Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838333a3530303a3a2f34302d3438203d3e20323134333636.roa
File:                     326130373a643838333a3530303a3a2f34302d3438203d3e20323134333636.roa (raw, json)
Hash identifier:          1d0EoWtM36vhq3Sy9LQca8PSise3a0aMSMPrNYRR3wQ=
Subject key identifier:   14:D8:07:A1:87:BA:6D:BD:8B:3C:F3:C8:9C:93:51:9F:AE:2B:96:F0
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       6A3C95D8D1E34091432E8E5A1007DB5355178DFE
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838333a3530303a3a2f34302d3438203d3e20323134333636.roa
Signing time:             Mon 19 Aug 2024 10:51:26 +0000
ROA not before:           Mon 19 Aug 2024 10:46:26 +0000
ROA not after:            Mon 18 Aug 2025 10:51:26 +0000
asID:                     214366
IP address blocks:        2a07:d883:500::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:3c:95:d8:d1:e3:40:91:43:2e:8e:5a:10:07:db:53:55:17:8d:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Aug 19 10:46:26 2024 GMT
            Not After : Aug 18 10:51:26 2025 GMT
        Subject: CN=14D807A187BA6DBD8B3CF3C89C93519FAE2B96F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bc:ec:8c:98:9b:be:f4:91:31:bc:ee:d1:82:
                    47:5c:f9:47:93:20:d5:8c:c8:dd:a8:84:a0:53:97:
                    97:a0:1b:1e:6b:ba:69:6e:45:3a:85:27:c2:34:5b:
                    11:1a:38:12:8f:51:de:82:14:76:b2:10:4a:df:4a:
                    fe:e7:fa:f7:15:87:f9:d7:85:f9:bc:88:68:00:dd:
                    60:80:51:d6:e9:7b:71:ab:64:12:e1:28:cb:8d:fd:
                    f7:fe:2e:54:9b:29:17:27:4a:a1:48:ea:27:b8:62:
                    e3:77:42:2f:f5:f5:e8:76:1f:67:d9:d1:e2:87:a9:
                    7b:2d:63:86:a4:5e:c6:b4:80:5e:33:c5:95:64:4b:
                    64:db:61:fb:43:3a:26:a3:a9:63:c6:58:6e:9f:f7:
                    1d:99:08:58:a6:2a:2e:fc:d0:2c:33:94:fd:5d:46:
                    ff:50:97:1d:f6:a2:f4:59:af:e3:ae:90:40:45:9a:
                    a1:42:ab:af:88:03:a8:3a:e4:01:b2:60:57:24:d2:
                    6a:51:1b:23:6f:a9:7f:19:a3:a0:5f:88:7d:cc:59:
                    f0:a8:91:ba:39:62:6d:2b:7c:31:3e:e2:14:d3:de:
                    ca:e9:b4:35:de:07:9d:49:48:52:d2:53:5c:8b:5d:
                    d3:3e:3d:a8:e2:2c:a5:cd:cc:a8:46:8a:c6:55:a0:
                    96:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:D8:07:A1:87:BA:6D:BD:8B:3C:F3:C8:9C:93:51:9F:AE:2B:96:F0
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838333a3530303a3a2f34302d3438203d3e20323134333636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d883:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         52:d9:22:61:87:e0:58:91:05:72:8c:3b:4b:35:d2:e8:28:3a:
         ef:6d:76:b6:83:47:81:f5:f7:65:bb:98:cd:51:e8:10:f6:dc:
         79:a6:43:fd:48:4b:e9:b6:75:0d:16:3e:07:d6:d2:00:93:7e:
         f1:41:f6:e0:93:0f:aa:ef:63:b4:46:20:47:e3:5c:19:6a:00:
         6d:05:52:d4:2d:01:92:a2:9b:23:74:1f:a0:dc:a3:d3:6e:a5:
         ad:8e:3f:e5:55:b8:99:94:02:89:e7:6a:3d:8d:2b:03:ce:b7:
         f6:59:40:cc:41:29:3a:dc:af:31:c0:cf:df:cc:ac:15:d9:64:
         c7:80:86:a6:7a:bb:3d:c2:e0:f8:5b:fd:8e:6e:90:86:39:b0:
         ad:a3:3c:13:29:16:0b:84:18:a7:bf:dd:66:fc:4a:80:e9:8d:
         3b:29:6b:c0:2d:75:62:5c:d1:25:cb:64:b1:80:e1:15:dd:36:
         27:62:b4:58:42:97:a6:a7:0f:f1:95:d0:23:98:d4:cf:e1:0a:
         ac:42:40:5a:61:df:e2:9e:01:f5:5a:69:9d:b1:37:70:a6:b2:
         8b:d1:f1:01:27:49:5a:e6:14:50:e0:aa:39:42:45:bf:77:d3:
         f8:ed:2b:0d:f5:12:5b:16:04:5c:fa:7c:25:56:8f:cf:ca:21:
         6a:7d:88:2f
-----BEGIN CERTIFICATE-----
MIIEzDCCA7SgAwIBAgIUajyV2NHjQJFDLo5aEAfbU1UXjf4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDA4MTkxMDQ2MjZaFw0yNTA4MTgxMDUxMjZaMDMxMTAvBgNV
BAMTKDE0RDgwN0ExODdCQTZEQkQ4QjNDRjNDODlDOTM1MTlGQUUyQjk2RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuvOyMmJu+9JExvO7Rgkdc+UeT
INWMyN2ohKBTl5egGx5rumluRTqFJ8I0WxEaOBKPUd6CFHayEErfSv7n+vcVh/nX
hfm8iGgA3WCAUdbpe3GrZBLhKMuN/ff+LlSbKRcnSqFI6ie4YuN3Qi/19eh2H2fZ
0eKHqXstY4akXsa0gF4zxZVkS2TbYftDOiajqWPGWG6f9x2ZCFimKi780CwzlP1d
Rv9Qlx32ovRZr+OukEBFmqFCq6+IA6g65AGyYFck0mpRGyNvqX8Zo6BfiH3MWfCo
kbo5Ym0rfDE+4hTT3srptDXeB51JSFLSU1yLXdM+PajiLKXNzKhGisZVoJbzAgMB
AAGjggHWMIIB0jAdBgNVHQ4EFgQUFNgHoYe6bb2LPPPInJNRn64rlvAwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
fgYIKwYBBQUHAQsEcjBwMG4GCCsGAQUFBzALhmJyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMzNhMzUzMDMwM2EzYTJmMzQz
MDJkMzQzODIwM2QzZTIwMzIzMTM0MzMzNjM2LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgfYgwUwDQYJ
KoZIhvcNAQELBQADggEBAFLZImGH4FiRBXKMO0s10ugoOu9tdraDR4H192W7mM1R
6BD23HmmQ/1IS+m2dQ0WPgfW0gCTfvFB9uCTD6rvY7RGIEfjXBlqAG0FUtQtAZKi
myN0H6Dco9Nupa2OP+VVuJmUAonnaj2NKwPOt/ZZQMxBKTrcrzHAz9/MrBXZZMeA
hqZ6uz3C4Phb/Y5ukIY5sK2jPBMpFguEGKe/3Wb8SoDpjTspa8AtdWJc0SXLZLGA
4RXdNiditFhCl6anD/GV0COY1M/hCqxCQFph3+KeAfVaaZ2xN3CmsovR8QEnSVrm
FFDgqjlCRb930/jtKw31ElsWBFz6fCVWj8/KIWp9iC8=
-----END CERTIFICATE-----