Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nljobsnijders/vZ3Sm3I0wSLkRqEdxfGIQq2tc_Q.roa
File:                     vZ3Sm3I0wSLkRqEdxfGIQq2tc_Q.roa (raw, json)
Hash identifier:          pSiMtBRZFYgo4axcGh/aA1GQExZv4yNENUID79BT26Y=
Subject key identifier:   BD:9D:D2:9B:72:34:C1:22:E4:46:A1:1D:C5:F1:88:42:AD:AD:73:F4
Certificate issuer:       /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
Certificate serial:       016C27
Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/vZ3Sm3I0wSLkRqEdxfGIQq2tc_Q.roa
Signing time:             Thu 15 Feb 2024 17:04:03 +0000
ROA not before:           Thu 15 Feb 2024 17:04:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a0e:b240::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 06:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 93223 (0x16c27)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
        Validity
            Not Before: Feb 15 17:04:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=BD9DD29B7234C122E446A11DC5F18842ADAD73F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8e:98:99:ed:d6:92:97:3d:d0:3c:f5:c9:6e:
                    5e:a3:83:12:ab:6a:2a:85:2e:f0:13:fd:7e:31:a7:
                    0e:74:1a:a6:89:df:61:79:d6:ac:a4:b7:22:d0:74:
                    ac:2d:e5:36:6f:3d:34:f8:5d:76:2c:f7:28:22:b0:
                    a7:11:da:f7:a0:39:14:93:fa:3c:3c:16:b6:be:11:
                    ea:9d:ec:5a:83:6b:86:07:64:e0:fc:05:60:22:61:
                    06:ff:d0:f5:97:4d:5c:58:06:20:89:7e:10:1e:31:
                    de:ce:1e:40:f8:e5:74:c7:cc:99:2b:fa:21:75:cc:
                    f1:38:47:2c:c5:d9:75:53:6a:57:67:4f:50:1f:34:
                    81:01:ea:da:4e:24:51:2e:a5:ae:b0:09:8e:e7:b1:
                    c4:db:bb:e5:ab:de:90:cc:b3:5a:d6:56:11:88:f8:
                    f8:93:ec:d8:4b:b9:31:ca:48:56:60:e3:63:c1:72:
                    e0:ec:c8:9d:3e:86:35:04:71:b5:34:f2:f6:bb:4f:
                    45:69:75:5b:50:63:ad:74:55:c1:07:1b:42:c0:2e:
                    c6:4e:f1:94:47:38:6f:c5:bb:8e:0e:69:db:ad:f9:
                    0d:30:29:2a:27:b7:3a:e1:23:27:39:c0:18:40:e3:
                    cf:f7:b8:df:67:ac:cd:17:5b:5f:18:e8:2a:e4:cd:
                    f5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:9D:D2:9B:72:34:C1:22:E4:46:A1:1D:C5:F1:88:42:AD:AD:73:F4
            X509v3 Authority Key Identifier:
                keyid:CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/vZ3Sm3I0wSLkRqEdxfGIQq2tc_Q.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b240::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:f1:eb:25:2f:c9:a5:7e:57:33:27:a3:53:3a:c3:84:e9:0a:
         de:23:19:53:c4:5a:48:90:c2:89:b5:af:d5:a8:1f:04:2f:4e:
         9e:1c:2d:0d:2e:84:3e:54:7a:15:6b:a6:4b:f3:53:84:91:96:
         01:13:45:85:97:1e:a5:06:be:22:30:c5:98:3f:1c:3e:06:e1:
         af:9e:f3:63:02:53:1d:f6:aa:0d:0b:ac:e1:30:15:71:31:a9:
         24:94:c6:e6:9a:9b:d2:52:12:e5:2c:c9:07:4f:b6:8a:aa:25:
         cf:13:e3:2e:c0:a4:d0:03:b8:9f:27:ce:73:5e:b7:ca:c1:5c:
         ec:81:ae:5a:95:3a:53:ac:c5:9a:c8:85:59:05:bc:8a:0b:bb:
         4e:28:9d:7e:71:57:a8:f2:94:6c:19:45:5d:b4:98:f7:5a:66:
         f6:63:cb:3c:29:cc:55:55:8c:05:b1:4c:9b:c6:f1:12:80:db:
         89:b9:15:04:25:ec:b0:22:b9:ab:06:77:96:55:63:66:af:1e:
         e6:24:5a:76:75:7d:32:da:98:7c:36:70:e7:19:5d:fb:96:62:
         6d:44:97:19:64:3d:0d:53:68:06:c6:29:3a:66:e9:14:2e:81:
         24:48:c9:6c:1d:92:7a:fa:4e:64:e0:d1:72:0d:d4:51:aa:fa:
         e4:28:6d:f4
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIDAWwnMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNh
YTgwNWRiYWMzNjQ3NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjQwMjE1
MTcwNDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhCRDlERDI5QjcyMzRD
MTIyRTQ0NkExMURDNUYxODg0MkFEQUQ3M0Y0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqo6Yme3Wkpc90Dz1yW5eo4MSq2oqhS7wE/1+MacOdBqmid9h
edaspLci0HSsLeU2bz00+F12LPcoIrCnEdr3oDkUk/o8PBa2vhHqnexag2uGB2Tg
/AVgImEG/9D1l01cWAYgiX4QHjHezh5A+OV0x8yZK/ohdczxOEcsxdl1U2pXZ09Q
HzSBAeraTiRRLqWusAmO57HE27vlq96QzLNa1lYRiPj4k+zYS7kxykhWYONjwXLg
7MidPoY1BHG1NPL2u09FaXVbUGOtdFXBBxtCwC7GTvGURzhvxbuODmnbrfkNMCkq
J7c64SMnOcAYQOPP97jfZ6zNF1tfGOgq5M31XQIDAQABo4IBzTCCAckwHQYDVR0O
BBYEFL2d0ptyNMEi5EahHcXxiEKtrXP0MB8GA1UdIwQYMBaAFMqoBdusNkdJubEV
WQq27w+XDNvYMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwZAYDVR0fBF0wWzBZ
oFegVYZTcnN5bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpv
YnNuaWpkZXJzL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jZXIw
DgYDVR0PAQH/BAQDAgeAMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5
bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJz
L3ZaM1NtM0kwd1NMa1JxRWR4ZkdJUXEydGNfUS5yb2EwIAYIKwYBBQUHAQcBAf8E
ETAPMA0EAgACMAcDBQMqDrJAMA0GCSqGSIb3DQEBCwUAA4IBAQAb8eslL8mlflcz
J6NTOsOE6QreIxlTxFpIkMKJta/VqB8EL06eHC0NLoQ+VHoVa6ZL81OEkZYBE0WF
lx6lBr4iMMWYPxw+BuGvnvNjAlMd9qoNC6zhMBVxMakklMbmmpvSUhLlLMkHT7aK
qiXPE+MuwKTQA7ifJ85zXrfKwVzsga5alTpTrMWayIVZBbyKC7tOKJ1+cVeo8pRs
GUVdtJj3Wmb2Y8s8KcxVVYwFsUybxvESgNuJuRUEJeywIrmrBneWVWNmrx7mJFp2
dX0y2ph8NnDnGV37lmJtRJcZZD0NU2gGxik6ZukULoEkSMlsHZJ6+k5k4NFyDdRR
qvrkKG30
-----END CERTIFICATE-----