Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nljobsnijders/24uSj6d9yFEzM1IYGdo__5uEBPY.roa
File:                     24uSj6d9yFEzM1IYGdo__5uEBPY.roa (raw, json)
Hash identifier:          DtxL/u87fjMOKyBnV7+iNV5ne3q1D1b7KSFLOhOujhk=
Subject key identifier:   DB:8B:92:8F:A7:7D:C8:51:33:33:52:18:19:DA:3F:FF:9B:84:04:F6
Certificate issuer:       /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
Certificate serial:       026C8C
Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/24uSj6d9yFEzM1IYGdo__5uEBPY.roa
Signing time:             Thu 09 Apr 2026 10:24:49 +0000
ROA not before:           Thu 09 Apr 2026 10:24:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15562
IP address blocks:        2a0e:b240:118::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:28:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 158860 (0x26c8c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
        Validity
            Not Before: Apr  9 10:24:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=DB8B928FA77DC8513333521819DA3FFF9B8404F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e4:b2:31:5c:4f:7b:c0:3c:b6:da:3c:70:c2:
                    ab:c4:9f:7c:36:5b:b7:b0:12:5a:ef:df:69:7c:44:
                    7e:a6:b0:dd:38:94:aa:26:a6:37:6a:5a:f2:53:f3:
                    6b:fc:38:7c:21:d7:90:e3:1a:41:22:53:fe:21:19:
                    b2:b9:be:06:fe:3a:03:31:b8:63:65:c0:87:02:43:
                    cf:35:a4:39:5e:74:a5:a3:f0:e7:a2:bb:ff:2a:cb:
                    4a:21:3a:7f:cd:ce:5d:f2:8e:a5:70:50:1c:f3:d1:
                    1c:7c:7f:54:00:63:33:92:d8:f1:ac:9e:e8:41:0c:
                    7f:dd:ff:21:e7:4d:d2:bf:4d:d2:a4:18:51:c8:a3:
                    99:ff:ef:e1:b6:22:57:5d:fe:db:db:81:11:72:0a:
                    e9:98:f7:7c:20:26:8a:92:2c:aa:ec:a1:c3:c2:42:
                    bd:c2:b7:f5:f0:fb:3c:b2:05:62:02:69:88:5d:53:
                    78:a3:29:a5:9a:59:ec:59:55:7c:0b:9c:4a:88:22:
                    f8:58:bc:41:d1:af:c5:72:41:b2:91:5e:b8:d4:05:
                    a1:1d:2e:91:7a:96:49:94:7a:62:29:64:99:a6:c7:
                    40:55:8d:6b:68:c0:b3:76:d5:55:b7:36:c7:6c:92:
                    6e:d5:c7:bd:38:51:87:fa:7d:da:4f:e4:53:d4:f9:
                    87:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:8B:92:8F:A7:7D:C8:51:33:33:52:18:19:DA:3F:FF:9B:84:04:F6
            X509v3 Authority Key Identifier:
                keyid:CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/24uSj6d9yFEzM1IYGdo__5uEBPY.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b240:118::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:43:35:44:7f:44:f1:98:48:93:26:b1:4f:3e:1d:e2:07:7c:
         61:20:e2:3c:3b:50:64:2f:41:8c:ca:fd:a7:72:99:fe:00:26:
         46:84:6e:f2:49:78:27:ac:7d:3c:3b:06:fa:bf:37:18:5f:00:
         63:84:e0:8b:28:8c:73:7e:ed:c3:cc:24:a7:a0:ef:ab:35:d3:
         c6:fc:90:36:da:82:fc:be:f4:41:74:ac:c1:5b:2c:ca:e3:f4:
         3a:f9:df:bf:54:0b:93:aa:00:51:a2:f7:d0:57:3e:85:95:ff:
         c0:97:b7:19:8e:b3:43:05:c7:01:4c:39:63:8d:09:4a:b7:53:
         fd:c6:97:ed:d6:c2:d6:b2:13:be:66:07:86:52:b0:aa:58:1c:
         af:17:39:ed:0f:1e:72:01:50:13:2d:26:47:2f:92:be:28:74:
         82:a0:7b:8e:4c:da:35:19:7d:46:94:4d:ff:8d:1e:87:71:ac:
         ef:a5:31:4f:3d:9d:d8:60:06:73:70:17:55:0d:bf:0f:49:e9:
         9f:56:dd:09:e7:be:12:47:4c:cc:df:86:bf:cc:7f:02:94:ce:
         da:2c:83:a0:32:f0:1a:f3:7d:bf:41:75:c6:ce:55:c3:cb:25:
         d0:e0:c0:4e:d8:49:0a:08:50:79:bb:26:b4:91:eb:3b:d8:62:
         ae:d3:11:6a
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIDAmyMMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNh
YTgwNWRiYWMzNjQ3NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjYwNDA5
MTAyNDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhEQjhCOTI4RkE3N0RD
ODUxMzMzMzUyMTgxOURBM0ZGRjlCODQwNEY2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAzeSyMVxPe8A8tto8cMKrxJ98Nlu3sBJa799pfER+prDdOJSq
JqY3alryU/Nr/Dh8IdeQ4xpBIlP+IRmyub4G/joDMbhjZcCHAkPPNaQ5XnSlo/Dn
orv/KstKITp/zc5d8o6lcFAc89EcfH9UAGMzktjxrJ7oQQx/3f8h503Sv03SpBhR
yKOZ/+/htiJXXf7b24ERcgrpmPd8ICaKkiyq7KHDwkK9wrf18Ps8sgViAmmIXVN4
oymlmlnsWVV8C5xKiCL4WLxB0a/FckGykV641AWhHS6RepZJlHpiKWSZpsdAVY1r
aMCzdtVVtzbHbJJu1ce9OFGH+n3aT+RT1PmHDQIDAQABo4IBzzCCAcswHQYDVR0O
BBYEFNuLko+nfchRMzNSGBnaP/+bhAT2MB8GA1UdIwQYMBaAFMqoBdusNkdJubEV
WQq27w+XDNvYMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwZAYDVR0fBF0wWzBZ
oFegVYZTcnN5bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpv
YnNuaWpkZXJzL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jZXIw
DgYDVR0PAQH/BAQDAgeAMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5
bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJz
LzI0dVNqNmQ5eUZFek0xSVlHZG9fXzV1RUJQWS5yb2EwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAqDrJAARgwDQYJKoZIhvcNAQELBQADggEBALJDNUR/RPGY
SJMmsU8+HeIHfGEg4jw7UGQvQYzK/adymf4AJkaEbvJJeCesfTw7Bvq/NxhfAGOE
4IsojHN+7cPMJKeg76s108b8kDbagvy+9EF0rMFbLMrj9Dr5379UC5OqAFGi99BX
PoWV/8CXtxmOs0MFxwFMOWONCUq3U/3Gl+3WwtayE75mB4ZSsKpYHK8XOe0PHnIB
UBMtJkcvkr4odIKge45M2jUZfUaUTf+NHodxrO+lMU89ndhgBnNwF1UNvw9J6Z9W
3QnnvhJHTMzfhr/MfwKUztosg6Ay8Brzfb9BdcbOVcPLJdDgwE7YSQoIUHm7JrSR
6zvYYq7TEWo=
-----END CERTIFICATE-----