD:29:2C:7F:22:60:93:13:2C:E7:43:B5:8B:72:8C
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838333a3130303a3a2f34302d3438203d3e20323134333636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d883:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         e6:39:6c:4b:f1:08:fd:c3:9d:73:00:d0:34:0e:2a:01:68:fd:
         03:95:25:c1:e5:23:d6:bc:5d:21:60:6d:37:ce:cb:3e:0b:59:
         60:65:97:e4:05:ec:a1:b7:90:a6:57:c2:ee:6b:80:bc:04:a0:
         53:4e:cc:68:97:89:aa:dc:e5:d0:40:cc:69:31:31:44:e9:fa:
         ab:dc:8e:ec:1d:c5:e4:4d:b2:22:57:4b:a7:ec:3f:85:df:c4:
         ca:c4:f2:be:2c:b4:db:cd:13:55:00:cc:a8:31:55:11:b3:95:
         33:98:21:02:24:b9:3d:2a:42:9c:ac:77:42:cc:a2:aa:2d:96:
         f2:92:08:53:3e:a0:50:04:e6:63:95:1b:db:79:7b:0b:14:c1:
         90:96:f8:41:7a:18:9e:6e:45:9d:0e:23:e8:da:7c:53:1d:30:
         79:7f:98:5b:69:29:53:0d:7f:38:87:69:39:ce:28:bc:f8:8f:
         7b:46:7f:12:95:4f:93:18:44:bc:7a:5d:6f:e3:e3:4c:82:9f:
         4b:bd:01:af:98:40:7e:ac:a2:d0:c2:61:d4:dd:65:18:c5:4c:
         9b:32:88:c2:a2:2c:5c:ec:85:9b:54:01:38:9b:96:46:19:06:
         13:7b:c8:15:4e:9b:16:ee:9f:44:aa:35:dc:1a:35:da:d7:19:
         87:15:a5:74
-----BEGIN CERTIFICATE-----
MIIEzDCCA7SgAwIBAgIUF0vg7zzVHmAGZtYFh4dhzL1qUNEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA4MTkxMDQ2MzlaFw0yNTA4MTgxMDUxMzlaMDMxMTAvBgNV
BAMTKEVEODgyMjY3ODRERDI5MkM3RjIyNjA5MzEzMkNFNzQzQjU4QjcyOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLGJK/VXVaLX+BdRBH+dQK62Pe
Lztf0+0Xh/vjCUhfpduGFhEbj4m34b6zIm2lyQm7Aj+AqC/6delHIrmL23Q3YjA9
o7zDXnTGWAwW8+vdMOc58Jy/pcBHyFFapib4/pAVoX5hslyIUywAcy5saZDJ/V5d
nWQFkSM5+pdqDYPECqfq1dGh/gTvn+PmCQk7YU1HtKJSRJC+8OiSUIDSlUWVXMb5
dTHLC6vV+YMXBrB3vCOFA8Gdt/eqrtenrU/X7Gj2g7UyB4brO9Pg3duaMDAvy6AM
y7aX2iHtljVHlJ+32gOjNIkran53oK3LJPkkzOb60KOEt8Gz+E4Ykw3sLt+rAgMB
AAGjggHWMIIB0jAdBgNVHQ4EFgQU7YgiZ4TdKSx/ImCTEyznQ7WLcowwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
fgYIKwYBBQUHAQsEcjBwMG4GCCsGAQUFBzALhmJyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMzNhMzEzMDMwM2EzYTJmMzQz
MDJkMzQzODIwM2QzZTIwMzIzMTM0MzMzNjM2LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgfYgwEwDQYJ
KoZIhvcNAQELBQADggEBAOY5bEvxCP3DnXMA0DQOKgFo/QOVJcHlI9a8XSFgbTfO
yz4LWWBll+QF7KG3kKZXwu5rgLwEoFNOzGiXiarc5dBAzGkxMUTp+qvcjuwdxeRN
siJXS6fsP4XfxMrE8r4stNvNE1UAzKgxVRGzlTOYIQIkuT0qQpysd0LMoqotlvKS
CFM+oFAE5mOVG9t5ewsUwZCW+EF6GJ5uRZ0OI+jafFMdMHl/mFtpKVMNfziHaTnO
KLz4j3tGfxKVT5MYRLx6XW/j40yCn0u9Aa+YQH6sotDCYdTdZRjFTJsyiMKiLFzs
hZtUATiblkYZBhN7yBVOmxbun0SqNdwaNdrXGYcVpXQ=
-----END CERTIFICATE-----