Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nljobsnijders/111wEGLfsrCC1YXvRd90Mcgv3so.roa
File:                     111wEGLfsrCC1YXvRd90Mcgv3so.roa (raw, json)
Hash identifier:          aK/B7f1mLzo2P0di31RLAL/n8lybzDgTkqimo9ZZzzQ=
Subject key identifier:   D7:5D:70:10:62:DF:B2:B0:82:D5:85:EF:45:DF:74:31:C8:2F:DE:CA
Certificate issuer:       /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
Certificate serial:       0218CD
Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/111wEGLfsrCC1YXvRd90Mcgv3so.roa
Signing time:             Tue 17 Jun 2025 00:12:28 +0000
ROA not before:           Tue 17 Jun 2025 00:12:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15562
IP address blocks:        2001:67c:208c::/48 maxlen: 48
                          2a0e:b240::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Jun 2025 03:42:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 137421 (0x218cd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
        Validity
            Not Before: Jun 17 00:12:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=D75D701062DFB2B082D585EF45DF7431C82FDECA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:da:f9:7d:cb:17:ac:c2:be:fa:94:03:85:59:
                    bc:21:0a:69:68:c6:fb:7d:08:68:f3:54:28:9c:a6:
                    c0:64:16:ac:fe:a5:11:00:3e:a5:70:6c:1a:68:a4:
                    9f:89:f9:58:c6:43:9f:03:4f:fd:e0:05:25:c3:f3:
                    71:d4:02:fc:d8:e1:a9:00:ec:72:29:65:85:6b:1a:
                    01:46:05:ea:69:fe:47:6e:a4:64:38:e4:f2:ee:75:
                    25:44:76:39:1f:ca:78:c5:5b:d0:6b:6a:1a:0d:c3:
                    f8:02:16:30:01:fb:05:2f:31:0a:01:79:4e:a9:2f:
                    8c:fe:6a:27:f7:50:5d:6b:53:59:cf:e9:94:21:27:
                    3b:9d:15:f3:1a:cc:8a:fe:69:6f:74:ab:1b:be:e0:
                    64:2a:7c:9c:46:fc:a4:6b:e2:d0:e5:f6:c5:52:66:
                    94:3d:f3:1a:ed:2d:4e:3e:e1:c9:e5:ed:89:d4:d8:
                    60:34:60:71:fb:59:e0:1a:d0:2e:a1:18:75:38:5b:
                    93:86:00:09:b6:95:14:28:fa:5b:4b:56:f4:e6:23:
                    ff:ae:41:bf:ce:53:87:58:32:ce:59:53:7a:03:64:
                    7a:2c:86:bf:32:ad:07:52:c0:4f:3a:9d:cc:18:fe:
                    f7:84:d2:55:ae:f8:7a:c1:e7:18:c5:a9:80:26:e7:
                    c8:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:5D:70:10:62:DF:B2:B0:82:D5:85:EF:45:DF:74:31:C8:2F:DE:CA
            X509v3 Authority Key Identifier:
                keyid:CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/111wEGLfsrCC1YXvRd90Mcgv3so.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:208c::/48
                  2a0e:b240::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:b9:6c:43:5e:ac:19:6a:52:d3:83:7e:c9:e9:e4:e3:2f:3b:
         8d:bb:4d:a9:fe:9c:59:e9:65:80:10:c5:83:ec:9e:ae:72:f3:
         f8:53:62:55:68:57:5a:a1:71:a0:66:fe:f5:c1:c8:68:62:b5:
         cc:17:e6:24:f6:fa:e5:61:4a:10:ab:9f:53:a7:57:5a:db:0c:
         4b:75:cc:6e:0f:26:48:6e:df:82:f7:6a:8e:10:33:ff:0d:7c:
         2e:f8:fb:51:fd:a7:d6:68:b4:49:23:66:53:db:1d:76:0f:33:
         42:0e:7c:39:6c:80:b3:88:6e:d6:8e:7a:61:64:a2:1f:60:07:
         11:3c:fe:89:09:8f:4c:59:79:bb:ae:ad:64:d8:ef:da:ec:4f:
         9a:d0:4e:f5:7d:11:82:22:c5:08:df:e6:03:f6:ca:33:67:16:
         e6:21:d1:43:6a:3c:84:9f:67:c5:16:51:03:4f:e3:53:8c:3e:
         52:3d:b2:34:42:8d:ca:27:49:29:44:a6:d1:10:83:9d:5e:7e:
         6e:8d:57:ae:47:a7:df:63:33:bb:11:8f:88:44:fc:d9:fb:bb:
         21:62:82:55:ac:e4:b2:a5:80:fa:4b:30:eb:b9:97:ac:f1:87:
         0b:09:fb:48:43:5b:78:eb:20:bb:83:f7:df:cb:5d:7c:88:aa:
         30:43:e0:80
-----BEGIN CERTIFICATE-----
MIIEvTCCA6WgAwIBAgIDAhjNMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNh
YTgwNWRiYWMzNjQ3NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjUwNjE3
MDAxMjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhENzVENzAxMDYyREZC
MkIwODJENTg1RUY0NURGNzQzMUM4MkZERUNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAxdr5fcsXrMK++pQDhVm8IQppaMb7fQho81QonKbAZBas/qUR
AD6lcGwaaKSfiflYxkOfA0/94AUlw/Nx1AL82OGpAOxyKWWFaxoBRgXqaf5HbqRk
OOTy7nUlRHY5H8p4xVvQa2oaDcP4AhYwAfsFLzEKAXlOqS+M/mon91Bda1NZz+mU
ISc7nRXzGsyK/mlvdKsbvuBkKnycRvyka+LQ5fbFUmaUPfMa7S1OPuHJ5e2J1Nhg
NGBx+1ngGtAuoRh1OFuThgAJtpUUKPpbS1b05iP/rkG/zlOHWDLOWVN6A2R6LIa/
Mq0HUsBPOp3MGP73hNJVrvh6wecYxamAJufIVQIDAQABo4IB2DCCAdQwHQYDVR0O
BBYEFNddcBBi37KwgtWF70XfdDHIL97KMB8GA1UdIwQYMBaAFMqoBdusNkdJubEV
WQq27w+XDNvYMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwZAYDVR0fBF0wWzBZ
oFegVYZTcnN5bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpv
YnNuaWpkZXJzL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jZXIw
DgYDVR0PAQH/BAQDAgeAMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5
bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJz
LzExMXdFR0xmc3JDQzFZWHZSZDkwTWNndjNzby5yb2EwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgACMBIDBwAgAQZ8IIwDBwAqDrJAAAAwDQYJKoZIhvcNAQELBQADggEB
ACS5bENerBlqUtODfsnp5OMvO427Tan+nFnpZYAQxYPsnq5y8/hTYlVoV1qhcaBm
/vXByGhitcwX5iT2+uVhShCrn1OnV1rbDEt1zG4PJkhu34L3ao4QM/8NfC74+1H9
p9ZotEkjZlPbHXYPM0IOfDlsgLOIbtaOemFkoh9gBxE8/okJj0xZebuurWTY79rs
T5rQTvV9EYIixQjf5gP2yjNnFuYh0UNqPISfZ8UWUQNP41OMPlI9sjRCjconSSlE
ptEQg51efm6NV65Hp99jM7sRj4hE/Nn7uyFiglWs5LKlgPpLMOu5l6zxhwsJ+0hD
W3jrILuD99/LXXyIqjBD4IA=
-----END CERTIFICATE-----