Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nlrssf/54pJFpS741CqhECOHb9I9AfdAkc.roa
File:                     54pJFpS741CqhECOHb9I9AfdAkc.roa (raw, json)
Hash identifier:          jFb7dpF+ERXfHDO3DTkg4E34Xe/Iz7Z8o27rRaeuMt4=
Subject key identifier:   E7:8A:49:16:94:BB:E3:50:AA:84:40:8E:1D:BF:48:F4:07:DD:02:47
Certificate issuer:       /CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
Certificate serial:       0283
Authority key identifier: 71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/54pJFpS741CqhECOHb9I9AfdAkc.roa
Signing time:             Sat 20 Apr 2024 15:55:03 +0000
ROA not before:           Sat 20 Apr 2024 15:55:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15562
IP address blocks:        194.104.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 21:55:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 643 (0x283)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
        Validity
            Not Before: Apr 20 15:55:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=E78A491694BBE350AA84408E1DBF48F407DD0247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9d:72:b8:06:57:93:40:16:27:fd:25:75:15:
                    37:96:ea:cc:1c:52:18:c7:ac:07:23:88:86:41:2b:
                    cc:65:c3:4b:9b:73:8e:8d:0f:e3:22:fd:1b:c0:8e:
                    65:d1:43:92:8d:c2:c1:b2:21:6d:c3:68:17:c9:26:
                    63:99:20:f0:44:f6:d5:54:87:58:01:f6:b3:28:5b:
                    93:05:e2:57:53:9e:db:35:eb:69:5f:8b:16:6f:d7:
                    dd:aa:aa:7a:2f:6e:a3:05:05:4d:63:04:d3:d2:f9:
                    d4:02:46:e7:bd:7a:b4:82:9b:b3:f5:3a:05:3c:e3:
                    fa:df:da:b8:2e:bb:4f:cf:9a:6f:6f:74:59:d6:71:
                    3b:4b:d3:23:8c:fd:84:a5:25:f0:66:95:bc:21:8d:
                    07:a5:6e:dd:e9:95:f6:f9:0b:5d:c8:1f:0e:42:50:
                    08:43:33:87:ab:a1:a4:a6:d1:ea:f7:39:75:07:93:
                    f3:fa:b9:bb:e6:13:9c:3d:fd:87:69:ab:ec:0f:65:
                    96:8f:e6:ae:d1:9b:e4:b2:91:b1:03:4f:bc:bb:49:
                    e4:30:87:d8:cb:99:78:e8:dc:c5:6d:e0:91:07:2a:
                    d0:d0:07:de:94:20:08:5c:30:4c:0d:ad:d2:46:3e:
                    af:d3:8b:51:da:6a:d5:da:ee:a4:8c:9e:de:8a:fe:
                    2a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:8A:49:16:94:BB:E3:50:AA:84:40:8E:1D:BF:48:F4:07:DD:02:47
            X509v3 Authority Key Identifier:
                keyid:71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/54pJFpS741CqhECOHb9I9AfdAkc.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:71:1b:ae:39:23:da:f2:20:c6:12:36:71:a9:2d:54:26:15:
         96:bf:b8:73:40:b8:c4:4a:ad:9e:d5:d5:b2:ea:45:1b:a6:a8:
         76:94:35:5b:ca:6a:0a:72:67:92:87:1e:97:18:bd:3d:c3:86:
         28:b0:fb:a8:88:00:1c:98:1f:fe:40:66:8b:fc:91:0c:d0:40:
         e7:db:b0:6b:02:82:e2:4f:26:0c:e9:9d:70:f2:d6:80:39:07:
         11:eb:ab:00:c7:79:f2:04:5f:a4:d5:05:82:0d:2f:1d:06:e3:
         b9:ef:f0:fd:dc:51:6f:b9:b9:0e:5f:c0:32:86:f7:a1:56:ef:
         8e:93:b5:6b:96:bd:c7:c0:64:8d:b0:81:23:86:34:61:a0:7a:
         55:b2:4a:fe:be:4b:2f:f8:b4:76:fd:5b:d8:0b:d0:70:69:03:
         d6:f8:73:c4:fd:40:0c:8b:d1:24:08:fa:90:cf:05:32:a1:3b:
         09:fd:d4:e9:84:f3:17:3f:5e:0d:d3:3d:4c:06:94:78:1e:2c:
         54:c4:bd:b1:f6:92:24:ba:6d:f1:fb:e5:94:f1:3a:da:e4:ae:
         c7:36:ce:0b:51:0b:b0:2e:43:77:50:62:88:60:11:41:3b:0c:
         23:e2:1c:1a:68:99:29:6c:5f:59:dc:c1:15:96:fa:71:e7:80:
         af:f3:c1:47
-----BEGIN CERTIFICATE-----
MIIEojCCA4qgAwIBAgICAoMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzFk
MTRlYmIyNTVkYzA1OGQ0YmZhNWE1MWM5M2Y3M2Y4MzBhYjg4ZjAeFw0yNDA0MjAx
NTU1MDNaFw0yNTA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKEU3OEE0OTE2OTRCQkUz
NTBBQTg0NDA4RTFEQkY0OEY0MDdERDAyNDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCjnXK4BleTQBYn/SV1FTeW6swcUhjHrAcjiIZBK8xlw0ubc46N
D+Mi/RvAjmXRQ5KNwsGyIW3DaBfJJmOZIPBE9tVUh1gB9rMoW5MF4ldTnts162lf
ixZv192qqnovbqMFBU1jBNPS+dQCRue9erSCm7P1OgU84/rf2rguu0/Pmm9vdFnW
cTtL0yOM/YSlJfBmlbwhjQelbt3plfb5C13IHw5CUAhDM4eroaSm0er3OXUHk/P6
ubvmE5w9/Ydpq+wPZZaP5q7Rm+SykbEDT7y7SeQwh9jLmXjo3MVt4JEHKtDQB96U
IAhcMEwNrdJGPq/Ti1HaatXa7qSMnt6K/ipZAgMBAAGjggG+MIIBujAdBgNVHQ4E
FgQU54pJFpS741CqhECOHb9I9AfdAkcwHwYDVR0jBBgwFoAUcdFOuyVdwFjUv6Wl
HJP3P4MKuI8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL2NobG9lLnNvYm9ybm9zdC5uZXQvcnBraS9SSVBFLW5scnNz
Zi9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY2VyMA4GA1UdDwEB
/wQEAwIHgDBoBggrBgEFBQcBCwRcMFowWAYIKwYBBQUHMAuGTHJzeW5jOi8vY2hs
b2Uuc29ib3Jub3N0Lm5ldC9ycGtpL1JJUEUtbmxyc3NmLzU0cEpGcFM3NDFDcWhF
Q09IYjlJOUFmZEFrYy5yb2EwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADC
aIEwDQYJKoZIhvcNAQELBQADggEBAMdxG645I9ryIMYSNnGpLVQmFZa/uHNAuMRK
rZ7V1bLqRRumqHaUNVvKagpyZ5KHHpcYvT3Dhiiw+6iIAByYH/5AZov8kQzQQOfb
sGsCguJPJgzpnXDy1oA5BxHrqwDHefIEX6TVBYINLx0G47nv8P3cUW+5uQ5fwDKG
96FW746TtWuWvcfAZI2wgSOGNGGgelWySv6+Sy/4tHb9W9gL0HBpA9b4c8T9QAyL
0SQI+pDPBTKhOwn91OmE8xc/Xg3TPUwGlHgeLFTEvbH2kiS6bfH75ZTxOtrkrsc2
zgtRC7AuQ3dQYohgEUE7DCPiHBpomSlsX1ncwRWW+nHngK/zwUc=
-----END CERTIFICATE-----