Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/luxlDaP5S8ObPuSdfGG5jYy9i5M.roa
File:                     luxlDaP5S8ObPuSdfGG5jYy9i5M.roa (raw, json)
Hash identifier:          77j6FmpQDyTfoFeeOD1e16nzr03VwpDOQuhMjxPM3Tg=
Subject key identifier:   96:EC:65:0D:A3:F9:4B:C3:9B:3E:E4:9D:7C:61:B9:8D:8C:BD:8B:93
Certificate issuer:       /CN=a1d71853324eb060fbafc988233860499c96c53a
Certificate serial:       01979D98C207F56316AF20EA8A5D2E30F52A
Authority key identifier: A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/luxlDaP5S8ObPuSdfGG5jYy9i5M.roa
Signing time:             Mon 23 Jun 2025 16:22:03 +0000
ROA not before:           Mon 23 Jun 2025 16:22:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20001
IP address blocks:        45.148.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 15:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9d:98:c2:07:f5:63:16:af:20:ea:8a:5d:2e:30:f5:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d71853324eb060fbafc988233860499c96c53a
        Validity
            Not Before: Jun 23 16:22:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96ec650da3f94bc39b3ee49d7c61b98d8cbd8b93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ab:17:31:43:ac:d0:8c:22:e9:ed:0a:fd:a6:
                    57:41:f5:48:08:0a:8a:ce:b9:b7:87:3d:34:31:fe:
                    d3:4c:d8:f3:20:a7:8b:7c:6d:51:94:d1:c8:70:8d:
                    cc:39:92:10:d0:61:b0:4d:c6:c2:40:51:2d:e7:d7:
                    1c:47:64:e9:21:46:48:77:b1:a3:09:79:be:59:d8:
                    56:eb:53:83:62:25:98:fc:32:cf:49:dd:30:89:98:
                    3f:1e:16:f5:e2:e6:63:3a:9f:22:17:86:a8:7d:59:
                    f6:07:3a:0a:a4:59:f8:8f:f3:c4:d3:6f:75:c8:c2:
                    6b:48:00:40:33:37:0d:58:5f:f1:b1:ec:45:6b:8c:
                    23:c5:a3:95:87:34:8d:60:84:6a:af:b4:3a:24:7e:
                    2e:b2:f4:21:75:7c:c7:2d:69:0f:79:a5:68:99:37:
                    b2:55:a2:36:91:0e:29:ad:a6:0b:e3:22:b5:3a:c1:
                    de:b3:a1:fb:79:01:ce:51:3f:33:b8:f1:cf:aa:b5:
                    14:28:7e:21:4e:03:a0:1e:e1:44:0e:a7:54:02:0c:
                    1d:10:83:28:34:0b:04:74:fe:69:79:8b:aa:7b:58:
                    6b:e1:bc:43:1a:ac:dc:c3:37:5c:8d:30:77:59:7b:
                    50:0a:7d:76:23:f7:ef:d5:84:80:ef:95:b6:6e:b6:
                    3e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:EC:65:0D:A3:F9:4B:C3:9B:3E:E4:9D:7C:61:B9:8D:8C:BD:8B:93
            X509v3 Authority Key Identifier:
                keyid:A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/luxlDaP5S8ObPuSdfGG5jYy9i5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:d9:87:60:3f:bf:ea:ab:3d:43:d4:e3:09:d3:f4:85:be:3d:
         46:39:0a:35:3e:ec:4d:46:f4:bb:9f:d3:f6:59:24:76:73:5e:
         4d:dd:56:04:ea:9c:30:60:60:39:9a:11:c4:52:42:a7:aa:ad:
         97:4d:b7:a3:e5:58:2a:e4:8c:be:7b:8b:6f:e6:98:c6:aa:3c:
         00:5d:fa:47:bc:3c:b6:7d:99:98:f1:ae:e6:eb:eb:40:c2:f6:
         da:ee:ee:41:1e:7c:82:59:9e:0a:54:91:44:2b:3e:09:e5:d6:
         b0:b4:ca:33:2c:df:06:06:72:d8:9f:3d:1b:a3:16:64:c6:73:
         83:a6:8f:15:6f:4f:5c:52:9d:26:de:4c:01:7c:6f:51:3c:ba:
         ba:f7:1e:f5:e0:27:2c:64:62:e7:66:f2:71:12:08:67:11:ac:
         77:7b:8a:5b:52:d3:fd:13:e5:91:97:3d:c9:ca:6f:2a:27:9b:
         17:cc:fe:7f:54:4c:0b:74:65:bb:ea:b9:f8:62:ad:d1:c7:8f:
         42:c6:2a:59:e8:d4:3e:4b:7e:15:c4:fe:0e:b3:68:aa:fa:c5:
         23:e5:9c:4a:f0:26:99:fe:5c:42:0d:2a:c5:fe:91:de:c1:5d:
         e2:f1:de:ea:e5:e7:69:2b:69:28:99:c8:0f:64:68:aa:cf:90:
         df:e6:33:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZedmMIH9WMWryDqil0uMPUqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDcxODUzMzI0ZWIwNjBmYmFmYzk4ODIzMzg2MDQ5OWM5
NmM1M2EwHhcNMjUwNjIzMTYyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmVjNjUwZGEzZjk0YmMzOWIzZWU0OWQ3YzYxYjk4ZDhjYmQ4YjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1asXMUOs0Iwi6e0K/aZXQfVICAqK
zrm3hz00Mf7TTNjzIKeLfG1RlNHIcI3MOZIQ0GGwTcbCQFEt59ccR2TpIUZId7Gj
CXm+WdhW61ODYiWY/DLPSd0wiZg/Hhb14uZjOp8iF4aofVn2BzoKpFn4j/PE0291
yMJrSABAMzcNWF/xsexFa4wjxaOVhzSNYIRqr7Q6JH4usvQhdXzHLWkPeaVomTey
VaI2kQ4praYL4yK1OsHes6H7eQHOUT8zuPHPqrUUKH4hTgOgHuFEDqdUAgwdEIMo
NAsEdP5peYuqe1hr4bxDGqzcwzdcjTB3WXtQCn12I/fv1YSA75W2brY+qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbsZQ2j+UvDmz7knXxhuY2MvYuTMB8GA1UdIwQY
MBaAFKHXGFMyTrBg+6/JiCM4YEmclsU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUt
NzA2MTM1NmJlZjFiLzEvbHV4bERhUDVTOE9iUHVTZGZHRzVqWXk5aTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUtNzA2MTM1NmJlZjFi
LzEvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZSHMA0G
CSqGSIb3DQEBCwUAA4IBAQC32YdgP7/qqz1D1OMJ0/SFvj1GOQo1PuxNRvS7n9P2
WSR2c15N3VYE6pwwYGA5mhHEUkKnqq2XTbej5Vgq5Iy+e4tv5pjGqjwAXfpHvDy2
fZmY8a7m6+tAwvba7u5BHnyCWZ4KVJFEKz4J5dawtMozLN8GBnLYnz0boxZkxnOD
po8Vb09cUp0m3kwBfG9RPLq69x714CcsZGLnZvJxEghnEax3e4pbUtP9E+WRlz3J
ym8qJ5sXzP5/VEwLdGW76rn4Yq3Rx49CxipZ6NQ+S34VxP4Os2iq+sUj5ZxK8CaZ
/lxCDSrF/pHewV3i8d7q5edpK2komcgPZGiqz5Df5jMG
-----END CERTIFICATE-----