Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nljobsnijders/P8oEPQxgHf7SvKfuZmoJTF4Ujqk.roa
File:                     P8oEPQxgHf7SvKfuZmoJTF4Ujqk.roa (raw, json)
Hash identifier:          Z+EGbDhZo+HUOKe3oXGMSCwLz5pGA1fY3FOjQcd/D48=
Subject key identifier:   3F:CA:04:3D:0C:60:1D:FE:D2:BC:A7:EE:66:6A:09:4C:5E:14:8E:A9
Certificate issuer:       /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
Certificate serial:       026A2B
Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/P8oEPQxgHf7SvKfuZmoJTF4Ujqk.roa
Signing time:             Fri 27 Mar 2026 20:45:51 +0000
ROA not before:           Fri 27 Mar 2026 20:45:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15562
IP address blocks:        2001:67c:208c::/48 maxlen: 48
                          2a0e:b240::/48 maxlen: 48
                          2a0e:b240:118::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl
                          rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 15:57:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 158251 (0x26a2b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caa805dbac364749b9b115590ab6ef0f970cdbd8
        Validity
            Not Before: Mar 27 20:45:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3FCA043D0C601DFED2BCA7EE666A094C5E148EA9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:96:1b:1a:49:67:4e:23:55:bf:b0:56:86:a7:
                    7e:ef:50:98:95:1e:16:9b:23:d1:0b:69:92:fa:3b:
                    f3:00:a3:c0:90:d3:6d:a4:d4:18:91:ea:8a:e6:8b:
                    c8:09:70:3c:07:1f:fe:f9:5e:10:7a:f8:a1:36:fb:
                    36:f8:21:85:c7:2b:bb:93:d7:bd:4d:fe:74:89:91:
                    d0:9d:7b:85:d0:a2:a0:66:9b:c2:c9:8c:8a:91:4d:
                    a0:0f:13:85:47:84:ed:19:ae:cb:0b:0b:dd:4f:25:
                    6b:07:5a:d7:47:41:b4:e8:2f:5a:68:e2:59:84:10:
                    8f:49:22:51:c6:6e:25:f9:95:78:ef:43:6b:ac:0d:
                    aa:c2:89:bf:36:8c:63:48:e3:4b:1f:62:68:4e:4f:
                    cd:19:59:dc:2a:e5:e1:e4:c3:a3:cc:1f:f0:e1:5a:
                    ca:2a:79:fb:46:ad:f3:8f:b5:0a:15:80:6a:e9:9c:
                    8d:a5:ce:02:4f:1e:9f:e3:2b:60:f6:af:e8:d0:6d:
                    29:8d:90:55:18:ed:fd:ac:e3:9d:03:5a:58:dd:c4:
                    a4:49:99:05:f9:a8:74:78:cb:46:1d:0d:76:8c:ab:
                    aa:a5:8c:51:ae:d6:d4:f1:59:b3:c3:99:c9:6e:bb:
                    5c:ed:c4:44:2f:1d:ad:dc:a2:33:c1:56:81:45:dd:
                    b5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:CA:04:3D:0C:60:1D:FE:D2:BC:A7:EE:66:6A:09:4C:5E:14:8E:A9
            X509v3 Authority Key Identifier:
                keyid:CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/yqgF26w2R0m5sRVZCrbvD5cM29g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/P8oEPQxgHf7SvKfuZmoJTF4Ujqk.roa

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:208c::/48
                  2a0e:b240::/48
                  2a0e:b240:118::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:85:e4:4e:af:0e:f0:d8:66:b3:39:12:ce:dc:d7:9c:84:7b:
         1a:c3:53:d0:e4:73:4a:87:a6:38:89:c4:f0:56:3d:e4:e2:af:
         04:0f:d0:63:c2:75:94:db:0b:c3:74:36:68:12:2d:0d:ff:cf:
         4c:4f:e0:31:a9:2f:89:af:ec:0b:93:38:13:cc:b7:49:a1:74:
         c3:0c:39:21:23:39:af:c2:61:bc:ba:ab:29:da:43:19:d3:a3:
         f4:37:71:f0:39:3b:b6:fc:5a:73:ec:9e:c5:32:76:fa:f7:14:
         a5:a6:1e:09:00:0b:db:3d:59:70:f4:ef:ba:c2:a1:9f:cf:54:
         74:dc:30:37:f1:4d:64:1f:40:4e:6c:a6:ae:40:e8:73:ea:a2:
         26:fc:a3:3f:40:3e:36:5f:bd:65:9c:64:c1:20:45:14:18:7f:
         47:f6:b5:3a:36:b5:d0:6e:aa:0c:4b:36:c0:b9:11:b4:d7:9a:
         be:a9:2c:8f:c5:ac:fd:5b:22:fa:4e:49:d6:71:d8:30:42:ca:
         e6:b5:52:03:00:81:6d:3c:1f:32:90:bd:e1:d5:1d:b8:15:f4:
         4b:aa:3e:b6:26:6d:62:88:42:ee:39:5f:4c:a0:6c:5d:79:80:
         42:10:0a:93:4d:36:95:0b:0b:6a:3f:19:31:2e:68:34:fc:c8:
         f0:09:60:aa
-----BEGIN CERTIFICATE-----
MIIExjCCA66gAwIBAgIDAmorMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNh
YTgwNWRiYWMzNjQ3NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjYwMzI3
MjA0NTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygzRkNBMDQzRDBDNjAx
REZFRDJCQ0E3RUU2NjZBMDk0QzVFMTQ4RUE5MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAupYbGklnTiNVv7BWhqd+71CYlR4WmyPRC2mS+jvzAKPAkNNt
pNQYkeqK5ovICXA8Bx/++V4QevihNvs2+CGFxyu7k9e9Tf50iZHQnXuF0KKgZpvC
yYyKkU2gDxOFR4TtGa7LCwvdTyVrB1rXR0G06C9aaOJZhBCPSSJRxm4l+ZV470Nr
rA2qwom/NoxjSONLH2JoTk/NGVncKuXh5MOjzB/w4VrKKnn7Rq3zj7UKFYBq6ZyN
pc4CTx6f4ytg9q/o0G0pjZBVGO39rOOdA1pY3cSkSZkF+ah0eMtGHQ12jKuqpYxR
rtbU8Vmzw5nJbrtc7cRELx2t3KIzwVaBRd214wIDAQABo4IB4TCCAd0wHQYDVR0O
BBYEFD/KBD0MYB3+0ryn7mZqCUxeFI6pMB8GA1UdIwQYMBaAFMqoBdusNkdJubEV
WQq27w+XDNvYMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwZAYDVR0fBF0wWzBZ
oFegVYZTcnN5bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpv
YnNuaWpkZXJzL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jcmwwZAYIKwYB
BQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVw
b3NpdG9yeS9ERUZBVUxUL3lxZ0YyNncyUjBtNXNSVlpDcmJ2RDVjTTI5Zy5jZXIw
DgYDVR0PAQH/BAQDAgeAMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5
bmM6Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJz
L1A4b0VQUXhnSGY3U3ZLZnVabW9KVEY0VWpxay5yb2EwNAYIKwYBBQUHAQcBAf8E
JTAjMCEEAgACMBsDBwAgAQZ8IIwDBwAqDrJAAAADBwAqDrJAARgwDQYJKoZIhvcN
AQELBQADggEBAHCF5E6vDvDYZrM5Es7c15yEexrDU9Dkc0qHpjiJxPBWPeTirwQP
0GPCdZTbC8N0NmgSLQ3/z0xP4DGpL4mv7AuTOBPMt0mhdMMMOSEjOa/CYby6qyna
QxnTo/Q3cfA5O7b8WnPsnsUydvr3FKWmHgkAC9s9WXD077rCoZ/PVHTcMDfxTWQf
QE5spq5A6HPqoib8oz9APjZfvWWcZMEgRRQYf0f2tTo2tdBuqgxLNsC5EbTXmr6p
LI/FrP1bIvpOSdZx2DBCyua1UgMAgW08HzKQveHVHbgV9EuqPrYmbWKIQu45X0yg
bF15gEIQCpNNNpULC2o/GTEuaDT8yPAJYKo=
-----END CERTIFICATE-----