Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nlrssf/sTZvxZ1Ee9YPSKPuwb4RDb453zA.roa
File:                     sTZvxZ1Ee9YPSKPuwb4RDb453zA.roa (raw, json)
Hash identifier:          r+lgxyeMKx1C33EBu+CX6OGE3BoPaDbCvpBPutAAzmA=
Subject key identifier:   B1:36:6F:C5:9D:44:7B:D6:0F:48:A3:EE:C1:BE:11:0D:BE:39:DF:30
Certificate issuer:       /CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
Certificate serial:       046F
Authority key identifier: 71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/sTZvxZ1Ee9YPSKPuwb4RDb453zA.roa
Signing time:             Fri 14 Jun 2024 07:55:02 +0000
ROA not before:           Fri 14 Jun 2024 07:55:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15562
IP address blocks:        194.104.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 13:55:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1135 (0x46f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
        Validity
            Not Before: Jun 14 07:55:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=B1366FC59D447BD60F48A3EEC1BE110DBE39DF30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b3:d3:07:32:9c:e8:d6:8c:13:c9:92:7a:25:
                    07:fa:53:74:ea:49:19:05:3c:32:31:ee:e0:7f:70:
                    3e:6e:8a:6d:80:ed:19:42:0f:77:a6:9b:77:d4:45:
                    a0:3a:a8:45:bb:d1:8a:76:95:32:f2:cb:b6:4c:39:
                    b5:f1:1e:a7:76:ac:37:04:66:58:0b:eb:5e:80:5d:
                    63:42:57:9f:1c:8f:a8:9b:e7:7e:89:21:d6:2d:6f:
                    c0:60:07:d8:da:58:87:1e:2c:b6:0c:a3:28:d2:9b:
                    be:89:78:e8:2b:ae:b3:05:61:0e:49:c8:7e:43:11:
                    29:41:be:10:bb:7c:4a:e8:0e:38:68:71:74:c6:4e:
                    b5:d0:47:58:3c:50:21:5c:c0:51:a4:0d:85:60:d1:
                    20:28:1c:6e:7e:55:72:cf:25:86:9c:20:14:42:c7:
                    c3:3a:4d:bd:91:a8:b6:2b:24:4b:f7:e8:25:25:98:
                    c3:39:d8:79:88:69:26:f6:5e:7d:59:1e:e5:0b:e3:
                    7f:c3:40:49:db:12:ee:64:5a:16:cc:e3:25:ff:52:
                    12:f6:b6:eb:2b:d7:65:bb:83:be:ac:c7:19:3c:ce:
                    eb:f9:1d:b6:73:0e:f7:04:9e:19:25:6f:f6:00:18:
                    65:a8:01:b0:0a:36:0e:0a:29:2b:0f:90:78:da:c8:
                    da:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:36:6F:C5:9D:44:7B:D6:0F:48:A3:EE:C1:BE:11:0D:BE:39:DF:30
            X509v3 Authority Key Identifier:
                keyid:71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/sTZvxZ1Ee9YPSKPuwb4RDb453zA.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:cb:95:c0:69:51:b3:2d:25:bb:69:d3:51:b4:70:64:c5:d1:
         b6:05:ec:e8:3e:a3:58:1c:0c:43:5a:88:fa:e5:7c:ba:fb:07:
         d2:8d:3d:2b:d5:16:d5:7d:f5:11:0d:f5:18:14:3c:61:ad:7a:
         8b:ab:6b:81:3f:96:6f:57:31:69:aa:3e:38:45:b4:eb:d3:53:
         1e:f4:13:6e:06:93:c3:69:80:6a:19:13:8f:c1:7d:72:a6:bc:
         4b:24:e8:72:e3:6c:01:22:d6:cb:88:2f:89:4e:1a:24:c6:21:
         4f:c6:ab:89:a9:3b:03:4b:f0:66:42:9e:91:e7:36:9c:ab:b3:
         d6:0f:7c:3c:ac:c4:b0:71:3a:e7:d1:5b:1a:af:7f:dc:8e:0b:
         75:cb:0b:27:9b:b5:e9:26:7f:0a:49:d3:a3:85:e5:e9:b2:44:
         31:d0:6c:7f:cb:e8:93:e1:b6:c2:b8:32:c7:a9:8e:02:20:d0:
         f1:3f:73:7f:ed:70:94:42:3c:d8:69:12:d6:35:14:57:8e:98:
         08:ad:3e:cf:cf:2f:c4:6f:7d:b3:ce:4e:2a:0d:8f:14:6c:0e:
         75:b8:c6:f1:5a:94:cc:31:1f:21:d8:8f:9d:d7:e8:b7:8a:75:
         77:3a:26:3c:04:2a:43:4c:d0:fe:f6:f5:64:0f:eb:ee:03:d5:
         63:f6:6c:75
-----BEGIN CERTIFICATE-----
MIIEojCCA4qgAwIBAgICBG8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzFk
MTRlYmIyNTVkYzA1OGQ0YmZhNWE1MWM5M2Y3M2Y4MzBhYjg4ZjAeFw0yNDA2MTQw
NzU1MDJaFw0yNTA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKEIxMzY2RkM1OUQ0NDdC
RDYwRjQ4QTNFRUMxQkUxMTBEQkUzOURGMzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvs9MHMpzo1owTyZJ6JQf6U3TqSRkFPDIx7uB/cD5uim2A7RlC
D3emm3fURaA6qEW70Yp2lTLyy7ZMObXxHqd2rDcEZlgL616AXWNCV58cj6ib536J
IdYtb8BgB9jaWIceLLYMoyjSm76JeOgrrrMFYQ5JyH5DESlBvhC7fEroDjhocXTG
TrXQR1g8UCFcwFGkDYVg0SAoHG5+VXLPJYacIBRCx8M6Tb2RqLYrJEv36CUlmMM5
2HmIaSb2Xn1ZHuUL43/DQEnbEu5kWhbM4yX/UhL2tusr12W7g76sxxk8zuv5HbZz
DvcEnhklb/YAGGWoAbAKNg4KKSsPkHjayNq9AgMBAAGjggG+MIIBujAdBgNVHQ4E
FgQUsTZvxZ1Ee9YPSKPuwb4RDb453zAwHwYDVR0jBBgwFoAUcdFOuyVdwFjUv6Wl
HJP3P4MKuI8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL2NobG9lLnNvYm9ybm9zdC5uZXQvcnBraS9SSVBFLW5scnNz
Zi9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY2VyMA4GA1UdDwEB
/wQEAwIHgDBoBggrBgEFBQcBCwRcMFowWAYIKwYBBQUHMAuGTHJzeW5jOi8vY2hs
b2Uuc29ib3Jub3N0Lm5ldC9ycGtpL1JJUEUtbmxyc3NmL3NUWnZ4WjFFZTlZUFNL
UHV3YjRSRGI0NTN6QS5yb2EwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADC
aIEwDQYJKoZIhvcNAQELBQADggEBABjLlcBpUbMtJbtp01G0cGTF0bYF7Og+o1gc
DENaiPrlfLr7B9KNPSvVFtV99REN9RgUPGGteoura4E/lm9XMWmqPjhFtOvTUx70
E24Gk8NpgGoZE4/BfXKmvEsk6HLjbAEi1suIL4lOGiTGIU/Gq4mpOwNL8GZCnpHn
Npyrs9YPfDysxLBxOufRWxqvf9yOC3XLCyebtekmfwpJ06OF5emyRDHQbH/L6JPh
tsK4MsepjgIg0PE/c3/tcJRCPNhpEtY1FFeOmAitPs/PL8RvfbPOTioNjxRsDnW4
xvFalMwxHyHYj53X6LeKdXc6JjwEKkNM0P729WQP6+4D1WP2bHU=
-----END CERTIFICATE-----