Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838343a3130303a3a2f34302d3438203d3e203433333537.roa
File:                     326130373a643838343a3130303a3a2f34302d3438203d3e203433333537.roa (raw, json)
Hash identifier:          xaMa6wZrkzt1woa7PDg032eK4QLBeax0Sks2Ggd5kgc=
Subject key identifier:   50:A2:52:E1:9D:7A:1B:B0:B8:BC:0F:E1:3F:5D:D8:A7:0B:D1:61:9A
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       1B862E5F2A37A32FAAA430EA14B754B046737DFC
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838343a3130303a3a2f34302d3438203d3e203433333537.roa
Signing time:             Fri 09 Feb 2024 12:47:56 +0000
ROA not before:           Fri 09 Feb 2024 12:42:56 +0000
ROA not after:            Fri 07 Feb 2025 12:47:56 +0000
asID:                     43357
IP address blocks:        2a07:d884:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:86:2e:5f:2a:37:a3:2f:aa:a4:30:ea:14:b7:54:b0:46:73:7d:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Feb  9 12:42:56 2024 GMT
            Not After : Feb  7 12:47:56 2025 GMT
        Subject: CN=50A252E19D7A1BB0B8BC0FE13F5DD8A70BD1619A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:15:f4:cb:70:48:96:db:ad:e8:28:14:0a:7b:
                    bb:17:ee:f2:45:97:be:34:4a:3f:5b:34:6a:ed:2b:
                    c2:8b:85:7f:f1:2a:f7:9c:03:73:e9:75:f7:d6:01:
                    ee:54:58:3e:62:1c:5e:60:35:e8:ae:88:f1:1c:b5:
                    68:eb:57:ac:61:6b:ea:26:68:0e:91:ad:af:ac:04:
                    6f:32:f1:1e:8d:9e:2b:fe:1a:71:e4:ab:8b:b3:de:
                    78:f2:43:da:cb:9c:af:46:e0:fb:1b:8a:3e:6a:46:
                    f2:13:67:f0:ee:e2:74:a8:09:43:1f:35:87:03:3c:
                    a8:25:c5:a8:56:8b:f1:d6:a4:78:bb:44:af:18:5c:
                    7f:b2:cc:74:67:71:6d:59:f7:ea:c0:fd:5a:f1:f9:
                    42:45:9f:26:67:4a:30:27:34:81:0e:29:81:a7:d1:
                    3d:c5:e2:89:54:ef:79:48:20:42:6a:e3:2e:71:db:
                    c5:77:bc:20:64:61:d2:5b:d4:af:f9:d6:55:74:c6:
                    2d:4e:94:1b:07:35:00:3c:66:bf:8c:75:b7:65:0d:
                    13:b5:94:ac:58:cc:33:04:dc:d2:c4:ef:26:75:cb:
                    18:17:8b:b6:27:a5:a1:3a:03:1d:25:d9:89:96:27:
                    83:3d:1c:21:d8:3f:19:fc:d0:9b:95:3e:23:1e:ad:
                    c5:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:A2:52:E1:9D:7A:1B:B0:B8:BC:0F:E1:3F:5D:D8:A7:0B:D1:61:9A
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838343a3130303a3a2f34302d3438203d3e203433333537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d884:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         8b:64:52:a3:48:e6:e2:a9:23:fb:0e:14:a0:1b:ae:d7:56:d3:
         38:72:69:20:26:fd:06:ba:af:e3:7c:7b:16:bf:03:21:0b:af:
         5a:2c:fe:2c:3f:4e:82:6c:40:ee:06:43:53:3d:d6:de:fe:df:
         15:d0:d7:c2:18:ad:0f:12:99:cc:e3:97:e5:6f:02:1a:19:1e:
         25:36:32:f7:ea:f7:40:2b:95:42:83:33:c6:67:12:0c:b1:ba:
         4a:89:50:bd:3f:e3:72:9f:90:04:bf:77:7c:3d:c7:0c:aa:da:
         e8:bd:7e:2d:04:1d:32:13:76:d5:f9:83:3f:6b:88:96:84:cf:
         e3:c7:11:c3:83:05:98:1a:ea:61:6e:35:e3:bc:5a:83:6d:c3:
         fc:3f:c9:88:6e:53:07:e6:f4:dc:ab:db:e8:a5:ea:36:a2:34:
         e5:a0:fd:ea:e0:77:a2:a5:9c:09:b4:b6:69:18:f4:a5:ad:8e:
         a7:6f:9a:82:ce:7f:dd:e9:eb:a4:4d:7d:9c:99:90:9d:81:49:
         3d:56:39:f5:ed:f7:9f:4e:52:01:5b:9a:8d:61:12:b3:3c:1c:
         d0:e9:28:dc:f2:79:b0:52:b7:4e:a4:ea:96:49:bd:41:ed:84:
         84:ad:90:fc:d3:8f:e2:ff:b1:4a:dc:5b:db:69:37:a6:3a:43:
         ad:30:50:e8
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUG4YuXyo3oy+qpDDqFLdUsEZzffwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNDAyMDkxMjQyNTZaFw0yNTAyMDcxMjQ3NTZaMDMxMTAvBgNV
BAMTKDUwQTI1MkUxOUQ3QTFCQjBCOEJDMEZFMTNGNUREOEE3MEJEMTYxOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkFfTLcEiW263oKBQKe7sX7vJF
l740Sj9bNGrtK8KLhX/xKvecA3PpdffWAe5UWD5iHF5gNeiuiPEctWjrV6xha+om
aA6Rra+sBG8y8R6Nniv+GnHkq4uz3njyQ9rLnK9G4Psbij5qRvITZ/Du4nSoCUMf
NYcDPKglxahWi/HWpHi7RK8YXH+yzHRncW1Z9+rA/Vrx+UJFnyZnSjAnNIEOKYGn
0T3F4olU73lIIEJq4y5x28V3vCBkYdJb1K/51lV0xi1OlBsHNQA8Zr+MdbdlDRO1
lKxYzDME3NLE7yZ1yxgXi7YnpaE6Ax0l2YmWJ4M9HCHYPxn80JuVPiMercWlAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUUKJS4Z16G7C4vA/hP13YpwvRYZowHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
fAYIKwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzNDNhMzEzMDMwM2EzYTJmMzQz
MDJkMzQzODIwM2QzZTIwMzQzMzMzMzUzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoH2IQBMA0GCSqG
SIb3DQEBCwUAA4IBAQCLZFKjSObiqSP7DhSgG67XVtM4cmkgJv0Guq/jfHsWvwMh
C69aLP4sP06CbEDuBkNTPdbe/t8V0NfCGK0PEpnM45flbwIaGR4lNjL36vdAK5VC
gzPGZxIMsbpKiVC9P+Nyn5AEv3d8PccMqtrovX4tBB0yE3bV+YM/a4iWhM/jxxHD
gwWYGuphbjXjvFqDbcP8P8mIblMH5vTcq9vopeo2ojTloP3q4HeipZwJtLZpGPSl
rY6nb5qCzn/d6eukTX2cmZCdgUk9Vjn17fefTlIBW5qNYRKzPBzQ6Sjc8nmwUrdO
pOqWSb1B7YSErZD804/i/7FK3FvbaTemOkOtMFDo
-----END CERTIFICATE-----