Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa
File:                     3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa (raw, json)
Hash identifier:          v6wdPQanikcCRRY4HKXNlqtmFkkL9Ey5qGzG4nOTCRw=
Subject key identifier:   8A:F4:14:D9:79:CA:6B:D0:CF:CC:D7:B2:B5:87:4E:95:6F:82:D9:CD
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       11E21DEF370BAB72BA25035B81B18B02BEB2486B
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa
Signing time:             Thu 14 Aug 2025 17:43:56 +0000
ROA not before:           Thu 14 Aug 2025 17:38:56 +0000
ROA not after:            Thu 13 Aug 2026 17:43:56 +0000
asID:                     47553
IP address blocks:        194.127.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:33:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:e2:1d:ef:37:0b:ab:72:ba:25:03:5b:81:b1:8b:02:be:b2:48:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Aug 14 17:38:56 2025 GMT
            Not After : Aug 13 17:43:56 2026 GMT
        Subject: CN=8AF414D979CA6BD0CFCCD7B2B5874E956F82D9CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:29:88:49:1c:95:0e:2b:b1:24:f4:89:7f:27:
                    62:51:47:de:71:56:3f:80:f1:3a:ed:0e:c9:9f:e7:
                    17:a6:82:12:2d:7d:aa:94:f1:bf:69:7a:22:ff:c2:
                    8c:06:19:21:69:ed:de:72:a6:65:ba:7f:88:c5:d1:
                    d0:e5:51:cd:30:e4:21:5c:65:36:c6:b5:dd:3d:f5:
                    a5:4c:48:98:fd:18:b5:46:ab:07:bf:39:63:62:eb:
                    b4:3b:57:ff:95:7a:33:1b:28:0c:16:dc:99:59:2a:
                    d4:f4:9a:5e:84:6b:50:fc:86:da:2c:04:92:ff:d9:
                    76:e6:f1:6c:74:43:b3:4e:dd:f3:22:d7:fb:f8:89:
                    b7:13:ab:b4:18:32:00:0e:af:f3:a3:61:a7:1d:6f:
                    94:54:d2:61:5f:38:03:76:fa:13:ee:a5:b6:e9:a8:
                    1f:8e:ae:3f:71:ce:01:4a:cb:27:46:93:b2:20:9c:
                    82:c4:c9:56:be:75:5f:5a:a0:4a:86:23:83:49:36:
                    0a:bd:52:e9:c7:cd:44:07:ca:73:ba:19:d7:d9:ac:
                    11:27:8b:7d:32:61:66:60:24:ea:ef:22:a9:cd:1e:
                    6b:58:87:4f:34:8d:bb:22:ba:fb:3f:9b:dc:97:f1:
                    49:1d:47:e3:96:25:0a:82:31:15:00:21:01:67:6a:
                    2f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:F4:14:D9:79:CA:6B:D0:CF:CC:D7:B2:B5:87:4E:95:6F:82:D9:CD
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/3139342e3132372e3136362e302f32342d3234203d3e203437353533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:0f:f0:8a:6a:c1:ab:67:e4:8d:23:fa:3f:c7:98:fd:87:fc:
         8a:f5:65:2c:5c:0c:a8:fc:5c:2c:34:f1:a0:c4:eb:dc:c1:af:
         f9:99:ea:27:b2:13:46:2d:64:27:d8:62:76:cc:f0:e0:39:3e:
         93:1b:82:b5:f0:dc:06:83:88:57:49:f2:50:f6:f1:a8:f5:33:
         b2:bf:99:c4:b0:6e:0e:62:05:78:8b:a7:8b:f1:3f:f8:2a:e9:
         13:8d:ea:e4:fe:93:3f:93:26:8a:b1:6e:0c:8f:c0:f8:67:55:
         45:86:ee:17:fb:d3:f8:06:1b:00:fa:c4:78:9f:0d:3c:6e:a3:
         dc:c8:33:76:bc:85:87:d7:ed:4c:50:93:00:bd:98:56:5d:09:
         49:57:30:25:2f:d8:29:59:54:20:fa:9e:57:82:91:5d:74:d1:
         93:86:e8:4a:36:fd:80:14:24:f0:fd:5d:9d:2c:cd:53:e1:96:
         f6:c5:d1:b8:30:61:ec:30:de:3c:ba:75:7d:c4:54:ec:79:0b:
         e1:09:8d:2b:e4:a5:f7:82:2c:7b:0b:68:98:f4:66:1c:fa:34:
         7a:f3:25:10:9d:55:68:22:cc:02:32:43:c5:24:e8:de:a6:8c:
         5a:83:34:8b:87:ac:d4:06:a3:28:3e:09:98:c1:27:5f:67:db:
         81:93:63:ac
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUEeId7zcLq3K6JQNbgbGLAr6ySGswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNTA4MTQxNzM4NTZaFw0yNjA4MTMxNzQzNTZaMDMxMTAvBgNV
BAMTKDhBRjQxNEQ5NzlDQTZCRDBDRkNDRDdCMkI1ODc0RTk1NkY4MkQ5Q0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLKYhJHJUOK7Ek9Il/J2JRR95x
Vj+A8TrtDsmf5xemghItfaqU8b9peiL/wowGGSFp7d5ypmW6f4jF0dDlUc0w5CFc
ZTbGtd099aVMSJj9GLVGqwe/OWNi67Q7V/+VejMbKAwW3JlZKtT0ml6Ea1D8htos
BJL/2Xbm8Wx0Q7NO3fMi1/v4ibcTq7QYMgAOr/OjYacdb5RU0mFfOAN2+hPupbbp
qB+Orj9xzgFKyydGk7IgnILEyVa+dV9aoEqGI4NJNgq9UunHzUQHynO6GdfZrBEn
i30yYWZgJOrvIqnNHmtYh080jbsiuvs/m9yX8UkdR+OWJQqCMRUAIQFnai/vAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUivQU2XnKa9DPzNeytYdOlW+C2c0wHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMxMzkzNDJlMzEzMjM3MmUzMTM2MzYyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzNDM3MzUzNTMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn+mMA0GCSqGSIb3DQEB
CwUAA4IBAQBTD/CKasGrZ+SNI/o/x5j9h/yK9WUsXAyo/FwsNPGgxOvcwa/5meon
shNGLWQn2GJ2zPDgOT6TG4K18NwGg4hXSfJQ9vGo9TOyv5nEsG4OYgV4i6eL8T/4
KukTjerk/pM/kyaKsW4Mj8D4Z1VFhu4X+9P4BhsA+sR4nw08bqPcyDN2vIWH1+1M
UJMAvZhWXQlJVzAlL9gpWVQg+p5XgpFddNGThuhKNv2AFCTw/V2dLM1T4Zb2xdG4
MGHsMN48unV9xFTseQvhCY0r5KX3gix7C2iY9GYc+jR68yUQnVVoIswCMkPFJOje
poxagzSLh6zUBqMoPgmYwSdfZ9uBk2Os
-----END CERTIFICATE-----