Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/5/326131333a633030373a383062303a3a2f34342d3434203d3e20313939313833.roa
File:                     326131333a633030373a383062303a3a2f34342d3434203d3e20313939313833.roa (raw, json)
Hash identifier:          xnekyxaeGrtzxDKuyeKUBg6q0HaA2ZDs9lAL+QHkvB8=
Subject key identifier:   6A:B6:D7:46:07:D0:3E:B2:6D:A9:69:2F:DB:EB:DE:FE:1D:2F:02:C2
Certificate issuer:       /CN=A5B1E05036940FBC80C2944856DC1168E62E2364
Certificate serial:       2254CE41EB9F74CE5F727058B162D9429C4F40DC
Authority key identifier: A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64
Authority info access:    rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
Subject info access:      rsync://dev.tw/rpki/AS945/5/326131333a633030373a383062303a3a2f34342d3434203d3e20313939313833.roa
Signing time:             Fri 11 Oct 2024 10:04:29 +0000
ROA not before:           Fri 11 Oct 2024 09:59:29 +0000
ROA not after:            Fri 10 Oct 2025 10:04:29 +0000
asID:                     199183
IP address blocks:        2a13:c007:80b0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl
                          rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.mft
                          rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:34:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:54:ce:41:eb:9f:74:ce:5f:72:70:58:b1:62:d9:42:9c:4f:40:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A5B1E05036940FBC80C2944856DC1168E62E2364
        Validity
            Not Before: Oct 11 09:59:29 2024 GMT
            Not After : Oct 10 10:04:29 2025 GMT
        Subject: CN=6AB6D74607D03EB26DA9692FDBEBDEFE1D2F02C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ee:c3:53:ca:c0:89:0f:da:9f:f4:6b:12:4f:
                    65:b6:3e:16:f3:58:58:62:9a:d9:36:78:8b:ff:a9:
                    f9:8e:75:f6:db:bd:24:51:18:af:7f:26:03:e8:a3:
                    41:96:0e:dd:66:84:cb:a4:04:01:d2:9b:32:bc:40:
                    74:7a:52:c9:1e:d5:5c:b7:91:47:a5:1d:3a:49:fc:
                    cf:60:3d:7a:4e:9b:40:3c:57:3e:2b:f5:26:8e:64:
                    49:b2:8e:d5:72:98:c7:36:40:96:02:32:e4:f7:c9:
                    8e:20:d0:6d:96:e5:80:64:78:48:21:ea:b8:02:8c:
                    5d:d7:4e:16:bb:c0:e3:d5:5d:4c:f8:05:05:88:5a:
                    65:2a:f1:80:8f:f0:29:e8:c2:1e:de:01:42:25:6a:
                    2c:47:0c:80:70:0c:a8:8e:fb:98:54:76:b6:72:d4:
                    68:de:b6:1f:5d:7b:70:bd:d4:cd:f8:e4:42:41:f0:
                    ff:40:f4:5b:66:c4:6b:eb:ad:25:78:2b:85:9a:0b:
                    30:ce:2a:04:42:e5:88:03:ea:da:1a:09:9e:ce:d3:
                    b0:a7:ac:f5:9a:b6:1f:cf:4a:14:df:95:e9:30:ac:
                    ba:72:75:a4:87:e2:c9:ed:df:ca:38:00:2e:5b:ac:
                    8c:80:f5:de:a8:4c:e8:35:db:8e:e0:e3:00:57:e3:
                    fc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:B6:D7:46:07:D0:3E:B2:6D:A9:69:2F:DB:EB:DE:FE:1D:2F:02:C2
            X509v3 Authority Key Identifier:
                keyid:A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/5/326131333a633030373a383062303a3a2f34342d3434203d3e20313939313833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:80b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a0:b0:e6:c9:33:d2:5e:b8:91:cd:6e:26:a2:c1:61:5b:b4:e1:
         a6:e9:b3:44:40:35:71:f9:96:22:0c:a0:66:58:8b:fe:a8:dd:
         e5:12:f4:f2:02:a6:c0:e0:1b:28:e2:39:f0:16:c0:86:7e:7e:
         96:c0:00:c9:b7:30:58:a4:fe:1f:87:4e:8c:93:b4:3d:a0:52:
         dd:bb:fb:28:e7:6e:fb:f7:c6:ca:d2:65:87:81:9d:0a:2d:8e:
         35:e0:da:5e:ce:66:94:c3:ff:90:2d:ad:c0:a9:b6:96:21:ec:
         72:f8:43:8f:64:42:39:c5:9b:a6:b2:6a:37:6f:7b:cf:d8:fa:
         4e:46:8e:61:89:06:19:ea:e5:4f:23:b3:16:83:64:3f:29:83:
         50:a4:bc:9c:af:b9:68:fa:ae:ca:48:9c:3c:ff:80:36:9f:99:
         46:2f:80:f2:e6:bb:be:03:c7:24:53:63:da:35:8f:71:aa:fb:
         e9:11:c3:65:c8:3c:09:a3:54:ad:4b:d7:20:f0:0b:ac:72:66:
         f1:4e:86:fe:93:8e:da:90:95:86:10:52:e1:f9:38:59:7c:39:
         c7:17:22:38:3f:7e:67:34:2e:02:fa:89:04:9a:ad:18:b2:00:
         d2:2d:9b:09:5c:11:9e:78:85:f9:ef:e1:da:57:89:90:6f:81:
         b9:84:30:3f
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUIlTOQeufdM5fcnBYsWLZQpxPQNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhF
NjJFMjM2NDAeFw0yNDEwMTEwOTU5MjlaFw0yNTEwMTAxMDA0MjlaMDMxMTAvBgNV
BAMTKDZBQjZENzQ2MDdEMDNFQjI2REE5NjkyRkRCRUJERUZFMUQyRjAyQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg7sNTysCJD9qf9GsST2W2Phbz
WFhimtk2eIv/qfmOdfbbvSRRGK9/JgPoo0GWDt1mhMukBAHSmzK8QHR6Uske1Vy3
kUelHTpJ/M9gPXpOm0A8Vz4r9SaOZEmyjtVymMc2QJYCMuT3yY4g0G2W5YBkeEgh
6rgCjF3XTha7wOPVXUz4BQWIWmUq8YCP8Cnowh7eAUIlaixHDIBwDKiO+5hUdrZy
1Gjeth9de3C91M345EJB8P9A9FtmxGvrrSV4K4WaCzDOKgRC5YgD6toaCZ7O07Cn
rPWath/PShTflekwrLpydaSH4snt38o4AC5brIyA9d6oTOg1247g4wBX4/y/AgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUarbXRgfQPrJtqWkv2+ve/h0vAsIwHwYDVR0j
BBgwFoAUpbHgUDaUD7yAwpRIVtwRaOYuI2QwDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvNS9BNUIxRTA1
MDM2OTQwRkJDODBDMjk0NDg1NkRDMTE2OEU2MkUyMzY0LmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzEv
QTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhFNjJFMjM2NC5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzUvMzI2MTMxMzMzYTYzMzAzMDM3M2EzODMwNjIzMDNhM2EyZjM0MzQyZDM0
MzQyMDNkM2UyMDMxMzkzOTMxMzgzMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoTwAeAsDANBgkqhkiG
9w0BAQsFAAOCAQEAoLDmyTPSXriRzW4mosFhW7ThpumzREA1cfmWIgygZliL/qjd
5RL08gKmwOAbKOI58BbAhn5+lsAAybcwWKT+H4dOjJO0PaBS3bv7KOdu+/fGytJl
h4GdCi2ONeDaXs5mlMP/kC2twKm2liHscvhDj2RCOcWbprJqN297z9j6TkaOYYkG
GerlTyOzFoNkPymDUKS8nK+5aPquykicPP+ANp+ZRi+A8ua7vgPHJFNj2jWPcar7
6RHDZcg8CaNUrUvXIPALrHJm8U6G/pOO2pCVhhBS4fk4WXw5xxciOD9+ZzQuAvqJ
BJqtGLIA0i2bCVwRnniF+e/h2leJkG+BuYQwPw==
-----END CERTIFICATE-----