Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/5/326131333a633030373a383430303a3a2f34302d3438203d3e20323135383535.roa
File:                     326131333a633030373a383430303a3a2f34302d3438203d3e20323135383535.roa (raw, json)
Hash identifier:          gRgljrJk158KKyuSQrfAJJ8xfm7FAXMAw/BKKqJttbo=
Subject key identifier:   68:62:89:8B:A8:2C:2F:EA:F3:B4:E8:92:DC:64:CC:FF:69:9F:7F:6D
Certificate issuer:       /CN=A5B1E05036940FBC80C2944856DC1168E62E2364
Certificate serial:       7FA38BFF5EE6073ACF6638982155AB587A6CD25A
Authority key identifier: A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64
Authority info access:    rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
Subject info access:      rsync://dev.tw/rpki/AS945/5/326131333a633030373a383430303a3a2f34302d3438203d3e20323135383535.roa
Signing time:             Fri 11 Oct 2024 10:04:30 +0000
ROA not before:           Fri 11 Oct 2024 09:59:30 +0000
ROA not after:            Fri 10 Oct 2025 10:04:30 +0000
asID:                     215855
IP address blocks:        2a13:c007:8400::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl
                          rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.mft
                          rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:34:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:a3:8b:ff:5e:e6:07:3a:cf:66:38:98:21:55:ab:58:7a:6c:d2:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A5B1E05036940FBC80C2944856DC1168E62E2364
        Validity
            Not Before: Oct 11 09:59:30 2024 GMT
            Not After : Oct 10 10:04:30 2025 GMT
        Subject: CN=6862898BA82C2FEAF3B4E892DC64CCFF699F7F6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:cc:c7:ff:b8:d7:f4:62:0a:01:65:1d:74:1e:
                    ef:d6:94:04:55:95:53:f1:88:a3:f7:de:da:08:1c:
                    1c:23:a6:ea:d9:4f:a6:56:17:1c:81:46:30:48:ce:
                    fb:da:5f:8f:93:0a:77:99:ec:71:b6:cc:f3:ef:19:
                    38:59:23:25:38:09:a7:4d:f8:55:4e:ba:42:50:0d:
                    63:52:0c:e6:73:06:c8:0d:3f:10:3d:e4:0b:23:5c:
                    8c:35:0c:b2:48:9c:d4:52:5c:bb:27:e7:4c:c7:16:
                    75:ce:b6:68:c1:90:7e:20:a8:ff:4e:39:97:a2:00:
                    ab:6c:2a:2e:77:40:01:51:1f:4a:da:f4:ab:c0:2a:
                    09:79:60:80:2c:2f:f5:e7:8e:b9:57:77:84:5c:63:
                    19:cf:d3:7b:5c:e3:f1:2f:d3:c0:f4:fd:b7:b8:35:
                    d8:45:e6:63:58:6c:7b:80:8f:d9:0d:9e:aa:b6:c5:
                    9a:18:e5:a1:f4:95:1b:58:26:b3:55:8b:a5:03:f0:
                    a7:23:89:71:e0:05:9a:ca:10:ef:d5:be:a1:2f:7c:
                    94:54:44:a5:1d:f2:6a:d9:f0:c1:ae:ad:e2:40:67:
                    43:4b:6f:ea:6e:55:62:ca:39:d5:9a:93:7f:54:12:
                    c9:4f:87:1c:a4:dc:f3:8b:43:17:2e:27:9c:58:3a:
                    83:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:62:89:8B:A8:2C:2F:EA:F3:B4:E8:92:DC:64:CC:FF:69:9F:7F:6D
            X509v3 Authority Key Identifier:
                keyid:A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/5/326131333a633030373a383430303a3a2f34302d3438203d3e20323135383535.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:8400::/40

    Signature Algorithm: sha256WithRSAEncryption
         28:a8:a5:f7:1d:8d:2b:34:31:12:a8:50:e2:59:42:88:96:d0:
         1e:64:b3:f1:19:03:f3:ea:d8:46:18:55:01:53:78:65:3e:cd:
         9b:3a:76:2b:83:90:c5:c8:65:a6:1b:cc:ed:62:8b:78:66:aa:
         c6:a4:cc:8b:4e:14:03:b5:6e:5b:bb:31:cc:0f:5c:c3:95:b6:
         f8:e8:3f:06:d3:b7:6a:8e:32:63:f1:2d:42:56:ad:b0:56:a1:
         1d:1a:95:53:c7:e8:fd:01:a3:a3:93:90:11:24:cb:c6:65:e6:
         77:3d:6f:20:23:ee:34:a0:7f:89:34:2a:91:38:56:1d:0b:e0:
         d9:f7:e5:d7:1d:bd:d7:26:fb:ce:d5:12:f7:5c:50:41:f0:2f:
         41:30:83:39:12:69:b0:90:39:94:a7:a2:55:b4:5b:02:fe:34:
         7c:20:83:3f:58:a8:9c:17:cc:09:3f:c9:c7:16:12:b7:27:59:
         10:d5:bd:94:1a:11:d0:36:46:df:5d:54:8f:0b:d6:ae:ed:71:
         57:fb:fb:3d:77:fb:d6:bf:c3:ec:81:8c:07:83:5d:c7:38:ee:
         0a:33:3f:50:74:82:fa:67:33:43:39:30:85:03:78:94:50:3e:
         e3:80:16:3b:d7:d3:62:0f:f8:7d:49:b2:97:e3:bc:45:9c:d7:
         58:09:c6:7b
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUf6OL/17mBzrPZjiYIVWrWHps0lowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhF
NjJFMjM2NDAeFw0yNDEwMTEwOTU5MzBaFw0yNTEwMTAxMDA0MzBaMDMxMTAvBgNV
BAMTKDY4NjI4OThCQTgyQzJGRUFGM0I0RTg5MkRDNjRDQ0ZGNjk5RjdGNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdzMf/uNf0YgoBZR10Hu/WlARV
lVPxiKP33toIHBwjpurZT6ZWFxyBRjBIzvvaX4+TCneZ7HG2zPPvGThZIyU4CadN
+FVOukJQDWNSDOZzBsgNPxA95AsjXIw1DLJInNRSXLsn50zHFnXOtmjBkH4gqP9O
OZeiAKtsKi53QAFRH0ra9KvAKgl5YIAsL/XnjrlXd4RcYxnP03tc4/Ev08D0/be4
NdhF5mNYbHuAj9kNnqq2xZoY5aH0lRtYJrNVi6UD8KcjiXHgBZrKEO/VvqEvfJRU
RKUd8mrZ8MGureJAZ0NLb+puVWLKOdWak39UEslPhxyk3POLQxcuJ5xYOoNfAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUaGKJi6gsL+rztOiS3GTM/2mff20wHwYDVR0j
BBgwFoAUpbHgUDaUD7yAwpRIVtwRaOYuI2QwDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvNS9BNUIxRTA1
MDM2OTQwRkJDODBDMjk0NDg1NkRDMTE2OEU2MkUyMzY0LmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzEv
QTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhFNjJFMjM2NC5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzUvMzI2MTMxMzMzYTYzMzAzMDM3M2EzODM0MzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMyMzEzNTM4MzUzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoTwAeEMA0GCSqGSIb3
DQEBCwUAA4IBAQAoqKX3HY0rNDESqFDiWUKIltAeZLPxGQPz6thGGFUBU3hlPs2b
OnYrg5DFyGWmG8ztYot4ZqrGpMyLThQDtW5buzHMD1zDlbb46D8G07dqjjJj8S1C
Vq2wVqEdGpVTx+j9AaOjk5ARJMvGZeZ3PW8gI+40oH+JNCqROFYdC+DZ9+XXHb3X
JvvO1RL3XFBB8C9BMIM5EmmwkDmUp6JVtFsC/jR8IIM/WKicF8wJP8nHFhK3J1kQ
1b2UGhHQNkbfXVSPC9au7XFX+/s9d/vWv8PsgYwHg13HOO4KMz9QdIL6ZzNDOTCF
A3iUUD7jgBY719NiD/h9SbKX47xFnNdYCcZ7
-----END CERTIFICATE-----