Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/fnenGhPWgCQ7l9nYoFalHKnjcno.roa
File:                     fnenGhPWgCQ7l9nYoFalHKnjcno.roa (raw, json)
Hash identifier:          d7bintgUx486FgNk1wkiN5kvIZfTERxwok6hRE5uM4E=
Subject key identifier:   7E:77:A7:1A:13:D6:80:24:3B:97:D9:D8:A0:56:A5:1C:A9:E3:72:7A
Certificate issuer:       /CN=a65fbcb4ea308a98b09397625e63866383c16dd0
Certificate serial:       018CC727284EDB2C4A2EE18E3F3FCED6E1CA
Authority key identifier: A6:5F:BC:B4:EA:30:8A:98:B0:93:97:62:5E:63:86:63:83:C1:6D:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pl-8tOowipiwk5diXmOGY4PBbdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/fnenGhPWgCQ7l9nYoFalHKnjcno.roa
Signing time:             Mon 01 Jan 2024 22:31:21 +0000
ROA not before:           Mon 01 Jan 2024 22:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38237
IP address blocks:        123.253.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/pl-8tOowipiwk5diXmOGY4PBbdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/pl-8tOowipiwk5diXmOGY4PBbdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pl-8tOowipiwk5diXmOGY4PBbdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:28:4e:db:2c:4a:2e:e1:8e:3f:3f:ce:d6:e1:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65fbcb4ea308a98b09397625e63866383c16dd0
        Validity
            Not Before: Jan  1 22:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e77a71a13d680243b97d9d8a056a51ca9e3727a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ee:7d:d9:64:cc:78:c6:f9:06:13:4f:bb:36:
                    74:bf:a2:a0:c0:59:f2:0b:1b:6b:fd:4e:38:d6:c0:
                    5b:5a:72:d5:dc:e1:65:a6:99:68:12:06:7a:3a:8b:
                    11:bf:58:62:bb:0b:e0:53:35:05:e3:44:49:90:29:
                    f8:bc:0f:6d:27:7b:36:7d:b1:43:e6:c1:c7:70:93:
                    2a:82:d8:8e:af:40:a4:74:e5:9e:fa:fa:d4:28:18:
                    6c:d0:c8:0f:10:98:49:44:a8:9f:74:c6:9d:46:75:
                    d1:08:d1:42:24:a8:71:2f:f3:b3:60:db:bb:9c:83:
                    af:78:a8:9f:5d:43:74:8a:7e:c0:35:b9:f8:5e:59:
                    7d:f7:08:2f:34:0f:de:99:b1:29:1d:34:00:2e:ba:
                    c5:51:ed:50:55:1b:f7:9c:0c:79:ae:d3:f7:b2:36:
                    e4:c3:c1:ce:3e:eb:37:a1:92:92:ae:2d:99:60:0d:
                    01:fb:2f:d3:57:6a:31:0e:3b:13:5b:4b:68:a9:bf:
                    6d:9b:d6:72:9c:6f:0a:08:8f:14:cd:c0:15:28:8b:
                    e4:c3:13:86:e8:ff:7f:c7:aa:22:2e:07:13:ba:d8:
                    79:61:f2:fe:d1:a8:8e:73:6c:b4:31:88:ec:e8:05:
                    1d:27:1d:1f:f7:3d:a1:29:ea:66:c1:fb:fe:2e:86:
                    61:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:77:A7:1A:13:D6:80:24:3B:97:D9:D8:A0:56:A5:1C:A9:E3:72:7A
            X509v3 Authority Key Identifier:
                keyid:A6:5F:BC:B4:EA:30:8A:98:B0:93:97:62:5E:63:86:63:83:C1:6D:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pl-8tOowipiwk5diXmOGY4PBbdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/fnenGhPWgCQ7l9nYoFalHKnjcno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/pl-8tOowipiwk5diXmOGY4PBbdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.253.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:11:3a:e7:fd:5c:f5:2f:cb:4c:af:a8:19:ef:b3:13:bc:e7:
         d2:89:a0:55:2a:a7:e2:b5:44:d7:c4:eb:a6:b0:90:d7:25:19:
         83:90:0d:08:ea:0e:ca:6a:3b:15:97:08:8a:21:3f:8e:1d:06:
         62:df:2d:e6:99:e0:5c:7c:41:ca:fa:c0:6b:cc:e9:c7:29:a5:
         9c:9c:b6:46:ab:e1:93:36:bd:88:de:e9:86:b5:04:08:ed:fd:
         99:a4:f6:85:32:23:d0:0a:a7:63:4c:d9:d1:eb:3e:b1:d1:b4:
         84:15:d7:90:0c:34:b3:3a:6e:79:c0:f3:d1:6c:32:5f:61:aa:
         9a:78:63:63:1f:20:80:ae:f6:d7:78:f3:de:80:84:10:11:bb:
         f1:67:f1:14:83:ae:ee:4d:e1:1b:c6:07:63:d8:48:c4:b3:ee:
         67:62:11:87:4c:c9:4d:9e:7a:93:69:a4:3d:64:07:ca:e2:6b:
         08:8f:bd:a4:b4:7b:18:e4:44:b5:3e:79:99:00:22:a2:ac:f4:
         17:b6:6e:b7:3d:c0:24:91:e8:a2:de:75:44:6e:b0:71:28:00:
         e5:73:a5:95:07:09:6e:28:dd:19:4c:7c:cf:e2:3e:0b:e4:fa:
         7f:a1:73:e3:40:fe:0f:b3:4d:b4:d9:c1:54:96:c2:d4:e1:c7:
         ad:f8:cc:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyhO2yxKLuGOPz/O1uHKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NWZiY2I0ZWEzMDhhOThiMDkzOTc2MjVlNjM4NjYzODNj
MTZkZDAwHhcNMjQwMTAxMjIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTc3YTcxYTEzZDY4MDI0M2I5N2Q5ZDhhMDU2YTUxY2E5ZTM3MjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO592WTMeMb5BhNPuzZ0v6KgwFny
Cxtr/U441sBbWnLV3OFlpploEgZ6OosRv1hiuwvgUzUF40RJkCn4vA9tJ3s2fbFD
5sHHcJMqgtiOr0CkdOWe+vrUKBhs0MgPEJhJRKifdMadRnXRCNFCJKhxL/OzYNu7
nIOveKifXUN0in7ANbn4Xll99wgvNA/embEpHTQALrrFUe1QVRv3nAx5rtP3sjbk
w8HOPus3oZKSri2ZYA0B+y/TV2oxDjsTW0toqb9tm9ZynG8KCI8UzcAVKIvkwxOG
6P9/x6oiLgcTuth5YfL+0aiOc2y0MYjs6AUdJx0f9z2hKepmwfv+LoZhtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH53pxoT1oAkO5fZ2KBWpRyp43J6MB8GA1UdIwQY
MBaAFKZfvLTqMIqYsJOXYl5jhmODwW3QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGwtOHRPb3dpcGl3azVkaVhtT0dZNFBCYmRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9mNzIzMWQtYzU2MS00YWEyLWI4MGUt
NjJkNDJmZTZmZDNjLzEvZm5lbkdoUFdnQ1E3bDluWW9GYWxIS25qY25vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9mNzIzMWQtYzU2MS00YWEyLWI4MGUtNjJkNDJmZTZmZDNj
LzEvcGwtOHRPb3dpcGl3azVkaVhtT0dZNFBCYmRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAe/1oMA0G
CSqGSIb3DQEBCwUAA4IBAQB6ETrn/Vz1L8tMr6gZ77MTvOfSiaBVKqfitUTXxOum
sJDXJRmDkA0I6g7KajsVlwiKIT+OHQZi3y3mmeBcfEHK+sBrzOnHKaWcnLZGq+GT
Nr2I3umGtQQI7f2ZpPaFMiPQCqdjTNnR6z6x0bSEFdeQDDSzOm55wPPRbDJfYaqa
eGNjHyCArvbXePPegIQQEbvxZ/EUg67uTeEbxgdj2EjEs+5nYhGHTMlNnnqTaaQ9
ZAfK4msIj72ktHsY5ES1PnmZACKirPQXtm63PcAkkeii3nVEbrBxKADlc6WVBwlu
KN0ZTHzP4j4L5Pp/oXPjQP4Ps0202cFUlsLU4cet+Mzc
-----END CERTIFICATE-----
Generated at Sun Jun 23 02:26:52 2024 by rpki-client on console-ams.rpki-client.org