Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nljobsnijders/XJFd_PEkznhJOaK2so0KTvAKnwc.roa
File:                     XJFd_PEkznhJOaK2so0KTvAKnwc.roa (raw, json)
Hash identifier:          AVcsgWAmplOnkh2VBI1wkU6iIaS+59V9MpsZ0nxdNVA=
Subject key identifier:   5C:91:5D:FC:F1:24:CE:78:49:39:A2:B6:B2:8D:0A:4E:F0:0A:9F:07
Certificate issuer:       /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
Certificate serial:       01CA05
Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/XJFd_PEkznhJOaK2so0KTvAKnwc.roa
Signing time:             Tue 22 Oct 2024 13:32:09 +0000
ROA not before:           Tue 22 Oct 2024 13:32:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a0e:b240::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 02:29:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 117253 (0x1ca05)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
        Validity
            Not Before: Oct 22 13:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5C915DFCF124CE784939A2B6B28D0A4EF00A9F07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:40:13:5b:af:1e:f5:6a:4e:f1:dc:54:88:52:
                    61:a8:27:c7:f4:b8:53:e7:e7:e8:7b:fa:9f:a7:10:
                    21:41:30:6d:cf:15:a1:c8:c2:d0:66:77:19:17:24:
                    db:3a:8f:6d:1c:39:a1:45:41:d7:e1:85:88:a9:21:
                    0c:84:0b:cf:88:be:44:6e:2d:50:12:7f:fa:b0:8d:
                    0b:fd:63:fc:4d:71:26:77:d9:df:4b:73:dc:a0:3e:
                    ad:fb:ab:f5:25:e2:85:aa:a5:65:21:b4:70:2c:e4:
                    e0:a6:5f:8a:9f:f3:f4:be:2d:90:3d:49:b7:5f:f7:
                    70:a9:5b:38:5f:91:f0:e7:bf:fa:07:e4:3c:8c:f0:
                    c9:5a:7c:5e:2f:61:53:6b:85:d7:50:5f:83:50:23:
                    2d:79:40:fe:b1:c9:a3:38:bf:0e:56:fb:53:16:fd:
                    44:bb:a4:8a:ed:d4:c9:ce:b9:13:c7:db:78:92:52:
                    48:75:ef:ea:00:1c:2b:06:47:37:66:15:02:45:42:
                    ae:55:63:f3:1f:a1:02:70:f3:26:77:9c:f4:a8:dc:
                    82:ff:97:39:32:65:d1:00:80:9c:2b:3c:7a:28:3f:
                    32:80:ad:22:f7:9d:08:a5:35:45:70:04:9c:63:fb:
                    d4:8f:da:23:a2:cc:da:bc:4e:27:4d:47:ff:e2:52:
                    c9:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:91:5D:FC:F1:24:CE:78:49:39:A2:B6:B2:8D:0A:4E:F0:0A:9F:07
            X509v3 Authority Key Identifier:
                keyid:CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/XJFd_PEkznhJOaK2so0KTvAKnwc.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b240::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:fa:9b:06:a8:73:8e:ce:db:53:31:f5:8a:38:68:fc:fd:ff:
         54:52:3a:1b:6b:30:c3:84:f8:16:dc:a4:13:f9:5a:8b:3b:6a:
         98:51:99:2d:eb:71:5a:c9:79:ce:8f:78:e5:2c:78:40:bb:ab:
         14:d6:dd:02:e5:e9:14:a7:5b:4d:15:d7:de:ad:9f:9b:71:05:
         ac:21:51:8f:26:12:59:b2:6c:68:30:14:b0:19:7c:65:cc:0d:
         b0:90:c1:84:1f:bd:d1:a6:bf:77:85:80:c8:31:34:4b:66:fa:
         f5:73:96:47:43:b7:0f:d4:64:06:ff:4a:6b:fe:89:d0:40:0d:
         de:35:02:a7:79:3d:f8:ea:c6:4d:ab:80:0a:0d:e5:79:59:1f:
         b8:46:fe:bd:de:2a:82:73:f6:f4:92:bb:2e:2a:71:1a:c3:90:
         b7:74:63:ed:40:e8:70:73:70:97:84:3f:52:5e:5a:38:e1:49:
         a7:75:77:f7:94:85:8c:b3:f8:05:45:db:63:7d:ae:88:42:86:
         4a:f6:30:01:d9:5c:a6:22:b0:29:e8:ea:2d:ad:98:f9:b0:5b:
         da:aa:3b:b4:c8:1a:05:6d:e9:d8:05:54:75:66:e6:1e:fd:8d:
         1b:7a:a4:09:80:0a:c1:62:c7:d1:d6:11:71:26:8d:66:45:47:
         15:90:dd:47
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIDAcoFMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNh
YTgwNWRiYWMzNjQ3NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjQxMDIy
MTMzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg1QzkxNURGQ0YxMjRD
RTc4NDkzOUEyQjZCMjhEMEE0RUYwMEE5RjA3MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA0kATW68e9WpO8dxUiFJhqCfH9LhT5+foe/qfpxAhQTBtzxWh
yMLQZncZFyTbOo9tHDmhRUHX4YWIqSEMhAvPiL5Ebi1QEn/6sI0L/WP8TXEmd9nf
S3PcoD6t+6v1JeKFqqVlIbRwLOTgpl+Kn/P0vi2QPUm3X/dwqVs4X5Hw57/6B+Q8
jPDJWnxeL2FTa4XXUF+DUCMteUD+scmjOL8OVvtTFv1Eu6SK7dTJzrkTx9t4klJI
de/qABwrBkc3ZhUCRUKuVWPzH6ECcPMmd5z0qNyC/5c5MmXRAICcKzx6KD8ygK0i
950IpTVFcAScY/vUj9ojoszavE4nTUf/4lLJXQIDAQABo4IBzTCCAckwHQYDVR0O
BBYEFFyRXfzxJM54STmitrKNCk7wCp8HMB8GA1UdIwQYMBaAFMqoBdusNkdJubEV
WQq27w+XDNvYMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwZAYDVR0fBF0wWzBZ
oFegVYZTcnN5bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpv
YnNuaWpkZXJzL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jZXIw
DgYDVR0PAQH/BAQDAgeAMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5
bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJz
L1hKRmRfUEVrem5oSk9hSzJzbzBLVHZBS253Yy5yb2EwIAYIKwYBBQUHAQcBAf8E
ETAPMA0EAgACMAcDBQMqDrJAMA0GCSqGSIb3DQEBCwUAA4IBAQAQ+psGqHOOzttT
MfWKOGj8/f9UUjobazDDhPgW3KQT+VqLO2qYUZkt63FayXnOj3jlLHhAu6sU1t0C
5ekUp1tNFdferZ+bcQWsIVGPJhJZsmxoMBSwGXxlzA2wkMGEH73Rpr93hYDIMTRL
Zvr1c5ZHQ7cP1GQG/0pr/onQQA3eNQKneT346sZNq4AKDeV5WR+4Rv693iqCc/b0
krsuKnEaw5C3dGPtQOhwc3CXhD9SXlo44UmndXf3lIWMs/gFRdtjfa6IQoZK9jAB
2VymIrAp6OotrZj5sFvaqju0yBoFbenYBVR1ZuYe/Y0beqQJgArBYsfR1hFxJo1m
RUcVkN1H
-----END CERTIFICATE-----