Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nlrssf/kxdySWYwnBc7efY4yR7ByVdwT9A.roa
File:                     kxdySWYwnBc7efY4yR7ByVdwT9A.roa (raw, json)
Hash identifier:          AoFwOsSHHVvLXQw+rfg/arXTi/XDZiZSBMBYWLsyTEc=
Subject key identifier:   93:17:72:49:66:30:9C:17:3B:79:F6:38:C9:1E:C1:C9:57:70:4F:D0
Certificate issuer:       /CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
Certificate serial:       0469
Authority key identifier: 71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/kxdySWYwnBc7efY4yR7ByVdwT9A.roa
Signing time:             Thu 13 Jun 2024 15:55:03 +0000
ROA not before:           Thu 13 Jun 2024 15:55:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15562
IP address blocks:        194.104.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 21:55:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1129 (0x469)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
        Validity
            Not Before: Jun 13 15:55:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9317724966309C173B79F638C91EC1C957704FD0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fc:6a:c9:9a:bc:a8:03:16:30:e7:4b:25:6f:
                    77:ad:7f:9e:a2:7d:71:1c:48:5f:c5:b1:3d:5e:5d:
                    18:cf:7d:b4:2c:fd:2d:78:d1:cc:77:e4:7f:42:38:
                    b9:98:94:6e:8f:19:dc:07:43:d4:9d:a9:a3:5c:2f:
                    36:4c:ef:47:38:02:51:1c:41:fb:02:c9:38:4d:a7:
                    75:96:d4:18:55:22:f0:59:dd:3c:dc:6d:4e:d3:71:
                    ea:cd:40:87:e3:55:85:83:79:19:9a:63:c4:65:ec:
                    09:3a:9e:5a:89:98:20:a4:84:2e:dc:b3:8c:66:4e:
                    89:f0:66:1f:5f:24:7f:c4:1b:af:f6:88:34:f6:5f:
                    7a:51:ff:68:d2:d5:d5:92:73:d9:43:7c:d1:83:85:
                    ad:f6:92:51:6f:73:c6:f6:ab:a2:11:ce:8d:84:29:
                    69:78:4d:a8:41:07:7b:89:80:98:30:04:1d:91:c7:
                    c0:f8:72:84:fb:d1:c3:0a:ae:c6:1d:de:68:b2:e4:
                    cd:29:20:02:de:67:ba:94:9c:4a:00:63:78:11:8f:
                    3c:dd:06:79:49:6b:b2:a2:ab:86:c6:e2:6e:59:7c:
                    4e:7e:cc:91:64:cf:9f:6b:f5:08:d0:a2:b9:35:8e:
                    1c:16:fd:ce:ba:13:39:2d:1f:2b:50:c0:23:66:a6:
                    92:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:17:72:49:66:30:9C:17:3B:79:F6:38:C9:1E:C1:C9:57:70:4F:D0
            X509v3 Authority Key Identifier:
                keyid:71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/kxdySWYwnBc7efY4yR7ByVdwT9A.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:33:90:f7:fa:05:3a:66:d9:40:57:71:36:f1:9f:53:46:75:
         f7:59:23:7a:f0:33:ec:67:3b:aa:09:e7:18:92:ef:99:a8:23:
         04:74:73:c6:e6:b2:d7:a5:25:2e:0e:55:16:68:e1:79:7f:7e:
         4d:a2:2b:64:a9:b7:7c:53:67:e5:96:bc:de:8f:01:18:c9:f6:
         f6:4c:27:e6:c2:45:5a:64:a4:31:3d:a3:3e:0b:ec:08:90:7a:
         fe:51:98:aa:55:fb:94:2b:7b:96:ba:fb:9c:0e:de:96:bf:92:
         56:a6:4b:59:ec:e3:c8:75:d0:b2:17:8e:4b:eb:34:a1:97:f0:
         d1:aa:1b:37:b0:de:9a:74:e5:28:a9:24:4d:86:24:27:dd:83:
         88:fc:77:9e:bc:78:1c:ed:89:d3:0b:dd:0e:c6:93:cd:a0:29:
         a4:f1:f6:0a:4e:30:04:94:65:21:15:44:c5:0a:b1:05:31:55:
         f4:62:c5:2d:6a:fb:38:2a:81:f4:97:f8:e8:b3:eb:03:cb:23:
         59:43:32:d7:61:44:6e:5f:5c:23:be:3a:b1:89:eb:f8:b6:6f:
         f5:7f:c8:d5:4e:72:2c:01:90:e6:db:30:b9:61:1c:66:d6:0c:
         a6:dc:bd:e9:f0:67:43:69:84:45:e9:36:fb:72:00:33:aa:a5:
         76:74:40:8b
-----BEGIN CERTIFICATE-----
MIIEojCCA4qgAwIBAgICBGkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzFk
MTRlYmIyNTVkYzA1OGQ0YmZhNWE1MWM5M2Y3M2Y4MzBhYjg4ZjAeFw0yNDA2MTMx
NTU1MDNaFw0yNTA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKDkzMTc3MjQ5NjYzMDlD
MTczQjc5RjYzOEM5MUVDMUM5NTc3MDRGRDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCg/GrJmryoAxYw50slb3etf56ifXEcSF/FsT1eXRjPfbQs/S14
0cx35H9COLmYlG6PGdwHQ9SdqaNcLzZM70c4AlEcQfsCyThNp3WW1BhVIvBZ3Tzc
bU7TcerNQIfjVYWDeRmaY8Rl7Ak6nlqJmCCkhC7cs4xmTonwZh9fJH/EG6/2iDT2
X3pR/2jS1dWSc9lDfNGDha32klFvc8b2q6IRzo2EKWl4TahBB3uJgJgwBB2Rx8D4
coT70cMKrsYd3miy5M0pIALeZ7qUnEoAY3gRjzzdBnlJa7Kiq4bG4m5ZfE5+zJFk
z59r9QjQork1jhwW/c66EzktHytQwCNmppLZAgMBAAGjggG+MIIBujAdBgNVHQ4E
FgQUkxdySWYwnBc7efY4yR7ByVdwT9AwHwYDVR0jBBgwFoAUcdFOuyVdwFjUv6Wl
HJP3P4MKuI8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL2NobG9lLnNvYm9ybm9zdC5uZXQvcnBraS9SSVBFLW5scnNz
Zi9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY2VyMA4GA1UdDwEB
/wQEAwIHgDBoBggrBgEFBQcBCwRcMFowWAYIKwYBBQUHMAuGTHJzeW5jOi8vY2hs
b2Uuc29ib3Jub3N0Lm5ldC9ycGtpL1JJUEUtbmxyc3NmL2t4ZHlTV1l3bkJjN2Vm
WTR5UjdCeVZkd1Q5QS5yb2EwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADC
aIEwDQYJKoZIhvcNAQELBQADggEBAGczkPf6BTpm2UBXcTbxn1NGdfdZI3rwM+xn
O6oJ5xiS75moIwR0c8bmstelJS4OVRZo4Xl/fk2iK2Spt3xTZ+WWvN6PARjJ9vZM
J+bCRVpkpDE9oz4L7AiQev5RmKpV+5Qre5a6+5wO3pa/klamS1ns48h10LIXjkvr
NKGX8NGqGzew3pp05SipJE2GJCfdg4j8d568eBztidML3Q7Gk82gKaTx9gpOMASU
ZSEVRMUKsQUxVfRixS1q+zgqgfSX+Oiz6wPLI1lDMtdhRG5fXCO+OrGJ6/i2b/V/
yNVOciwBkObbMLlhHGbWDKbcvenwZ0NphEXpNvtyADOqpXZ0QIs=
-----END CERTIFICATE-----