Route Origin Authorization

$ rpki-client -vvf rpki.owl.net/rrdp/owl/1/326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa
File:                     326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa (raw, json)
Hash identifier:          zvuU2VlpftyRhBsg5MpGEj/tKn7h4bz/S26OLRRrdMA=
Subject key identifier:   69:6A:46:42:F3:07:0B:A7:35:4C:DC:D5:A6:A3:86:2B:C0:1B:FB:52
Certificate issuer:       /CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
Certificate serial:       6E7F0067E666E22EAADF7F314055A3BF2C0AA5FF
Authority key identifier: B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
Subject info access:      rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa
Signing time:             Wed 24 Sep 2025 21:43:57 +0000
ROA not before:           Wed 24 Sep 2025 21:38:57 +0000
ROA not after:            Wed 23 Sep 2026 21:43:57 +0000
asID:                     43357
IP address blocks:        2a07:d880:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl
                          rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 00:56:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:7f:00:67:e6:66:e2:2e:aa:df:7f:31:40:55:a3:bf:2c:0a:a5:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55e2e72d7ffde6bceb73ce26f185c678a23892d
        Validity
            Not Before: Sep 24 21:38:57 2025 GMT
            Not After : Sep 23 21:43:57 2026 GMT
        Subject: CN=696A4642F3070BA7354CDCD5A6A3862BC01BFB52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:aa:eb:c2:1b:bc:7c:a5:17:4a:af:b7:3b:95:
                    ac:b4:12:73:ff:84:6e:31:59:4b:36:84:42:62:d7:
                    2b:06:5c:56:cf:e3:ea:63:6b:76:8c:2a:b2:45:34:
                    1d:d3:dd:48:f1:61:de:b2:5f:c4:e9:7d:7f:45:df:
                    9c:0e:45:05:78:ae:9b:41:dd:47:47:29:ae:10:dd:
                    4a:9e:ad:01:28:23:5d:40:ec:b8:c3:5b:86:67:0a:
                    1c:67:4f:b1:01:64:00:d6:c3:79:33:dc:0e:0a:df:
                    4c:03:f6:3b:dd:96:f7:d0:0b:12:01:b5:21:e2:54:
                    8f:48:13:e0:9f:3a:53:50:28:98:60:e7:8f:3a:78:
                    ac:f3:50:64:76:b1:25:9d:87:eb:2c:1b:9e:7a:7f:
                    20:a0:1d:fa:24:79:f6:82:a8:d4:6e:60:7e:d6:28:
                    27:ee:61:cc:ca:4e:fa:08:1a:4d:c2:bc:f1:48:b1:
                    a3:78:18:b8:a8:34:3e:08:fd:ff:6d:c2:4c:05:1f:
                    5f:5c:0e:15:af:3a:ca:96:83:c0:a6:8c:c4:95:67:
                    cf:29:2c:11:f5:61:52:67:64:76:91:af:eb:64:3a:
                    53:a7:ab:14:c8:66:3e:0c:35:75:f2:47:2f:e4:fc:
                    19:aa:65:5d:df:36:53:33:6d:20:b3:61:ae:48:bc:
                    6c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:6A:46:42:F3:07:0B:A7:35:4C:DC:D5:A6:A3:86:2B:C0:1B:FB:52
            X509v3 Authority Key Identifier:
                keyid:B5:5E:2E:72:D7:FF:DE:6B:CE:B7:3C:E2:6F:18:5C:67:8A:23:89:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.owl.net/rrdp/owl/1/B55E2E72D7FFDE6BCEB73CE26F185C678A23892D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV4uctf_3mvOtzzibxhcZ4ojiS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.owl.net/rrdp/owl/1/326130373a643838303a323a3a2f34382d3438203d3e203433333537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:d880:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:e4:dd:c8:39:53:47:f7:ec:17:1f:d2:02:f0:5b:3d:29:58:
         31:09:c2:96:dd:90:13:54:94:90:1e:7d:d9:1b:a8:fb:a6:11:
         b3:c1:f7:d1:4b:3f:99:30:f8:9b:e7:12:e2:7d:f0:cc:48:cb:
         23:11:0f:1b:03:00:6a:dd:c1:0d:0f:8a:47:ec:d9:c2:6a:da:
         c9:34:2e:85:f7:08:fc:8e:13:66:3d:e1:1b:de:fe:21:d1:91:
         f4:d3:7c:ef:65:6f:f8:5b:29:ce:5e:82:35:d5:b6:4f:f5:68:
         b8:17:80:0f:11:5b:e7:14:d1:f2:d2:0a:64:a1:b2:19:53:f6:
         47:6c:ab:7b:d5:9d:1f:ba:16:0a:d0:38:af:62:bf:87:a2:6d:
         c0:17:cf:03:be:5b:dd:25:4f:f8:7b:01:57:53:ca:0e:b0:e5:
         28:41:b3:9b:e8:5a:e2:16:48:6b:16:6f:32:1b:70:e9:91:54:
         6c:b6:79:7c:43:68:12:1e:4b:41:cc:ea:b6:6f:14:96:df:6d:
         9c:25:32:18:16:07:5b:b6:5d:45:7e:88:86:e2:20:40:62:80:
         75:1b:13:99:81:83:a4:61:58:64:6e:35:be:84:ed:e0:12:3c:
         b8:07:0c:ed:1e:78:ba:9a:f8:de:c3:15:71:f5:bb:ad:ee:70:
         a1:cb:ef:32
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUbn8AZ+Zm4i6q338xQFWjvywKpf8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjU1ZTJlNzJkN2ZmZGU2YmNlYjczY2UyNmYxODVjNjc4
YTIzODkyZDAeFw0yNTA5MjQyMTM4NTdaFw0yNjA5MjMyMTQzNTdaMDMxMTAvBgNV
BAMTKDY5NkE0NjQyRjMwNzBCQTczNTRDRENENUE2QTM4NjJCQzAxQkZCNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxquvCG7x8pRdKr7c7lay0EnP/
hG4xWUs2hEJi1ysGXFbP4+pja3aMKrJFNB3T3UjxYd6yX8TpfX9F35wORQV4rptB
3UdHKa4Q3UqerQEoI11A7LjDW4ZnChxnT7EBZADWw3kz3A4K30wD9jvdlvfQCxIB
tSHiVI9IE+CfOlNQKJhg5486eKzzUGR2sSWdh+ssG556fyCgHfokefaCqNRuYH7W
KCfuYczKTvoIGk3CvPFIsaN4GLioND4I/f9twkwFH19cDhWvOsqWg8CmjMSVZ88p
LBH1YVJnZHaRr+tkOlOnqxTIZj4MNXXyRy/k/BmqZV3fNlMzbSCzYa5IvGwpAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUaWpGQvMHC6c1TNzVpqOGK8Ab+1IwHwYDVR0j
BBgwFoAUtV4uctf/3mvOtzzibxhcZ4ojiS0wDgYDVR0PAQH/BAQDAgeAMF0GA1Ud
HwRWMFQwUqBQoE6GTHJzeW5jOi8vcnBraS5vd2wubmV0L3JyZHAvb3dsLzEvQjU1
RTJFNzJEN0ZGREU2QkNFQjczQ0UyNkYxODVDNjc4QTIzODkyRC5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3RWNHVjdGZfM212T3R6emlieGhjWjRvamlTMC5jZXIw
eAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jwa2kub3dsLm5l
dC9ycmRwL293bC8xLzMyNjEzMDM3M2E2NDM4MzgzMDNhMzIzYTNhMmYzNDM4MmQz
NDM4MjAzZDNlMjAzNDMzMzMzNTM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgfYgAACMA0GCSqGSIb3
DQEBCwUAA4IBAQA/5N3IOVNH9+wXH9IC8Fs9KVgxCcKW3ZATVJSQHn3ZG6j7phGz
wffRSz+ZMPib5xLiffDMSMsjEQ8bAwBq3cEND4pH7NnCatrJNC6F9wj8jhNmPeEb
3v4h0ZH003zvZW/4WynOXoI11bZP9Wi4F4APEVvnFNHy0gpkobIZU/ZHbKt71Z0f
uhYK0DivYr+Hom3AF88DvlvdJU/4ewFXU8oOsOUoQbOb6FriFkhrFm8yG3DpkVRs
tnl8Q2gSHktBzOq2bxSW322cJTIYFgdbtl1FfoiG4iBAYoB1GxOZgYOkYVhkbjW+
hO3gEjy4BwztHni6mvjewxVx9but7nChy+8y
-----END CERTIFICATE-----