Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/5/326131333a633030373a383130303a3a2f34302d3430203d3e20323135323332.roa
File:                     326131333a633030373a383130303a3a2f34302d3430203d3e20323135323332.roa (raw, json)
Hash identifier:          ROc+7C5oIIh8dAwYDS3pQybcID1lfPC8QK8Lj3n8wOY=
Subject key identifier:   16:A9:5D:2C:69:DD:07:DC:F3:CF:9A:2E:23:B9:FA:08:B8:98:28:B3
Certificate issuer:       /CN=A5B1E05036940FBC80C2944856DC1168E62E2364
Certificate serial:       24076A8B9DB90D023E2C806D39FAC36419FDED8F
Authority key identifier: A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64
Authority info access:    rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
Subject info access:      rsync://dev.tw/rpki/AS945/5/326131333a633030373a383130303a3a2f34302d3430203d3e20323135323332.roa
Signing time:             Fri 11 Oct 2024 10:04:28 +0000
ROA not before:           Fri 11 Oct 2024 09:59:28 +0000
ROA not after:            Fri 10 Oct 2025 10:04:28 +0000
asID:                     215232
IP address blocks:        2a13:c007:8100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl
                          rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.mft
                          rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:34:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:07:6a:8b:9d:b9:0d:02:3e:2c:80:6d:39:fa:c3:64:19:fd:ed:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A5B1E05036940FBC80C2944856DC1168E62E2364
        Validity
            Not Before: Oct 11 09:59:28 2024 GMT
            Not After : Oct 10 10:04:28 2025 GMT
        Subject: CN=16A95D2C69DD07DCF3CF9A2E23B9FA08B89828B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9e:6c:f2:83:bd:65:74:57:6e:e1:9d:49:e6:
                    27:9d:e8:22:24:44:c1:3b:cf:e0:36:18:e2:47:5e:
                    f4:53:68:00:91:84:a2:b6:86:9f:ca:01:d9:16:7d:
                    ec:93:3a:a6:16:b6:3e:10:d6:9a:eb:53:15:4a:e5:
                    7c:e8:2c:73:78:2a:de:e6:69:f6:bd:49:e5:e6:0f:
                    b0:ec:f5:61:e4:8f:f5:e1:8a:a0:d6:da:35:11:e4:
                    a2:a7:0c:8c:8e:f0:31:82:50:89:70:04:60:10:85:
                    f6:b7:78:b5:ac:83:22:ee:be:98:d3:59:a2:87:ee:
                    27:d5:17:87:ed:e9:a7:7f:fd:51:5f:81:1d:d3:13:
                    d2:f5:83:43:8f:06:67:f4:3c:cc:3d:d3:37:95:4c:
                    d0:a8:c0:d1:9b:36:32:e2:bd:58:c8:7e:ad:73:c3:
                    45:73:ad:62:d6:98:c0:07:22:69:4b:42:fd:49:3d:
                    14:de:17:92:31:11:32:1f:30:68:58:66:67:82:fb:
                    c5:57:79:c7:fd:43:14:60:8f:60:a5:03:40:4e:45:
                    69:81:8b:95:dd:d2:53:bb:69:e0:b5:34:6f:f1:2f:
                    eb:d1:9e:a5:3a:87:8f:a5:fc:27:2f:91:5a:b4:aa:
                    82:77:2a:fe:9e:3e:e7:3c:54:c9:98:ec:f3:79:b1:
                    c3:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:A9:5D:2C:69:DD:07:DC:F3:CF:9A:2E:23:B9:FA:08:B8:98:28:B3
            X509v3 Authority Key Identifier:
                keyid:A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/5/326131333a633030373a383130303a3a2f34302d3430203d3e20323135323332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:8100::/40

    Signature Algorithm: sha256WithRSAEncryption
         86:f8:63:de:aa:5f:97:e7:09:82:6f:60:eb:1b:a7:60:a9:28:
         f0:37:4b:ea:8d:e1:a9:71:34:82:a6:77:a2:9f:42:03:6f:55:
         87:73:c6:cd:b1:79:b1:da:54:4e:97:a0:9b:ce:09:24:9c:f8:
         6b:f8:13:af:cb:ca:ad:ea:78:fa:ea:43:1f:4f:57:06:88:5e:
         a2:ea:db:28:ab:77:e2:f1:ec:7b:f5:06:9a:91:2c:74:8e:a1:
         ab:4f:38:ce:52:0f:93:58:5e:c7:a2:89:70:5b:a3:32:79:88:
         ee:e2:bd:70:b3:9c:7f:76:41:bb:89:fa:4a:d6:8e:44:6b:a4:
         c4:45:04:ab:06:57:a1:5e:82:ae:99:51:18:e4:f5:7f:de:c0:
         39:8c:65:94:44:0b:fa:ad:56:35:5d:ab:19:9e:0c:11:b6:b4:
         cf:29:77:02:0f:ae:d6:97:6d:fa:7c:78:33:09:7c:2a:0d:22:
         6d:60:af:bd:46:0a:42:30:76:99:ec:4f:06:ba:a2:65:f1:52:
         60:49:9d:95:25:5a:82:cc:00:bc:5c:2c:24:67:bc:a5:57:3d:
         44:e5:67:f4:09:0f:f9:98:45:05:3a:09:f8:17:e3:53:7a:51:
         71:03:14:c0:45:59:56:5c:03:9a:ea:53:71:91:1b:c1:30:9d:
         3d:30:ff:b9
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUJAdqi525DQI+LIBtOfrDZBn97Y8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhF
NjJFMjM2NDAeFw0yNDEwMTEwOTU5MjhaFw0yNTEwMTAxMDA0MjhaMDMxMTAvBgNV
BAMTKDE2QTk1RDJDNjlERDA3RENGM0NGOUEyRTIzQjlGQTA4Qjg5ODI4QjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCknmzyg71ldFdu4Z1J5ied6CIk
RME7z+A2GOJHXvRTaACRhKK2hp/KAdkWfeyTOqYWtj4Q1prrUxVK5XzoLHN4Kt7m
afa9SeXmD7Ds9WHkj/XhiqDW2jUR5KKnDIyO8DGCUIlwBGAQhfa3eLWsgyLuvpjT
WaKH7ifVF4ft6ad//VFfgR3TE9L1g0OPBmf0PMw90zeVTNCowNGbNjLivVjIfq1z
w0VzrWLWmMAHImlLQv1JPRTeF5IxETIfMGhYZmeC+8VXecf9QxRgj2ClA0BORWmB
i5Xd0lO7aeC1NG/xL+vRnqU6h4+l/CcvkVq0qoJ3Kv6ePuc8VMmY7PN5scMrAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUFqldLGndB9zzz5ouI7n6CLiYKLMwHwYDVR0j
BBgwFoAUpbHgUDaUD7yAwpRIVtwRaOYuI2QwDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvNS9BNUIxRTA1
MDM2OTQwRkJDODBDMjk0NDg1NkRDMTE2OEU2MkUyMzY0LmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzEv
QTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhFNjJFMjM2NC5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzUvMzI2MTMxMzMzYTYzMzAzMDM3M2EzODMxMzAzMDNhM2EyZjM0MzAyZDM0
MzAyMDNkM2UyMDMyMzEzNTMyMzMzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoTwAeBMA0GCSqGSIb3
DQEBCwUAA4IBAQCG+GPeql+X5wmCb2DrG6dgqSjwN0vqjeGpcTSCpnein0IDb1WH
c8bNsXmx2lROl6CbzgkknPhr+BOvy8qt6nj66kMfT1cGiF6i6tsoq3fi8ex79Qaa
kSx0jqGrTzjOUg+TWF7HoolwW6MyeYju4r1ws5x/dkG7ifpK1o5Ea6TERQSrBleh
XoKumVEY5PV/3sA5jGWURAv6rVY1XasZngwRtrTPKXcCD67Wl236fHgzCXwqDSJt
YK+9RgpCMHaZ7E8GuqJl8VJgSZ2VJVqCzAC8XCwkZ7ylVz1E5Wf0CQ/5mEUFOgn4
F+NTelFxAxTARVlWXAOa6lNxkRvBMJ09MP+5
-----END CERTIFICATE-----