Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/5/326131333a633030373a383031343a3a2f34382d3438203d3e20313939323636.roa
File:                     326131333a633030373a383031343a3a2f34382d3438203d3e20313939323636.roa (raw, json)
Hash identifier:          96DLYLi7WdFVEXV0pK91EtRsZDwMMCgn5CDOYmmLf1A=
Subject key identifier:   F9:27:B7:F8:7A:CB:9E:BF:EC:83:2E:3A:EB:B3:E1:A3:83:A2:BC:BA
Certificate issuer:       /CN=A5B1E05036940FBC80C2944856DC1168E62E2364
Certificate serial:       32795DA4FBF9D96399D3A3B1FD2CD3CC148C8BEC
Authority key identifier: A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64
Authority info access:    rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
Subject info access:      rsync://dev.tw/rpki/AS945/5/326131333a633030373a383031343a3a2f34382d3438203d3e20313939323636.roa
Signing time:             Fri 11 Oct 2024 10:04:29 +0000
ROA not before:           Fri 11 Oct 2024 09:59:29 +0000
ROA not after:            Fri 10 Oct 2025 10:04:29 +0000
asID:                     199266
IP address blocks:        2a13:c007:8014::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl
                          rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.mft
                          rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:34:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:79:5d:a4:fb:f9:d9:63:99:d3:a3:b1:fd:2c:d3:cc:14:8c:8b:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A5B1E05036940FBC80C2944856DC1168E62E2364
        Validity
            Not Before: Oct 11 09:59:29 2024 GMT
            Not After : Oct 10 10:04:29 2025 GMT
        Subject: CN=F927B7F87ACB9EBFEC832E3AEBB3E1A383A2BCBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6f:1c:67:a6:14:03:25:4b:07:3b:54:e7:c9:
                    01:fb:56:3f:fa:61:3d:a8:dc:88:29:1c:49:d8:ce:
                    a6:d7:38:69:76:ca:a3:9d:8b:79:e1:36:60:53:f3:
                    85:ac:67:47:bc:3c:72:fe:d2:1f:ba:74:64:f6:72:
                    3c:e6:68:30:20:65:0e:0c:a8:71:1e:47:a6:a6:27:
                    34:33:cb:90:28:e9:17:ed:d7:75:34:a3:4a:59:bf:
                    89:60:d3:a6:5d:b5:ac:d8:62:44:68:9e:ff:f1:8f:
                    98:78:88:73:0b:a9:56:e6:d0:52:00:76:b5:85:54:
                    7e:b0:cf:2d:bb:d3:46:85:3b:8f:e7:f5:11:81:26:
                    c1:5c:e1:43:d6:13:fc:2c:08:10:45:ba:9c:ac:bb:
                    40:bc:99:d8:01:7d:5d:73:4a:6e:46:52:59:de:31:
                    06:a8:fc:fb:a3:12:33:96:54:0b:41:0d:3f:7f:ce:
                    fe:0f:53:d8:cd:89:c2:e3:8f:09:8f:02:1a:39:61:
                    1e:de:1a:92:d6:80:61:46:7c:a0:fb:b7:e7:ce:61:
                    de:29:a4:70:c3:ce:e6:e3:05:e9:18:af:6a:b6:ac:
                    97:dd:5e:51:eb:c4:dd:df:97:08:bc:a7:4c:9e:a9:
                    99:a0:c9:87:70:70:7f:d9:08:5c:07:e5:e2:32:d9:
                    7e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:27:B7:F8:7A:CB:9E:BF:EC:83:2E:3A:EB:B3:E1:A3:83:A2:BC:BA
            X509v3 Authority Key Identifier:
                keyid:A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/5/326131333a633030373a383031343a3a2f34382d3438203d3e20313939323636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:8014::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:c6:9d:a6:1f:bb:e3:d2:c6:05:02:5c:0e:54:ce:30:81:d4:
         45:2c:07:1c:31:b6:aa:60:ad:79:b2:87:b6:67:8a:59:97:92:
         b9:7e:a0:a5:65:f4:aa:41:73:ee:07:00:f9:11:65:f3:3b:b0:
         6a:e4:4e:84:03:68:11:77:55:ba:27:38:4c:b3:45:e1:87:51:
         f3:13:9b:ab:fe:eb:66:70:b0:89:f6:b2:89:ad:6b:58:88:ad:
         18:70:3e:5b:95:fc:a2:19:df:7d:d8:09:1a:40:14:d5:96:f0:
         1a:b4:49:0e:74:11:7c:4e:84:90:9f:ed:50:20:ae:4d:b9:90:
         95:24:34:5e:2e:2d:02:b5:2a:a1:38:bd:c1:14:06:ea:37:74:
         ce:ff:0a:6c:23:2c:0a:11:6f:d4:46:2b:45:ff:99:a2:46:b0:
         5a:2a:41:12:d2:24:9d:e5:bb:41:9c:21:ab:6e:c9:13:11:dc:
         44:24:fd:0e:0d:dc:5e:8d:11:4b:66:29:54:93:27:4d:61:7e:
         66:0e:fc:8a:bb:f9:ad:f0:35:05:1b:88:c8:62:7a:69:d4:41:
         48:7c:30:d7:aa:5d:ec:79:e9:6a:72:be:c2:fa:1f:6c:60:15:
         f4:25:35:26:69:01:b4:fc:d2:60:8a:2c:7f:db:4c:a9:11:fa:
         50:98:03:2f
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUMnldpPv52WOZ06Ox/SzTzBSMi+wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhF
NjJFMjM2NDAeFw0yNDEwMTEwOTU5MjlaFw0yNTEwMTAxMDA0MjlaMDMxMTAvBgNV
BAMTKEY5MjdCN0Y4N0FDQjlFQkZFQzgzMkUzQUVCQjNFMUEzODNBMkJDQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvbxxnphQDJUsHO1TnyQH7Vj/6
YT2o3IgpHEnYzqbXOGl2yqOdi3nhNmBT84WsZ0e8PHL+0h+6dGT2cjzmaDAgZQ4M
qHEeR6amJzQzy5Ao6Rft13U0o0pZv4lg06ZdtazYYkRonv/xj5h4iHMLqVbm0FIA
drWFVH6wzy2700aFO4/n9RGBJsFc4UPWE/wsCBBFupysu0C8mdgBfV1zSm5GUlne
MQao/PujEjOWVAtBDT9/zv4PU9jNicLjjwmPAho5YR7eGpLWgGFGfKD7t+fOYd4p
pHDDzubjBekYr2q2rJfdXlHrxN3flwi8p0yeqZmgyYdwcH/ZCFwH5eIy2X6nAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQU+Se3+HrLnr/sgy4667Pho4OivLowHwYDVR0j
BBgwFoAUpbHgUDaUD7yAwpRIVtwRaOYuI2QwDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvNS9BNUIxRTA1
MDM2OTQwRkJDODBDMjk0NDg1NkRDMTE2OEU2MkUyMzY0LmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzEv
QTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhFNjJFMjM2NC5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzUvMzI2MTMxMzMzYTYzMzAzMDM3M2EzODMwMzEzNDNhM2EyZjM0MzgyZDM0
MzgyMDNkM2UyMDMxMzkzOTMyMzYzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoTwAeAFDANBgkqhkiG
9w0BAQsFAAOCAQEAP8adph+749LGBQJcDlTOMIHURSwHHDG2qmCtebKHtmeKWZeS
uX6gpWX0qkFz7gcA+RFl8zuwauROhANoEXdVuic4TLNF4YdR8xObq/7rZnCwifay
ia1rWIitGHA+W5X8ohnffdgJGkAU1ZbwGrRJDnQRfE6EkJ/tUCCuTbmQlSQ0Xi4t
ArUqoTi9wRQG6jd0zv8KbCMsChFv1EYrRf+ZokawWipBEtIkneW7QZwhq27JExHc
RCT9Dg3cXo0RS2YpVJMnTWF+Zg78irv5rfA1BRuIyGJ6adRBSHww16pd7HnpanK+
wvofbGAV9CU1JmkBtPzSYIosf9tMqRH6UJgDLw==
-----END CERTIFICATE-----