Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nljobsnijders/UN1P5iTUHFV_t2x45L5YXyhBl8U.roa
File:                     UN1P5iTUHFV_t2x45L5YXyhBl8U.roa (raw, json)
Hash identifier:          teuMQddTwknXXqAWEbiKSSWPQ+vQcuYN0HdV2FKIS14=
Subject key identifier:   50:DD:4F:E6:24:D4:1C:55:7F:B7:6C:78:E4:BE:58:5F:28:41:97:C5
Certificate issuer:       /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
Certificate serial:       016C2F
Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/UN1P5iTUHFV_t2x45L5YXyhBl8U.roa
Signing time:             Thu 15 Feb 2024 17:22:46 +0000
ROA not before:           Thu 15 Feb 2024 17:22:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15562
IP address blocks:        2001:67c:208c::/48 maxlen: 48
                          2a0e:b240::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:31:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 93231 (0x16c2f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
        Validity
            Not Before: Feb 15 17:22:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50DD4FE624D41C557FB76C78E4BE585F284197C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5d:a6:c3:56:37:c8:9c:1a:75:6e:23:ce:44:
                    03:c6:ac:58:ba:84:44:bd:cd:da:c3:4a:71:94:a3:
                    18:e2:12:b1:01:34:3b:b3:49:4d:c3:c3:46:94:0d:
                    53:0d:1e:0b:37:3b:c6:b0:85:86:98:60:6e:a1:57:
                    e7:7b:df:3d:8c:df:dc:06:62:53:ec:74:2e:8b:b4:
                    10:79:a6:e2:28:58:3b:a6:4a:42:eb:9d:ef:77:a5:
                    03:cf:7d:09:a0:9b:a0:d0:97:c8:7c:79:09:31:d9:
                    43:4f:0a:a6:61:3d:a9:bd:0f:1a:c6:29:a1:eb:ba:
                    7a:0a:f1:80:0b:29:c6:bb:41:ba:f8:85:ea:78:52:
                    75:5d:b2:6f:b1:6e:b8:d0:01:de:ec:ce:7d:e7:e0:
                    80:be:7c:3e:8d:94:8e:45:22:b4:e4:c3:e0:77:53:
                    93:a9:cb:36:54:9d:7d:c8:03:b3:19:4e:c6:ea:00:
                    80:7d:2d:9b:ec:0e:fd:ae:b9:4b:48:c9:93:f8:ae:
                    d1:76:bf:0b:3b:51:39:c1:1f:60:e8:27:4e:72:09:
                    7d:86:9e:05:28:4f:cf:b5:80:ba:e7:65:96:ef:7f:
                    79:12:ab:ff:cb:da:8a:e8:77:80:9b:46:21:66:fa:
                    28:b7:63:25:e7:ca:7b:d8:86:2f:46:b0:98:13:9c:
                    98:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:DD:4F:E6:24:D4:1C:55:7F:B7:6C:78:E4:BE:58:5F:28:41:97:C5
            X509v3 Authority Key Identifier:
                keyid:CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/UN1P5iTUHFV_t2x45L5YXyhBl8U.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:208c::/48
                  2a0e:b240::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:f8:22:92:57:41:77:ff:20:30:49:2f:0c:b1:fc:e4:b3:38:
         b6:c1:d9:4a:18:51:0f:4f:24:74:7e:76:d1:8a:46:b5:22:87:
         ef:c5:05:88:5c:03:e8:1f:de:70:37:54:b5:91:d3:07:5c:cf:
         a5:3a:d2:f1:bc:ad:e6:28:51:df:0d:49:1e:45:31:82:33:95:
         5a:39:b0:63:45:25:e3:0f:5b:24:c7:45:22:1d:d4:56:19:b2:
         fb:8c:ee:17:db:7c:96:24:49:4a:fc:58:4d:cd:e0:73:89:92:
         5c:89:66:40:a4:7d:56:03:35:03:a6:8e:bc:b3:ee:85:24:5a:
         20:35:06:51:7e:13:f8:0d:57:24:de:d9:00:07:5a:e6:c3:6c:
         a9:b7:15:33:e4:17:ee:87:83:48:67:f7:c5:44:1f:44:80:d7:
         aa:7a:ff:5e:ef:49:c1:0a:bc:52:21:7a:00:18:bb:96:12:24:
         5c:c7:9e:31:f0:95:bb:6e:08:98:2d:e0:a1:a3:3e:bc:cd:90:
         a9:9a:b3:71:ad:b0:84:2b:ef:5d:71:89:ae:8f:28:0e:6e:36:
         92:33:0b:7f:85:6e:91:ce:ff:64:f4:a8:9b:39:63:49:fc:f1:
         44:e0:ab:00:fb:e7:e4:73:d1:c1:f8:89:a2:67:f3:6b:a5:bf:
         5c:3c:8b:de
-----BEGIN CERTIFICATE-----
MIIEvTCCA6WgAwIBAgIDAWwvMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNh
YTgwNWRiYWMzNjQ3NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjQwMjE1
MTcyMjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg1MERENEZFNjI0RDQx
QzU1N0ZCNzZDNzhFNEJFNTg1RjI4NDE5N0M1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAx12mw1Y3yJwadW4jzkQDxqxYuoREvc3aw0pxlKMY4hKxATQ7
s0lNw8NGlA1TDR4LNzvGsIWGmGBuoVfne989jN/cBmJT7HQui7QQeabiKFg7pkpC
653vd6UDz30JoJug0JfIfHkJMdlDTwqmYT2pvQ8aximh67p6CvGACynGu0G6+IXq
eFJ1XbJvsW640AHe7M595+CAvnw+jZSORSK05MPgd1OTqcs2VJ19yAOzGU7G6gCA
fS2b7A79rrlLSMmT+K7Rdr8LO1E5wR9g6CdOcgl9hp4FKE/PtYC652WW7395Eqv/
y9qK6HeAm0YhZvoot2Ml58p72IYvRrCYE5yYQQIDAQABo4IB2DCCAdQwHQYDVR0O
BBYEFFDdT+Yk1BxVf7dseOS+WF8oQZfFMB8GA1UdIwQYMBaAFMqoBdusNkdJubEV
WQq27w+XDNvYMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwZAYDVR0fBF0wWzBZ
oFegVYZTcnN5bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpv
YnNuaWpkZXJzL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jZXIw
DgYDVR0PAQH/BAQDAgeAMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5
bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJz
L1VOMVA1aVRVSEZWX3QyeDQ1TDVZWHloQmw4VS5yb2EwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgACMBIDBwAgAQZ8IIwDBwAqDrJAAAAwDQYJKoZIhvcNAQELBQADggEB
AEf4IpJXQXf/IDBJLwyx/OSzOLbB2UoYUQ9PJHR+dtGKRrUih+/FBYhcA+gf3nA3
VLWR0wdcz6U60vG8reYoUd8NSR5FMYIzlVo5sGNFJeMPWyTHRSId1FYZsvuM7hfb
fJYkSUr8WE3N4HOJklyJZkCkfVYDNQOmjryz7oUkWiA1BlF+E/gNVyTe2QAHWubD
bKm3FTPkF+6Hg0hn98VEH0SA16p6/17vScEKvFIhegAYu5YSJFzHnjHwlbtuCJgt
4KGjPrzNkKmas3GtsIQr711xia6PKA5uNpIzC3+FbpHO/2T0qJs5Y0n88UTgqwD7
5+Rz0cH4iaJn82ulv1w8i94=
-----END CERTIFICATE-----