Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nljobsnijders/MzauDiMopBB3bC06CD0jrvMxWXQ.roa
File:                     MzauDiMopBB3bC06CD0jrvMxWXQ.roa (raw, json)
Hash identifier:          SGoLnwO55bcYfDuMhiw3W7S19nqXGogn+Tp9LYltbkM=
Subject key identifier:   33:36:AE:0E:23:28:A4:10:77:6C:2D:3A:08:3D:23:AE:F3:31:59:74
Certificate issuer:       /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
Certificate serial:       01B859
Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/MzauDiMopBB3bC06CD0jrvMxWXQ.roa
Signing time:             Thu 05 Sep 2024 13:05:07 +0000
ROA not before:           Thu 05 Sep 2024 13:05:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a0e:b240::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Sep 2024 22:47:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 112729 (0x1b859)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
        Validity
            Not Before: Sep  5 13:05:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3336AE0E2328A410776C2D3A083D23AEF3315974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d4:44:c1:13:d0:70:7d:cf:f7:7b:f9:da:f6:
                    25:3e:57:47:82:11:38:a2:91:c3:3f:81:fb:a9:f2:
                    b8:0e:71:ed:d8:8e:49:cf:2d:db:f0:9b:4c:04:be:
                    d6:23:e5:64:ae:27:e8:0e:d5:28:66:d2:9f:de:fd:
                    e1:9a:45:ee:f9:24:f3:27:27:0c:7d:bc:59:a9:cc:
                    1f:c6:d6:53:0a:c3:28:d7:a3:fc:cf:c3:e1:a2:1b:
                    09:e2:5c:a6:51:8f:e7:91:af:6e:1f:7f:85:8e:02:
                    10:07:44:ce:de:86:95:e3:57:b4:e2:00:0f:ec:33:
                    21:42:92:17:0d:66:30:ff:96:ef:11:11:ae:f1:20:
                    9f:22:b2:9e:3a:10:b5:4c:2a:b2:e6:fe:07:ec:28:
                    b2:ec:32:bb:cf:8f:23:6d:e7:bb:fa:3b:f8:7a:42:
                    3a:5f:8d:9e:38:6f:58:4f:bd:0e:41:8e:b7:f9:bd:
                    09:8b:24:ab:2e:06:e0:02:e4:99:73:1f:2f:99:b0:
                    22:0a:4f:f1:eb:00:e8:10:cd:7f:bf:82:33:2f:1e:
                    df:66:85:8d:0a:9e:72:96:f1:53:bd:3a:c3:82:55:
                    db:f1:3f:3b:c6:ba:0d:4c:62:c1:4d:ec:18:94:13:
                    4f:87:2f:1f:78:e6:12:e1:55:d6:9b:b3:61:09:64:
                    4a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:36:AE:0E:23:28:A4:10:77:6C:2D:3A:08:3D:23:AE:F3:31:59:74
            X509v3 Authority Key Identifier:
                keyid:CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/MzauDiMopBB3bC06CD0jrvMxWXQ.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b240::/29

    Signature Algorithm: sha256WithRSAEncryption
         bc:e9:e9:7e:51:38:32:b0:0f:cb:1d:c7:06:dc:46:2c:4e:f8:
         3a:7a:f6:17:85:f9:a3:3f:f2:a7:b9:75:9b:ee:53:06:c9:07:
         c1:a8:53:1c:a5:dc:50:bb:31:6b:a1:cc:8b:1b:f4:df:ff:a6:
         bb:c4:ef:5f:7a:20:4d:4b:63:bd:c3:5a:46:1b:8a:db:10:c6:
         1d:7f:5d:e4:bf:ce:00:7c:6b:d4:b2:39:09:c1:7f:69:bd:74:
         58:bf:5b:47:f9:70:f7:64:fc:cc:62:d2:20:1f:50:c2:14:b0:
         d7:9f:3e:65:ac:3b:e9:d6:cd:ad:15:44:16:b6:ad:9b:2e:2c:
         c8:df:b1:56:73:09:06:53:6e:47:cc:9d:47:bc:19:49:a0:bb:
         05:19:5a:c4:c0:11:88:4e:a6:7b:9d:24:7d:21:19:c8:24:4d:
         e8:ab:e6:c0:b5:0f:a9:2a:0c:98:a5:b4:8f:6b:16:6b:d8:d6:
         71:b3:bf:ed:78:9d:4d:a6:03:7c:a2:9d:15:68:a5:ad:47:8e:
         b7:32:ba:90:11:92:42:23:ca:ec:df:74:35:66:2d:d9:49:b6:
         78:56:78:21:05:48:ae:cd:7e:ed:38:35:9f:37:ce:38:10:b4:
         a0:97:ff:ab:6f:e3:ec:44:9d:a3:a3:3e:15:4e:0f:87:95:13:
         4c:e5:89:2b
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIDAbhZMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNh
YTgwNWRiYWMzNjQ3NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjQwOTA1
MTMwNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygzMzM2QUUwRTIzMjhB
NDEwNzc2QzJEM0EwODNEMjNBRUYzMzE1OTc0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAsdREwRPQcH3P93v52vYlPldHghE4opHDP4H7qfK4DnHt2I5J
zy3b8JtMBL7WI+VkrifoDtUoZtKf3v3hmkXu+STzJycMfbxZqcwfxtZTCsMo16P8
z8PhohsJ4lymUY/nka9uH3+FjgIQB0TO3oaV41e04gAP7DMhQpIXDWYw/5bvERGu
8SCfIrKeOhC1TCqy5v4H7Ciy7DK7z48jbee7+jv4ekI6X42eOG9YT70OQY63+b0J
iySrLgbgAuSZcx8vmbAiCk/x6wDoEM1/v4IzLx7fZoWNCp5ylvFTvTrDglXb8T87
xroNTGLBTewYlBNPhy8feOYS4VXWm7NhCWRKVQIDAQABo4IBzTCCAckwHQYDVR0O
BBYEFDM2rg4jKKQQd2wtOgg9I67zMVl0MB8GA1UdIwQYMBaAFMqoBdusNkdJubEV
WQq27w+XDNvYMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwZAYDVR0fBF0wWzBZ
oFegVYZTcnN5bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpv
YnNuaWpkZXJzL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jZXIw
DgYDVR0PAQH/BAQDAgeAMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5
bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJz
L016YXVEaU1vcEJCM2JDMDZDRDBqcnZNeFdYUS5yb2EwIAYIKwYBBQUHAQcBAf8E
ETAPMA0EAgACMAcDBQMqDrJAMA0GCSqGSIb3DQEBCwUAA4IBAQC86el+UTgysA/L
HccG3EYsTvg6evYXhfmjP/KnuXWb7lMGyQfBqFMcpdxQuzFrocyLG/Tf/6a7xO9f
eiBNS2O9w1pGG4rbEMYdf13kv84AfGvUsjkJwX9pvXRYv1tH+XD3ZPzMYtIgH1DC
FLDXnz5lrDvp1s2tFUQWtq2bLizI37FWcwkGU25HzJ1HvBlJoLsFGVrEwBGITqZ7
nSR9IRnIJE3oq+bAtQ+pKgyYpbSPaxZr2NZxs7/teJ1NpgN8op0VaKWtR463MrqQ
EZJCI8rs33Q1Zi3ZSbZ4VnghBUiuzX7tODWfN844ELSgl/+rb+PsRJ2joz4VTg+H
lRNM5Ykr
-----END CERTIFICATE-----