Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Lux2Y507FWtuyxWKauweHhI6uV0.roa
File:                     Lux2Y507FWtuyxWKauweHhI6uV0.roa (raw, json)
Hash identifier:          EnXPIx0nJC/LJdxUBTcS7NwlndH42zsDKAKMmKZ1hZc=
Subject key identifier:   2E:EC:76:63:9D:3B:15:6B:6E:CB:15:8A:6A:EC:1E:1E:12:3A:B9:5D
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EEB56AB38C9D183C66F359F80B8C0
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Lux2Y507FWtuyxWKauweHhI6uV0.roa
Signing time:             Mon 01 Jan 2024 14:30:29 +0000
ROA not before:           Mon 01 Jan 2024 14:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34754
IP address blocks:        78.142.44.0/23 maxlen: 24
                          78.142.48.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:eb:56:ab:38:c9:d1:83:c6:6f:35:9f:80:b8:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2eec76639d3b156b6ecb158a6aec1e1e123ab95d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:78:38:70:e2:62:a8:90:67:b3:c9:aa:7a:29:
                    6a:15:17:49:ed:e0:62:75:ca:90:c0:11:48:2b:55:
                    50:4f:98:29:32:00:ea:8a:21:d6:94:0a:97:83:ed:
                    64:a4:67:c0:29:26:02:23:c2:82:54:6b:65:2c:99:
                    ef:67:24:b5:9d:e5:23:cf:64:77:49:fe:ad:53:52:
                    48:09:cd:16:28:fc:d5:48:f0:42:74:43:f0:22:98:
                    02:4f:9d:5b:a6:f2:54:4b:d8:b0:b0:c0:87:fb:0e:
                    ae:fe:22:16:d1:2f:12:23:d6:1f:6e:3f:19:d0:5b:
                    33:f2:8f:70:93:8f:ec:44:6e:28:fa:ad:5c:f5:dd:
                    ad:ff:35:2e:28:eb:0c:7a:e2:92:3f:c4:50:e8:43:
                    40:05:79:53:f4:16:ec:78:79:43:1e:b5:63:41:6a:
                    01:8b:87:01:21:dd:ad:05:12:36:15:c9:cf:d5:9e:
                    e9:41:61:71:5c:a8:1e:1f:29:e9:82:63:17:2a:93:
                    2c:c5:76:ee:95:03:ef:44:68:ed:16:5f:22:f2:42:
                    bb:cc:70:62:4a:d4:b9:79:57:f6:69:a5:b8:1b:c2:
                    11:33:04:31:20:f4:8f:dd:63:5b:54:1d:e3:4d:9f:
                    97:e8:a1:54:34:73:53:de:69:1b:d2:94:f5:c1:ef:
                    ce:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:EC:76:63:9D:3B:15:6B:6E:CB:15:8A:6A:EC:1E:1E:12:3A:B9:5D
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Lux2Y507FWtuyxWKauweHhI6uV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.44.0/23
                  78.142.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:14:4d:0c:1b:02:03:22:7a:f8:4d:18:d8:33:23:a9:1c:59:
         3c:eb:eb:07:63:bb:58:c1:44:a4:c5:5a:37:21:fd:c0:0a:01:
         50:ad:ad:16:b6:77:c4:6a:98:bd:cb:c1:bf:51:a0:8a:92:6d:
         9d:34:e7:9f:45:d9:56:f4:58:18:1d:9e:e7:fb:e2:d2:1d:18:
         9f:ff:ca:19:5f:1e:d3:de:77:ff:9a:85:a4:1c:46:1b:b0:be:
         78:f4:51:41:65:c0:68:31:d1:22:e5:fd:ad:bb:28:e2:2b:26:
         0f:b8:78:7e:6a:5d:37:9c:f9:67:fc:c4:48:71:05:d6:41:00:
         63:aa:71:9b:77:54:72:f2:91:4e:21:5f:66:1b:38:f3:e6:af:
         a3:fa:43:f5:40:b2:71:54:20:e9:b7:ee:a6:3e:48:4b:1e:d8:
         b5:18:40:7e:73:9c:2f:17:5e:67:68:8b:8a:bf:23:cd:da:6a:
         a4:fd:5a:0a:9d:7c:8d:cf:c6:bb:5a:ea:3e:67:75:93:85:6f:
         65:eb:3e:70:69:e6:34:f0:c6:3c:a9:fa:ca:26:d9:15:d4:11:
         33:1f:18:05:c9:99:4a:51:51:f5:aa:65:45:39:9e:20:89:23:
         04:58:7d:bf:c5:e3:8a:fb:8d:f7:23:55:41:bb:36:2d:2e:dd:
         3c:9c:22:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbutWqzjJ0YPGbzWfgLjAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWVjNzY2MzlkM2IxNTZiNmVjYjE1OGE2YWVjMWUxZTEyM2FiOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHg4cOJiqJBns8mqeilqFRdJ7eBi
dcqQwBFIK1VQT5gpMgDqiiHWlAqXg+1kpGfAKSYCI8KCVGtlLJnvZyS1neUjz2R3
Sf6tU1JICc0WKPzVSPBCdEPwIpgCT51bpvJUS9iwsMCH+w6u/iIW0S8SI9Yfbj8Z
0Fsz8o9wk4/sRG4o+q1c9d2t/zUuKOsMeuKSP8RQ6ENABXlT9BbseHlDHrVjQWoB
i4cBId2tBRI2FcnP1Z7pQWFxXKgeHynpgmMXKpMsxXbulQPvRGjtFl8i8kK7zHBi
StS5eVf2aaW4G8IRMwQxIPSP3WNbVB3jTZ+X6KFUNHNT3mkb0pT1we/OoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC7sdmOdOxVrbssVimrsHh4SOrldMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvTHV4Mlk1MDdGV3R1eXhXS2F1d2VIaEk2dVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBTo4sAwQB
To4wMA0GCSqGSIb3DQEBCwUAA4IBAQBWFE0MGwIDInr4TRjYMyOpHFk86+sHY7tY
wUSkxVo3If3ACgFQra0WtnfEapi9y8G/UaCKkm2dNOefRdlW9FgYHZ7n++LSHRif
/8oZXx7T3nf/moWkHEYbsL549FFBZcBoMdEi5f2tuyjiKyYPuHh+al03nPln/MRI
cQXWQQBjqnGbd1Ry8pFOIV9mGzjz5q+j+kP1QLJxVCDpt+6mPkhLHti1GEB+c5wv
F15naIuKvyPN2mqk/VoKnXyNz8a7Wuo+Z3WThW9l6z5waeY08MY8qfrKJtkV1BEz
HxgFyZlKUVH1qmVFOZ4giSMEWH2/xeOK+433I1VBuzYtLt08nCJj
-----END CERTIFICATE-----