Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nljobsnijders/W-IMAJK6gZWEHMYOULhP9_ElGmM.roa
File:                     W-IMAJK6gZWEHMYOULhP9_ElGmM.roa (raw, json)
Hash identifier:          HW4MRenjbhn3vr4e6Nx/2er8+/BuCz7rE7yZ4fpwkjY=
Subject key identifier:   5B:E2:0C:00:92:BA:81:95:84:1C:C6:0E:50:B8:4F:F7:F1:25:1A:63
Certificate issuer:       /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
Certificate serial:       026C91
Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/W-IMAJK6gZWEHMYOULhP9_ElGmM.roa
Signing time:             Thu 09 Apr 2026 10:36:49 +0000
ROA not before:           Thu 09 Apr 2026 10:36:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a0e:b240::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 02:58:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 158865 (0x26c91)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
        Validity
            Not Before: Apr  9 10:36:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5BE20C0092BA8195841CC60E50B84FF7F1251A63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:76:76:79:70:72:f2:33:c8:2b:f4:07:fa:e1:
                    13:d4:53:89:69:76:16:86:3b:fe:be:eb:17:3f:15:
                    7f:28:11:6f:45:f3:ea:92:43:6b:55:01:1d:ee:3d:
                    1d:fc:b3:e7:d5:6c:a1:83:11:f3:37:be:eb:34:e4:
                    33:43:a0:12:e9:c2:fc:3c:b9:07:26:aa:bb:76:38:
                    9b:01:25:78:8d:07:44:08:76:e4:05:d9:08:4d:48:
                    40:15:d7:39:b1:09:b7:47:59:dd:07:0f:b4:4a:53:
                    f5:91:4c:43:16:10:ea:03:0a:84:dd:30:2d:53:33:
                    9c:a1:c6:3f:4d:4c:44:70:b2:35:a9:2e:69:fa:a5:
                    2f:49:20:56:a8:e9:3c:e9:9e:48:cd:fc:ab:72:9d:
                    f2:df:96:ae:fc:8b:21:91:04:b4:58:47:12:9c:8b:
                    15:2d:03:c0:6f:fc:a6:d2:92:07:9d:b7:34:60:a4:
                    11:e1:a6:74:7e:19:07:96:55:d5:cd:b7:e1:a2:85:
                    dc:ab:56:5c:90:3f:2f:51:e9:7b:9d:9c:08:76:a3:
                    ff:02:4d:20:63:6a:81:3b:ee:83:4b:a8:b3:4b:95:
                    b8:73:fc:3b:e5:7a:14:68:47:9c:78:df:2a:1a:e8:
                    2e:9b:43:77:b7:8f:8a:e7:4b:8d:be:75:1f:4c:fa:
                    50:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E2:0C:00:92:BA:81:95:84:1C:C6:0E:50:B8:4F:F7:F1:25:1A:63
            X509v3 Authority Key Identifier:
                keyid:CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/W-IMAJK6gZWEHMYOULhP9_ElGmM.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b240::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:a9:5e:77:cc:82:3b:96:e7:53:df:49:9b:76:30:86:ff:69:
         d3:09:96:f5:4d:4f:05:67:c2:f0:cb:d2:23:87:5d:80:3b:69:
         7b:3e:74:3a:64:4b:0c:13:ec:98:f3:46:2c:fa:1f:9a:77:5a:
         83:aa:10:e3:12:92:d0:e4:16:2f:c1:97:ca:4e:48:07:66:be:
         a8:54:9c:f1:61:23:fa:d2:8a:59:2e:16:56:43:14:64:47:76:
         51:68:34:ab:b0:ac:ca:eb:f6:05:9d:2e:20:2e:26:0e:71:47:
         2f:98:02:94:41:85:9f:be:4d:2a:52:fc:e9:27:aa:59:bb:d4:
         38:84:49:25:a9:66:e1:20:01:1a:ba:cb:13:24:6d:5c:f9:0a:
         cf:c9:bd:90:e0:5b:a8:e6:c4:37:51:25:89:d6:91:db:bf:3d:
         74:b7:22:77:f8:12:5e:29:3b:56:dd:62:a7:e7:56:1e:72:e4:
         81:1b:7e:5d:6d:10:31:2c:fc:af:12:06:53:f0:6e:b4:0e:c4:
         5e:cf:00:e7:96:e4:cb:fb:2d:9b:e7:e1:53:e7:35:87:6a:4f:
         a6:67:4e:21:64:5c:81:04:16:36:8f:25:ae:a3:e7:19:8e:b6:
         fe:3e:72:d8:d1:67:5e:4c:10:83:3c:47:cd:af:00:3f:60:e3:
         e1:40:1e:24
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIDAmyRMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNh
YTgwNWRiYWMzNjQ3NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjYwNDA5
MTAzNjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg1QkUyMEMwMDkyQkE4
MTk1ODQxQ0M2MEU1MEI4NEZGN0YxMjUxQTYzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA3nZ2eXBy8jPIK/QH+uET1FOJaXYWhjv+vusXPxV/KBFvRfPq
kkNrVQEd7j0d/LPn1WyhgxHzN77rNOQzQ6AS6cL8PLkHJqq7djibASV4jQdECHbk
BdkITUhAFdc5sQm3R1ndBw+0SlP1kUxDFhDqAwqE3TAtUzOcocY/TUxEcLI1qS5p
+qUvSSBWqOk86Z5Izfyrcp3y35au/IshkQS0WEcSnIsVLQPAb/ym0pIHnbc0YKQR
4aZ0fhkHllXVzbfhooXcq1ZckD8vUel7nZwIdqP/Ak0gY2qBO+6DS6izS5W4c/w7
5XoUaEeceN8qGugum0N3t4+K50uNvnUfTPpQ5wIDAQABo4IBzTCCAckwHQYDVR0O
BBYEFFviDACSuoGVhBzGDlC4T/fxJRpjMB8GA1UdIwQYMBaAFMqoBdusNkdJubEV
WQq27w+XDNvYMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwZAYDVR0fBF0wWzBZ
oFegVYZTcnN5bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpv
YnNuaWpkZXJzL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jZXIw
DgYDVR0PAQH/BAQDAgeAMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5
bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJz
L1ctSU1BSks2Z1pXRUhNWU9VTGhQOV9FbEdtTS5yb2EwIAYIKwYBBQUHAQcBAf8E
ETAPMA0EAgACMAcDBQMqDrJAMA0GCSqGSIb3DQEBCwUAA4IBAQAAqV53zII7ludT
30mbdjCG/2nTCZb1TU8FZ8Lwy9Ijh12AO2l7PnQ6ZEsME+yY80Ys+h+ad1qDqhDj
EpLQ5BYvwZfKTkgHZr6oVJzxYSP60opZLhZWQxRkR3ZRaDSrsKzK6/YFnS4gLiYO
cUcvmAKUQYWfvk0qUvzpJ6pZu9Q4hEklqWbhIAEaussTJG1c+QrPyb2Q4Fuo5sQ3
USWJ1pHbvz10tyJ3+BJeKTtW3WKn51YecuSBG35dbRAxLPyvEgZT8G60DsRezwDn
luTL+y2b5+FT5zWHak+mZ04hZFyBBBY2jyWuo+cZjrb+PnLY0WdeTBCDPEfNrwA/
YOPhQB4k
-----END CERTIFICATE-----