Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nljobsnijders/cr114rq1dvV_dmNbCgm_LXj6xuw.roa
File:                     cr114rq1dvV_dmNbCgm_LXj6xuw.roa (raw, json)
Hash identifier:          IBttgiHBF/xEY/rMd/XWkktJNAoKMfPI5Bw4pFPcJa0=
Subject key identifier:   72:BD:75:E2:BA:B5:76:F5:7F:76:63:5B:0A:09:BF:2D:78:FA:C6:EC
Certificate issuer:       /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
Certificate serial:       026C8B
Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/cr114rq1dvV_dmNbCgm_LXj6xuw.roa
Signing time:             Thu 09 Apr 2026 10:24:48 +0000
ROA not before:           Thu 09 Apr 2026 10:24:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15562
IP address blocks:        2001:67c:208c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:28:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 158859 (0x26c8b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
        Validity
            Not Before: Apr  9 10:24:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72BD75E2BAB576F57F76635B0A09BF2D78FAC6EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:1e:34:ea:20:2a:50:d6:ba:89:36:66:9f:26:
                    45:72:f6:42:86:b0:fd:42:f3:21:d5:10:f7:9d:c2:
                    0b:1c:0c:1b:65:45:dc:0d:d8:54:06:3f:f2:96:b8:
                    76:d0:d5:e0:f5:d2:58:58:11:df:32:20:64:92:13:
                    10:f5:19:6a:76:4d:30:e8:53:af:86:b2:43:77:a0:
                    1f:a3:df:3b:29:aa:33:6f:02:79:52:0a:b0:cf:b5:
                    81:20:4b:b3:a7:61:e9:0f:fc:d3:63:55:07:33:50:
                    32:cc:e6:6b:87:4f:dd:48:e7:d9:56:35:91:9e:21:
                    86:33:3c:52:52:d6:28:51:cc:b2:7f:8d:e1:c5:72:
                    32:84:52:0f:a7:b9:59:fc:e5:72:bd:cd:10:14:e9:
                    e2:49:ce:d3:bf:29:4a:11:b1:6a:14:f8:8e:c5:c6:
                    75:bb:07:64:92:6a:65:15:10:ea:2b:fd:58:25:8c:
                    f0:08:e2:ac:a4:59:28:44:5e:05:12:0e:eb:9d:a6:
                    21:a6:54:11:cc:21:53:e7:28:bc:9d:39:0f:3f:bc:
                    7e:97:13:00:56:b2:2f:3a:21:ad:88:d0:23:ba:c5:
                    8b:68:3f:91:74:57:ae:2a:fb:7a:45:97:3e:35:a5:
                    64:22:f8:b9:4f:cb:f1:5d:43:3e:05:00:cd:48:ca:
                    03:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:BD:75:E2:BA:B5:76:F5:7F:76:63:5B:0A:09:BF:2D:78:FA:C6:EC
            X509v3 Authority Key Identifier:
                keyid:CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/cr114rq1dvV_dmNbCgm_LXj6xuw.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:208c::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:e8:fd:40:09:dc:7c:72:b1:cd:0d:ef:bd:e1:64:b7:4a:df:
         6e:51:4d:92:1b:5f:df:c4:72:8f:d5:eb:63:66:d4:dc:e9:2b:
         26:7c:bb:7c:30:63:0a:5d:90:a4:de:d8:c5:4a:fd:9e:84:28:
         c2:f1:91:86:76:09:c6:17:51:7a:8e:70:ff:ed:b1:69:5f:95:
         03:39:ec:4b:a8:32:80:19:3b:cc:d8:0a:5e:f6:de:d2:9f:c5:
         50:b6:55:66:d9:77:3f:f6:c3:9a:3d:a4:21:29:8c:15:da:b8:
         27:ae:83:dc:9f:77:f4:a3:cb:c8:97:d6:66:0f:1e:99:aa:14:
         84:35:59:09:65:1e:a0:19:2f:c1:e2:fd:ce:96:63:fc:81:cf:
         d3:b3:15:17:0a:ae:6b:7d:4b:82:70:ff:10:93:39:4a:11:7f:
         6a:0e:44:fe:bd:f0:37:db:10:87:1c:14:e8:8b:29:67:de:a2:
         d4:68:27:5b:c5:79:61:61:61:6b:a2:4b:b7:e1:f7:b1:62:1c:
         7b:07:4d:a9:bb:d8:d3:70:65:c7:0d:bf:da:de:2c:6f:7b:24:
         0c:1a:24:28:5e:d2:35:e8:aa:de:35:26:66:af:f7:31:db:7a:
         f8:e5:3d:e0:3c:4b:b2:13:20:8a:e7:cc:c9:dc:14:1a:6c:01:
         96:fa:45:ea
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIDAmyLMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNh
YTgwNWRiYWMzNjQ3NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjYwNDA5
MTAyNDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg3MkJENzVFMkJBQjU3
NkY1N0Y3NjYzNUIwQTA5QkYyRDc4RkFDNkVDMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA3x406iAqUNa6iTZmnyZFcvZChrD9QvMh1RD3ncILHAwbZUXc
DdhUBj/ylrh20NXg9dJYWBHfMiBkkhMQ9Rlqdk0w6FOvhrJDd6Afo987KaozbwJ5
Ugqwz7WBIEuzp2HpD/zTY1UHM1AyzOZrh0/dSOfZVjWRniGGMzxSUtYoUcyyf43h
xXIyhFIPp7lZ/OVyvc0QFOniSc7TvylKEbFqFPiOxcZ1uwdkkmplFRDqK/1YJYzw
COKspFkoRF4FEg7rnaYhplQRzCFT5yi8nTkPP7x+lxMAVrIvOiGtiNAjusWLaD+R
dFeuKvt6RZc+NaVkIvi5T8vxXUM+BQDNSMoDLwIDAQABo4IBzzCCAcswHQYDVR0O
BBYEFHK9deK6tXb1f3ZjWwoJvy14+sbsMB8GA1UdIwQYMBaAFMqoBdusNkdJubEV
WQq27w+XDNvYMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwZAYDVR0fBF0wWzBZ
oFegVYZTcnN5bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpv
YnNuaWpkZXJzL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jZXIw
DgYDVR0PAQH/BAQDAgeAMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5
bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJz
L2NyMTE0cnExZHZWX2RtTmJDZ21fTFhqNnh1dy5yb2EwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAgAQZ8IIwwDQYJKoZIhvcNAQELBQADggEBAHLo/UAJ3Hxy
sc0N773hZLdK325RTZIbX9/Eco/V62Nm1NzpKyZ8u3wwYwpdkKTe2MVK/Z6EKMLx
kYZ2CcYXUXqOcP/tsWlflQM57EuoMoAZO8zYCl723tKfxVC2VWbZdz/2w5o9pCEp
jBXauCeug9yfd/Sjy8iX1mYPHpmqFIQ1WQllHqAZL8Hi/c6WY/yBz9OzFRcKrmt9
S4Jw/xCTOUoRf2oORP698DfbEIccFOiLKWfeotRoJ1vFeWFhYWuiS7fh97FiHHsH
Tam72NNwZccNv9reLG97JAwaJChe0jXoqt41Jmav9zHbevjlPeA8S7ITIIrnzMnc
FBpsAZb6Reo=
-----END CERTIFICATE-----