Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nljobsnijders/76ulW5E_Ouq5QH7w6qX0alj5iCI.roa
File:                     76ulW5E_Ouq5QH7w6qX0alj5iCI.roa (raw, json)
Hash identifier:          d1qGMKtUsjUMEDWDnRPl3zPlpudm8N/87VkBLfd43PE=
Subject key identifier:   EF:AB:A5:5B:91:3F:3A:EA:B9:40:7E:F0:EA:A5:F4:6A:58:F9:88:22
Certificate issuer:       /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
Certificate serial:       026C94
Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/76ulW5E_Ouq5QH7w6qX0alj5iCI.roa
Signing time:             Thu 09 Apr 2026 10:37:43 +0000
ROA not before:           Thu 09 Apr 2026 10:37:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206238
IP address blocks:        45.138.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 10:28:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 158868 (0x26c94)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
        Validity
            Not Before: Apr  9 10:37:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=EFABA55B913F3AEAB9407EF0EAA5F46A58F98822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:22:67:5b:a9:91:5b:11:20:65:cd:54:33:32:
                    c2:33:2a:f2:b9:59:0d:91:15:16:4d:e3:ab:3e:9a:
                    8c:91:3e:e8:90:e3:34:dd:19:06:52:33:ac:ef:a9:
                    8c:09:97:45:77:84:03:3b:6b:76:de:f2:74:0a:99:
                    85:d6:f4:3c:f4:a1:61:e6:80:26:8b:cc:1d:cb:63:
                    18:0c:7c:1d:9a:74:04:d0:6d:de:37:94:10:c9:01:
                    c3:92:95:77:e8:d6:11:e0:3f:07:84:70:d0:94:7d:
                    70:44:1d:55:0b:f7:94:40:63:e5:46:4e:95:fa:48:
                    dc:37:6a:97:6c:fe:a6:e5:25:0b:ed:ec:de:34:a2:
                    2c:69:22:94:9a:5f:bb:5e:74:94:d9:7a:c3:48:7c:
                    e9:40:89:7e:70:6f:e3:43:cf:eb:fb:f6:2a:16:f6:
                    19:39:3c:15:56:4f:23:d9:07:ca:e2:f6:13:fc:e6:
                    02:a3:f0:ee:a0:fb:3a:67:4b:27:15:1f:15:27:4b:
                    8f:55:6c:de:39:b9:01:71:0d:44:2e:fe:5e:dd:23:
                    14:87:79:2d:94:ee:96:18:02:0b:cb:70:cc:7e:08:
                    5b:4f:50:e0:35:26:b5:c5:7e:ba:16:12:b2:b1:a7:
                    e5:0f:86:1b:11:ad:79:41:ec:48:c9:36:3d:01:c4:
                    5f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:AB:A5:5B:91:3F:3A:EA:B9:40:7E:F0:EA:A5:F4:6A:58:F9:88:22
            X509v3 Authority Key Identifier:
                keyid:CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/76ulW5E_Ouq5QH7w6qX0alj5iCI.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:b3:11:f2:1e:0b:a4:da:27:33:6b:c9:5b:a8:5a:67:4b:4b:
         a2:1d:ee:ce:21:e5:72:09:8b:af:32:6c:d0:c0:18:b2:14:26:
         3e:8c:6f:24:48:de:d2:c8:58:e9:23:65:73:69:eb:ab:2f:0b:
         b6:a4:4b:c9:b1:18:e8:d2:9e:3b:35:b1:cc:36:e2:c0:84:f6:
         32:7e:cf:f2:6c:de:e3:b4:05:47:72:25:39:b0:db:a7:39:68:
         eb:af:af:c9:a4:b1:e5:1f:53:55:62:26:01:cc:0a:f7:aa:fc:
         03:f6:fc:4a:7b:61:a5:4f:72:c7:0c:fe:c4:56:83:64:e1:85:
         6e:80:2e:c3:49:4f:19:e0:e4:f9:77:ff:26:b7:88:ba:62:92:
         38:40:68:b8:0d:dd:a9:bb:12:0c:3b:f8:82:d3:42:20:5c:be:
         2a:c6:44:35:51:d1:05:3d:d6:6f:34:e8:5c:63:4a:08:90:c1:
         f2:6d:76:66:c7:d1:e8:bb:cf:80:6f:ce:42:49:30:bd:17:5b:
         8c:bb:32:54:a9:8e:a7:8d:e0:b2:eb:79:ca:4c:f3:f9:e9:3d:
         dc:b5:a6:e0:49:1c:eb:f6:b8:8e:af:26:64:93:dc:ea:4d:ee:
         8f:47:27:b8:eb:3b:18:91:62:f9:d6:d6:ee:79:74:46:bc:38:
         d9:82:0a:54
-----BEGIN CERTIFICATE-----
MIIEsTCCA5mgAwIBAgIDAmyUMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNh
YTgwNWRiYWMzNjQ3NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjYwNDA5
MTAzNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhFRkFCQTU1QjkxM0Yz
QUVBQjk0MDdFRjBFQUE1RjQ2QTU4Rjk4ODIyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA/iJnW6mRWxEgZc1UMzLCMyryuVkNkRUWTeOrPpqMkT7okOM0
3RkGUjOs76mMCZdFd4QDO2t23vJ0CpmF1vQ89KFh5oAmi8wdy2MYDHwdmnQE0G3e
N5QQyQHDkpV36NYR4D8HhHDQlH1wRB1VC/eUQGPlRk6V+kjcN2qXbP6m5SUL7eze
NKIsaSKUml+7XnSU2XrDSHzpQIl+cG/jQ8/r+/YqFvYZOTwVVk8j2QfK4vYT/OYC
o/DuoPs6Z0snFR8VJ0uPVWzeObkBcQ1ELv5e3SMUh3ktlO6WGAILy3DMfghbT1Dg
NSa1xX66FhKysaflD4YbEa15QexIyTY9AcRfUQIDAQABo4IBzDCCAcgwHQYDVR0O
BBYEFO+rpVuRPzrquUB+8Oql9GpY+YgiMB8GA1UdIwQYMBaAFMqoBdusNkdJubEV
WQq27w+XDNvYMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwZAYDVR0fBF0wWzBZ
oFegVYZTcnN5bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpv
YnNuaWpkZXJzL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jZXIw
DgYDVR0PAQH/BAQDAgeAMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5
bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJz
Lzc2dWxXNUVfT3VxNVFIN3c2cVgwYWxqNWlDSS5yb2EwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAItiuQwDQYJKoZIhvcNAQELBQADggEBAEazEfIeC6TaJzNr
yVuoWmdLS6Id7s4h5XIJi68ybNDAGLIUJj6MbyRI3tLIWOkjZXNp66svC7akS8mx
GOjSnjs1scw24sCE9jJ+z/Js3uO0BUdyJTmw26c5aOuvr8mkseUfU1ViJgHMCveq
/AP2/Ep7YaVPcscM/sRWg2ThhW6ALsNJTxng5Pl3/ya3iLpikjhAaLgN3am7Egw7
+ILTQiBcvirGRDVR0QU91m806FxjSgiQwfJtdmbH0ei7z4BvzkJJML0XW4y7MlSp
jqeN4LLrecpM8/npPdy1puBJHOv2uI6vJmST3OpN7o9HJ7jrOxiRYvnW1u55dEa8
ONmCClQ=
-----END CERTIFICATE-----