Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/5/3138352e3135352e37352e302f32342d3234203d3e20343031313131.roa
File:                     3138352e3135352e37352e302f32342d3234203d3e20343031313131.roa (raw, json)
Hash identifier:          Efjt6mMFZZ+K6rN7AgExbAi47sCBvKRdu7hcGnh8/9c=
Subject key identifier:   34:9B:B9:79:44:FE:E0:9A:4C:93:F3:E5:42:D4:F5:9B:9E:DA:D6:ED
Certificate issuer:       /CN=A5B1E05036940FBC80C2944856DC1168E62E2364
Certificate serial:       55C7004D96DFDF374F6D2FFD410468247BBA395B
Authority key identifier: A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64
Authority info access:    rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
Subject info access:      rsync://dev.tw/rpki/AS945/5/3138352e3135352e37352e302f32342d3234203d3e20343031313131.roa
Signing time:             Fri 11 Oct 2024 10:04:29 +0000
ROA not before:           Fri 11 Oct 2024 09:59:29 +0000
ROA not after:            Fri 10 Oct 2025 10:04:29 +0000
asID:                     401111
IP address blocks:        185.155.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl
                          rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.mft
                          rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:34:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:c7:00:4d:96:df:df:37:4f:6d:2f:fd:41:04:68:24:7b:ba:39:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A5B1E05036940FBC80C2944856DC1168E62E2364
        Validity
            Not Before: Oct 11 09:59:29 2024 GMT
            Not After : Oct 10 10:04:29 2025 GMT
        Subject: CN=349BB97944FEE09A4C93F3E542D4F59B9EDAD6ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:42:6c:43:90:ea:49:db:2c:b5:17:d3:44:75:
                    e2:d8:3f:a5:48:ee:cb:ab:de:39:cd:cc:a4:6e:61:
                    e8:01:71:42:c3:27:64:5a:f4:11:0a:e4:4a:fe:ab:
                    de:37:0b:47:b0:45:49:00:d4:b3:d2:98:52:25:3d:
                    31:fe:16:61:19:b4:9e:88:70:c5:fb:82:86:5a:c4:
                    cc:1e:a2:73:14:1e:6f:a3:04:8e:de:b0:05:21:9f:
                    a1:90:3a:02:ff:88:bc:33:28:f8:e3:59:51:ee:31:
                    92:8d:00:b7:c8:91:db:6f:4f:62:13:de:cb:b1:ec:
                    4d:60:ef:ab:b2:58:b6:01:da:69:b8:6f:18:7f:cf:
                    39:ca:58:5b:d4:58:35:04:64:f1:97:59:82:21:54:
                    fa:22:df:54:55:90:5f:39:87:25:3b:ee:70:78:b1:
                    66:8d:1f:9d:d2:a0:58:c5:83:4f:ad:1a:de:74:1f:
                    0c:d8:30:7d:11:79:00:23:36:8e:1c:3d:80:ac:9d:
                    3f:c6:1a:e5:68:96:02:6d:32:a1:c5:a5:e0:8c:7a:
                    be:66:fc:b6:c1:90:8c:b9:02:01:37:87:b9:40:91:
                    9b:79:37:f5:d5:0e:bd:08:7e:7d:4b:56:84:cc:f5:
                    3f:1b:1d:97:ff:3f:3b:62:a8:8e:a4:c0:f4:8c:d4:
                    00:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:9B:B9:79:44:FE:E0:9A:4C:93:F3:E5:42:D4:F5:9B:9E:DA:D6:ED
            X509v3 Authority Key Identifier:
                keyid:A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/5/3138352e3135352e37352e302f32342d3234203d3e20343031313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:2b:9a:f1:92:5a:85:62:2d:ca:55:d8:5d:7e:82:0e:25:42:
         13:97:af:ad:92:03:42:7b:69:23:70:21:12:64:05:42:f7:a9:
         3b:e3:a3:53:cb:ff:4f:6f:83:2b:b7:69:bc:17:1f:7e:f6:96:
         3b:66:b1:c3:e5:dd:2d:f4:5b:2c:4f:6d:f8:73:be:54:b8:94:
         67:8f:2b:cc:81:09:7e:1d:df:b5:3f:d6:d6:94:20:7d:91:05:
         74:90:82:b2:22:44:76:d7:f4:c1:77:d2:46:72:ae:c4:5f:cb:
         39:1d:5d:ff:d6:74:b4:e9:2c:51:02:e5:5c:a5:db:11:35:a7:
         ac:47:31:82:e3:88:7c:6e:7d:3d:d3:59:09:f7:6f:8d:1d:7b:
         bd:c5:9d:74:09:3b:9a:b3:30:cd:ef:2e:d0:20:c9:2c:ba:08:
         1f:1a:ed:e8:09:04:76:cb:69:e8:f7:71:a8:88:30:21:90:15:
         7d:2a:e3:1b:ff:43:ae:04:40:66:ff:d7:3d:22:bc:52:40:89:
         aa:28:f7:19:7e:ea:b6:9d:10:5f:82:7d:d4:b3:74:69:d9:f5:
         c7:8a:cd:47:82:10:36:bb:07:2b:47:c4:57:d8:98:df:41:19:
         83:ff:35:75:05:2c:a3:91:b7:4c:a2:9a:e3:81:a9:9a:b6:1c:
         2e:6a:b1:1b
-----BEGIN CERTIFICATE-----
MIIEvTCCA6WgAwIBAgIUVccATZbf3zdPbS/9QQRoJHu6OVswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhF
NjJFMjM2NDAeFw0yNDEwMTEwOTU5MjlaFw0yNTEwMTAxMDA0MjlaMDMxMTAvBgNV
BAMTKDM0OUJCOTc5NDRGRUUwOUE0QzkzRjNFNTQyRDRGNTlCOUVEQUQ2RUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1QmxDkOpJ2yy1F9NEdeLYP6VI
7sur3jnNzKRuYegBcULDJ2Ra9BEK5Er+q943C0ewRUkA1LPSmFIlPTH+FmEZtJ6I
cMX7goZaxMweonMUHm+jBI7esAUhn6GQOgL/iLwzKPjjWVHuMZKNALfIkdtvT2IT
3sux7E1g76uyWLYB2mm4bxh/zznKWFvUWDUEZPGXWYIhVPoi31RVkF85hyU77nB4
sWaNH53SoFjFg0+tGt50HwzYMH0ReQAjNo4cPYCsnT/GGuVolgJtMqHFpeCMer5m
/LbBkIy5AgE3h7lAkZt5N/XVDr0Ifn1LVoTM9T8bHZf/PztiqI6kwPSM1ACDAgMB
AAGjggHHMIIBwzAdBgNVHQ4EFgQUNJu5eUT+4JpMk/PlQtT1m57a1u0wHwYDVR0j
BBgwFoAUpbHgUDaUD7yAwpRIVtwRaOYuI2QwDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvNS9BNUIxRTA1
MDM2OTQwRkJDODBDMjk0NDg1NkRDMTE2OEU2MkUyMzY0LmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzEv
QTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhFNjJFMjM2NC5jZXIwdAYI
KwYBBQUHAQsEaDBmMGQGCCsGAQUFBzALhlhyc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzUvMzEzODM1MmUzMTM1MzUyZTM3MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMwMzEzMTMxMzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYI
KwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5m0swDQYJKoZIhvcNAQELBQADggEB
AKgrmvGSWoViLcpV2F1+gg4lQhOXr62SA0J7aSNwIRJkBUL3qTvjo1PL/09vgyu3
abwXH372ljtmscPl3S30WyxPbfhzvlS4lGePK8yBCX4d37U/1taUIH2RBXSQgrIi
RHbX9MF30kZyrsRfyzkdXf/WdLTpLFEC5Vyl2xE1p6xHMYLjiHxufT3TWQn3b40d
e73FnXQJO5qzMM3vLtAgySy6CB8a7egJBHbLaej3caiIMCGQFX0q4xv/Q64EQGb/
1z0ivFJAiaoo9xl+6radEF+CfdSzdGnZ9ceKzUeCEDa7BytHxFfYmN9BGYP/NXUF
LKORt0yimuOBqZq2HC5qsRs=
-----END CERTIFICATE-----