Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/5/326131333a633030373a383031623a3a2f34382d3438203d3e20313939313038.roa
File:                     326131333a633030373a383031623a3a2f34382d3438203d3e20313939313038.roa (raw, json)
Hash identifier:          T0Mi+TQUJ1vA/Pq8uY4Dw/kG218IqzhYrECuQgdwXx0=
Subject key identifier:   72:36:8F:44:9A:56:F9:A5:18:1F:D8:35:AB:63:7C:D3:41:4D:81:99
Certificate issuer:       /CN=A5B1E05036940FBC80C2944856DC1168E62E2364
Certificate serial:       444A9A4E034C618B848CA5E4E70DC32B93D07B47
Authority key identifier: A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64
Authority info access:    rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
Subject info access:      rsync://dev.tw/rpki/AS945/5/326131333a633030373a383031623a3a2f34382d3438203d3e20313939313038.roa
Signing time:             Fri 11 Oct 2024 10:04:28 +0000
ROA not before:           Fri 11 Oct 2024 09:59:28 +0000
ROA not after:            Fri 10 Oct 2025 10:04:28 +0000
asID:                     199108
IP address blocks:        2a13:c007:801b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl
                          rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.mft
                          rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:34:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:4a:9a:4e:03:4c:61:8b:84:8c:a5:e4:e7:0d:c3:2b:93:d0:7b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A5B1E05036940FBC80C2944856DC1168E62E2364
        Validity
            Not Before: Oct 11 09:59:28 2024 GMT
            Not After : Oct 10 10:04:28 2025 GMT
        Subject: CN=72368F449A56F9A5181FD835AB637CD3414D8199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1c:87:60:47:45:d0:81:67:e1:b0:04:9b:93:
                    12:ef:6d:28:97:9e:56:9f:f9:3a:26:b6:b7:86:5b:
                    6f:dc:02:d3:da:5c:fd:54:14:07:14:47:d5:c4:53:
                    79:78:81:5c:ab:1e:f0:9b:af:44:bf:08:96:08:e6:
                    86:92:b4:20:64:17:00:c1:c3:27:a2:05:40:8b:ea:
                    06:35:06:d4:d0:0f:c9:f2:2e:c8:f3:1c:c4:d0:c0:
                    4b:08:27:37:bc:a6:dd:80:ea:9b:b8:d2:c0:39:01:
                    92:16:e7:51:83:2f:87:e1:74:99:00:6a:f0:2f:fd:
                    fc:f4:56:3c:ad:37:9f:ec:65:c0:a2:99:a7:65:e1:
                    3d:01:67:07:dd:24:ec:ce:19:83:e7:5b:00:12:f6:
                    54:35:2b:e3:89:4c:0b:53:f3:db:a5:97:ac:c8:b6:
                    23:b1:f4:7e:55:c1:c0:12:59:37:4a:29:bc:73:97:
                    c6:49:26:b7:c7:5e:c5:c0:f6:8d:d9:39:b8:7b:dc:
                    eb:e0:6e:0f:8e:94:84:71:2e:12:c6:10:2b:cd:78:
                    db:fc:f0:98:4a:f5:fd:27:cd:d1:d9:8d:84:db:39:
                    e1:ca:26:58:0b:07:bf:28:de:c5:66:76:08:53:0e:
                    e4:70:56:fa:36:44:38:70:0f:82:c3:65:b2:52:68:
                    b0:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:36:8F:44:9A:56:F9:A5:18:1F:D8:35:AB:63:7C:D3:41:4D:81:99
            X509v3 Authority Key Identifier:
                keyid:A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/5/326131333a633030373a383031623a3a2f34382d3438203d3e20313939313038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:801b::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:9a:12:c4:8e:e7:2c:77:30:a8:05:49:89:00:7e:91:bb:89:
         b7:00:4e:f2:36:b0:e4:2b:0c:ba:2c:fe:d3:bf:25:0b:0b:4f:
         07:65:d2:ce:82:40:ac:6f:50:c4:39:7f:44:b0:89:10:35:2e:
         2c:07:e5:d5:dc:50:4b:16:fb:7d:e6:a4:36:9a:87:87:09:49:
         bd:c6:27:52:c0:b2:7c:47:08:da:c7:98:fb:cb:be:57:f8:2e:
         a3:0f:79:fd:30:05:de:23:9b:e0:ea:7d:f0:5f:ea:66:24:6e:
         e0:82:5e:00:76:01:63:f1:3e:ad:70:e4:b0:66:94:7a:64:34:
         1e:09:83:71:5b:12:ba:df:83:c8:74:23:b4:d5:00:c9:9f:ac:
         4f:15:a4:13:33:22:44:40:64:0a:ec:1f:63:61:7a:1f:b2:1d:
         2c:b1:db:e5:9c:08:fb:a8:ec:e6:74:ab:36:4a:e2:6d:2f:c4:
         70:9d:ba:e2:48:bd:41:c2:11:b4:32:2d:c3:f9:0c:32:d6:4b:
         7a:2d:03:ad:74:39:70:e7:ed:18:ed:13:53:68:2d:ef:9c:9f:
         43:a6:a2:96:30:fb:41:3e:0f:9f:4f:8a:08:5f:e4:6d:dc:bb:
         33:d3:e6:4b:8e:fd:42:f1:cb:5a:6f:ba:90:61:bf:ca:4a:86:
         5f:a2:9c:2d
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUREqaTgNMYYuEjKXk5w3DK5PQe0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhF
NjJFMjM2NDAeFw0yNDEwMTEwOTU5MjhaFw0yNTEwMTAxMDA0MjhaMDMxMTAvBgNV
BAMTKDcyMzY4RjQ0OUE1NkY5QTUxODFGRDgzNUFCNjM3Q0QzNDE0RDgxOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqHIdgR0XQgWfhsASbkxLvbSiX
nlaf+TomtreGW2/cAtPaXP1UFAcUR9XEU3l4gVyrHvCbr0S/CJYI5oaStCBkFwDB
wyeiBUCL6gY1BtTQD8nyLsjzHMTQwEsIJze8pt2A6pu40sA5AZIW51GDL4fhdJkA
avAv/fz0VjytN5/sZcCimadl4T0BZwfdJOzOGYPnWwAS9lQ1K+OJTAtT89ull6zI
tiOx9H5VwcASWTdKKbxzl8ZJJrfHXsXA9o3ZObh73Ovgbg+OlIRxLhLGECvNeNv8
8JhK9f0nzdHZjYTbOeHKJlgLB78o3sVmdghTDuRwVvo2RDhwD4LDZbJSaLDJAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUcjaPRJpW+aUYH9g1q2N800FNgZkwHwYDVR0j
BBgwFoAUpbHgUDaUD7yAwpRIVtwRaOYuI2QwDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvNS9BNUIxRTA1
MDM2OTQwRkJDODBDMjk0NDg1NkRDMTE2OEU2MkUyMzY0LmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzEv
QTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhFNjJFMjM2NC5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzUvMzI2MTMxMzMzYTYzMzAzMDM3M2EzODMwMzE2MjNhM2EyZjM0MzgyZDM0
MzgyMDNkM2UyMDMxMzkzOTMxMzAzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoTwAeAGzANBgkqhkiG
9w0BAQsFAAOCAQEAiZoSxI7nLHcwqAVJiQB+kbuJtwBO8jaw5CsMuiz+078lCwtP
B2XSzoJArG9QxDl/RLCJEDUuLAfl1dxQSxb7feakNpqHhwlJvcYnUsCyfEcI2seY
+8u+V/guow95/TAF3iOb4Op98F/qZiRu4IJeAHYBY/E+rXDksGaUemQ0HgmDcVsS
ut+DyHQjtNUAyZ+sTxWkEzMiREBkCuwfY2F6H7IdLLHb5ZwI+6js5nSrNkribS/E
cJ264ki9QcIRtDItw/kMMtZLei0DrXQ5cOftGO0TU2gt75yfQ6ailjD7QT4Pn0+K
CF/kbdy7M9PmS479QvHLWm+6kGG/ykqGX6KcLQ==
-----END CERTIFICATE-----