Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/uplift/ZvXBheBEHrnD5oZQcJOFzY2nrRE.roa
File:                     ZvXBheBEHrnD5oZQcJOFzY2nrRE.roa (raw, json)
Hash identifier:          akfKJynCny6fdmvZG55CYtuYqODoiwR+V5/cdqkMxvQ=
Subject key identifier:   66:F5:C1:85:E0:44:1E:B9:C3:E6:86:50:70:93:85:CD:8D:A7:AD:11
Certificate issuer:       /CN=dc9ecb0fb71020496e3bc2240dd29e4208c1ea28
Certificate serial:       1F
Authority key identifier: DC:9E:CB:0F:B7:10:20:49:6E:3B:C2:24:0D:D2:9E:42:08:C1:EA:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3J7LD7cQIEluO8IkDdKeQgjB6ig.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/uplift/ZvXBheBEHrnD5oZQcJOFzY2nrRE.roa
Signing time:             Sun 11 Feb 2024 14:16:30 +0000
ROA not before:           Sun 11 Feb 2024 14:16:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1883
IP address blocks:        2001:67c:2938::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/uplift/3J7LD7cQIEluO8IkDdKeQgjB6ig.crl
                          rsync://chloe.sobornost.net/rpki/uplift/3J7LD7cQIEluO8IkDdKeQgjB6ig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3J7LD7cQIEluO8IkDdKeQgjB6ig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:31:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 31 (0x1f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc9ecb0fb71020496e3bc2240dd29e4208c1ea28
        Validity
            Not Before: Feb 11 14:16:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66F5C185E0441EB9C3E68650709385CD8DA7AD11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7f:da:0c:cd:6e:a3:e3:14:7e:47:f1:c2:75:
                    39:49:bf:3c:af:f8:48:d9:7f:f9:5e:1e:97:b9:f8:
                    ec:a9:45:eb:9a:99:b5:51:c6:64:bc:ce:48:5b:3e:
                    36:87:2d:93:94:17:41:4d:9b:cc:62:f0:7e:55:18:
                    57:fa:b2:2d:ff:aa:d2:05:0a:71:44:23:22:66:5b:
                    31:43:df:85:e8:bf:6f:a5:33:3f:79:7d:2e:ed:b6:
                    fe:32:33:82:96:0b:16:26:9b:d3:8e:50:05:50:a1:
                    ed:4b:92:95:eb:ee:be:86:22:d3:29:3d:c9:42:dc:
                    c4:8f:7f:38:57:2d:32:85:81:9e:d3:a7:e3:39:4c:
                    3a:06:14:78:df:69:da:f5:72:69:80:9d:3f:e0:aa:
                    49:12:a5:29:2a:f2:18:2f:bc:fe:76:db:39:12:ff:
                    cb:96:99:0d:f3:c2:62:28:14:8f:38:00:4c:25:07:
                    c4:2a:6d:24:f0:39:c6:36:5f:81:1c:17:93:6c:41:
                    9d:0b:50:70:8c:4f:d1:19:c9:58:34:5b:95:c0:13:
                    a4:ae:51:ab:4a:d9:88:03:d4:8e:86:de:99:40:8a:
                    ca:ea:46:51:97:f5:c7:b1:78:1e:50:67:c1:f3:0d:
                    cd:1e:99:c7:07:cb:d0:db:88:1e:52:f5:f8:fd:bb:
                    f7:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:F5:C1:85:E0:44:1E:B9:C3:E6:86:50:70:93:85:CD:8D:A7:AD:11
            X509v3 Authority Key Identifier:
                keyid:DC:9E:CB:0F:B7:10:20:49:6E:3B:C2:24:0D:D2:9E:42:08:C1:EA:28

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/uplift/3J7LD7cQIEluO8IkDdKeQgjB6ig.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3J7LD7cQIEluO8IkDdKeQgjB6ig.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/uplift/ZvXBheBEHrnD5oZQcJOFzY2nrRE.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2938::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:c6:c9:c7:d9:60:05:bd:db:58:12:09:b0:49:6b:f2:26:60:
         34:53:fc:0c:89:96:e6:f0:7c:77:db:0b:dd:9e:57:14:18:e0:
         d5:5a:e1:97:ce:26:d6:49:c6:6f:24:99:2a:df:70:42:c5:33:
         70:9d:3c:16:ac:6d:71:65:1a:c3:b8:a4:9c:40:ec:b2:3d:e9:
         ff:83:dd:b2:91:eb:e4:59:a5:f6:16:3c:53:21:ab:ba:24:8e:
         6b:a4:4f:09:50:c0:fc:54:2c:83:2b:92:ac:26:4d:47:b7:84:
         1a:d7:53:39:5c:cd:e1:42:12:49:0c:1d:b1:f8:b4:95:43:72:
         65:c0:74:2c:bf:f7:b2:13:cf:bb:09:be:90:95:db:65:28:f3:
         35:fd:67:d0:c2:25:12:be:bf:8c:32:65:49:cd:70:88:67:12:
         d3:6a:7f:b6:2f:14:e8:ca:1e:73:c7:7c:51:3e:cc:67:31:aa:
         a7:1b:48:66:c8:5d:66:79:0a:e6:55:54:3a:d7:05:a2:a1:8d:
         98:d3:fa:cf:f6:c0:0a:59:9d:f0:cc:c1:3b:c7:2c:d6:2a:4c:
         fc:76:36:c1:ff:df:d2:cc:20:83:f8:66:d8:99:a5:6e:96:45:
         de:98:9b:28:a3:b9:52:f2:63:a8:3a:cc:64:f3:b5:20:7d:2e:
         3e:08:16:8d
-----BEGIN CERTIFICATE-----
MIIEmjCCA4KgAwIBAgIBHzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhkYzll
Y2IwZmI3MTAyMDQ5NmUzYmMyMjQwZGQyOWU0MjA4YzFlYTI4MB4XDTI0MDIxMTE0
MTYzMFoXDTI1MDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjZGNUMxODVFMDQ0MUVC
OUMzRTY4NjUwNzA5Mzg1Q0Q4REE3QUQxMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMB/2gzNbqPjFH5H8cJ1OUm/PK/4SNl/+V4el7n47KlF65qZtVHG
ZLzOSFs+Noctk5QXQU2bzGLwflUYV/qyLf+q0gUKcUQjImZbMUPfhei/b6UzP3l9
Lu22/jIzgpYLFiab045QBVCh7UuSlevuvoYi0yk9yULcxI9/OFctMoWBntOn4zlM
OgYUeN9p2vVyaYCdP+CqSRKlKSryGC+8/nbbORL/y5aZDfPCYigUjzgATCUHxCpt
JPA5xjZfgRwXk2xBnQtQcIxP0RnJWDRblcATpK5Rq0rZiAPUjobemUCKyupGUZf1
x7F4HlBnwfMNzR6ZxwfL0NuIHlL1+P2798kCAwEAAaOCAbcwggGzMB0GA1UdDgQW
BBRm9cGF4EQeucPmhlBwk4XNjaetETAfBgNVHSMEGDAWgBTcnssPtxAgSW47wiQN
0p5CCMHqKDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFgGA1UdHwRRME8wTaBL
oEmGR3JzeW5jOi8vY2hsb2Uuc29ib3Jub3N0Lm5ldC9ycGtpL3VwbGlmdC8zSjdM
RDdjUUlFbHVPOElrRGRLZVFnakI2aWcuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggr
BgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVM
VC8zSjdMRDdjUUlFbHVPOElrRGRLZVFnakI2aWcuY2VyMA4GA1UdDwEB/wQEAwIH
gDBjBggrBgEFBQcBCwRXMFUwUwYIKwYBBQUHMAuGR3JzeW5jOi8vY2hsb2Uuc29i
b3Jub3N0Lm5ldC9ycGtpL3VwbGlmdC9adlhCaGVCRUhybkQ1b1pRY0pPRnpZMm5y
UkUucm9hMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCk4MA0GCSqG
SIb3DQEBCwUAA4IBAQAyxsnH2WAFvdtYEgmwSWvyJmA0U/wMiZbm8Hx32wvdnlcU
GODVWuGXzibWScZvJJkq33BCxTNwnTwWrG1xZRrDuKScQOyyPen/g92ykevkWaX2
FjxTIau6JI5rpE8JUMD8VCyDK5KsJk1Ht4Qa11M5XM3hQhJJDB2x+LSVQ3JlwHQs
v/eyE8+7Cb6QldtlKPM1/WfQwiUSvr+MMmVJzXCIZxLTan+2LxToyh5zx3xRPsxn
MaqnG0hmyF1meQrmVVQ61wWioY2Y0/rP9sAKWZ3wzME7xyzWKkz8djbB/9/SzCCD
+GbYmaVulkXemJsoo7lS8mOoOsxk87UgfS4+CBaN
-----END CERTIFICATE-----