Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nljobsnijders/K50pgQSImphHNKd0Lg4zifkaeO8.roa
File:                     K50pgQSImphHNKd0Lg4zifkaeO8.roa (raw, json)
Hash identifier:          g6A5tjXW84ZMd2EypgbUP00UDVLKSdlKoHeuHXY+Ui0=
Subject key identifier:   2B:9D:29:81:04:88:9A:98:47:34:A7:74:2E:0E:33:89:F9:1A:78:EF
Certificate issuer:       /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
Certificate serial:       026C8A
Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/K50pgQSImphHNKd0Lg4zifkaeO8.roa
Signing time:             Thu 09 Apr 2026 10:24:48 +0000
ROA not before:           Thu 09 Apr 2026 10:24:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15562
IP address blocks:        2a0e:b240::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:28:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 158858 (0x26c8a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
        Validity
            Not Before: Apr  9 10:24:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2B9D298104889A984734A7742E0E3389F91A78EF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3e:40:c9:83:16:15:47:4d:de:e9:b9:3e:2f:
                    bb:93:62:c2:93:bf:f3:2f:12:a0:6c:79:ba:77:7c:
                    92:cc:88:73:39:03:ea:2b:b3:41:94:dc:08:5f:0e:
                    f8:84:f6:0e:cc:a8:70:ee:4b:5b:c2:f0:45:4e:dc:
                    59:3a:56:dd:03:76:26:90:c8:a7:f9:ae:36:6f:8a:
                    cd:fa:35:8c:24:15:72:45:88:52:fa:ea:f0:6a:85:
                    d5:07:ab:72:44:0a:ed:3d:41:15:4f:79:79:f0:69:
                    09:bd:14:b3:a5:61:69:54:f0:a8:c4:52:de:0f:13:
                    ce:34:b7:3b:70:c7:db:9e:bb:64:11:cf:4b:7d:90:
                    39:57:91:41:3f:45:d3:52:3c:dc:3f:0e:c6:e4:21:
                    a8:a4:07:ed:2e:90:2d:1d:f8:1e:45:22:22:bf:e1:
                    2b:c5:85:3b:f6:ae:4c:f2:9e:08:b9:41:ff:93:56:
                    c7:f6:2d:f3:bb:79:b4:ff:e2:92:26:b4:f8:62:ab:
                    c8:ea:09:3a:6f:8b:19:fa:4b:8a:6c:fe:48:99:68:
                    38:be:e9:3e:e7:f6:bb:61:22:a1:5e:fb:1a:2b:92:
                    1d:3e:43:ad:a2:15:41:92:62:1a:c9:84:aa:c7:20:
                    ca:db:48:e5:bd:d8:f5:35:f1:aa:58:de:c8:41:b0:
                    45:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:9D:29:81:04:88:9A:98:47:34:A7:74:2E:0E:33:89:F9:1A:78:EF
            X509v3 Authority Key Identifier:
                keyid:CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/K50pgQSImphHNKd0Lg4zifkaeO8.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b240::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:7e:63:7d:57:a4:9c:0a:5f:f5:a5:03:e1:f2:14:ff:d7:24:
         51:49:0e:e9:8b:e9:37:39:b9:ff:80:ba:8b:ac:59:0a:fc:4b:
         31:e8:df:4f:9f:88:42:ec:f6:5b:c6:bd:e9:7f:91:65:04:4b:
         0c:ac:d1:60:36:52:56:8d:15:05:0a:34:ac:0f:e3:7d:31:ce:
         fe:f2:51:55:90:ff:02:0e:65:b2:bc:d9:47:0c:66:bc:3d:9f:
         31:80:41:90:a7:cf:6d:34:d3:8d:38:94:07:1f:a6:68:a2:de:
         67:a5:0e:78:8d:a9:7a:f6:89:7e:7c:a0:f9:ae:eb:dc:41:da:
         20:94:92:4a:b5:d6:0c:54:cb:5c:2b:68:da:f1:fe:78:dc:2c:
         ee:7f:da:8e:10:bc:76:d3:fb:a5:03:da:39:00:4d:fe:05:a1:
         06:3e:b6:48:c6:78:da:54:3e:d6:b0:4e:b3:e9:85:ae:99:12:
         45:c6:2a:40:ef:87:a0:d0:de:a9:bb:89:f5:ad:86:cd:1c:f3:
         f6:c5:85:c0:6e:87:c3:ad:56:e8:15:cf:78:5e:8b:62:5e:82:
         cf:ac:73:a0:cc:18:e1:f2:3d:0a:22:0b:71:ac:ce:f9:48:a1:
         f2:ac:63:ff:85:b8:e9:c7:68:67:b7:8c:ba:93:00:fe:c4:61:
         22:3e:ad:c5
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIDAmyKMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNh
YTgwNWRiYWMzNjQ3NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjYwNDA5
MTAyNDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygyQjlEMjk4MTA0ODg5
QTk4NDczNEE3NzQyRTBFMzM4OUY5MUE3OEVGMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAtj5AyYMWFUdN3um5Pi+7k2LCk7/zLxKgbHm6d3ySzIhzOQPq
K7NBlNwIXw74hPYOzKhw7ktbwvBFTtxZOlbdA3YmkMin+a42b4rN+jWMJBVyRYhS
+urwaoXVB6tyRArtPUEVT3l58GkJvRSzpWFpVPCoxFLeDxPONLc7cMfbnrtkEc9L
fZA5V5FBP0XTUjzcPw7G5CGopAftLpAtHfgeRSIiv+ErxYU79q5M8p4IuUH/k1bH
9i3zu3m0/+KSJrT4YqvI6gk6b4sZ+kuKbP5ImWg4vuk+5/a7YSKhXvsaK5IdPkOt
ohVBkmIayYSqxyDK20jlvdj1NfGqWN7IQbBFdwIDAQABo4IBzzCCAcswHQYDVR0O
BBYEFCudKYEEiJqYRzSndC4OM4n5GnjvMB8GA1UdIwQYMBaAFMqoBdusNkdJubEV
WQq27w+XDNvYMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwZAYDVR0fBF0wWzBZ
oFegVYZTcnN5bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpv
YnNuaWpkZXJzL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jZXIw
DgYDVR0PAQH/BAQDAgeAMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5
bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJz
L0s1MHBnUVNJbXBoSE5LZDBMZzR6aWZrYWVPOC5yb2EwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAqDrJAAAAwDQYJKoZIhvcNAQELBQADggEBAGR+Y31XpJwK
X/WlA+HyFP/XJFFJDumL6Tc5uf+AuousWQr8SzHo30+fiELs9lvGvel/kWUESwys
0WA2UlaNFQUKNKwP430xzv7yUVWQ/wIOZbK82UcMZrw9nzGAQZCnz2000404lAcf
pmii3melDniNqXr2iX58oPmu69xB2iCUkkq11gxUy1wraNrx/njcLO5/2o4QvHbT
+6UD2jkATf4FoQY+tkjGeNpUPtawTrPpha6ZEkXGKkDvh6DQ3qm7ifWths0c8/bF
hcBuh8OtVugVz3hei2Jegs+sc6DMGOHyPQoiC3GszvlIofKsY/+FuOnHaGe3jLqT
AP7EYSI+rcU=
-----END CERTIFICATE-----