Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/5/326131333a633030373a383530303a3a2f34302d3438203d3e20313939313836.roa
File:                     326131333a633030373a383530303a3a2f34302d3438203d3e20313939313836.roa (raw, json)
Hash identifier:          AG1A0S/x+3BFylUnOZaEq39/wRy5RZ1KuVWt6ZFTSZ0=
Subject key identifier:   F7:27:E8:60:5C:7C:E2:67:DC:3E:1F:AE:86:C7:8F:EF:FF:E7:55:5A
Certificate issuer:       /CN=A5B1E05036940FBC80C2944856DC1168E62E2364
Certificate serial:       1B7EB403E73318222E92D79DD085E429C6F2791C
Authority key identifier: A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64
Authority info access:    rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
Subject info access:      rsync://dev.tw/rpki/AS945/5/326131333a633030373a383530303a3a2f34302d3438203d3e20313939313836.roa
Signing time:             Fri 11 Oct 2024 10:04:29 +0000
ROA not before:           Fri 11 Oct 2024 09:59:29 +0000
ROA not after:            Fri 10 Oct 2025 10:04:29 +0000
asID:                     199186
IP address blocks:        2a13:c007:8500::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl
                          rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.mft
                          rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:34:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:7e:b4:03:e7:33:18:22:2e:92:d7:9d:d0:85:e4:29:c6:f2:79:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A5B1E05036940FBC80C2944856DC1168E62E2364
        Validity
            Not Before: Oct 11 09:59:29 2024 GMT
            Not After : Oct 10 10:04:29 2025 GMT
        Subject: CN=F727E8605C7CE267DC3E1FAE86C78FEFFFE7555A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:34:80:c1:f2:07:7f:48:37:96:54:bc:dc:3a:
                    92:97:b0:96:47:7d:0c:3d:d3:49:69:c9:b1:a8:5d:
                    5e:a6:e8:88:e7:fb:e9:0c:98:c7:b1:f3:0d:21:b6:
                    49:da:92:a4:47:50:c5:aa:d8:2b:0a:cf:e2:4b:f3:
                    13:67:70:c0:73:f6:e7:0a:6e:12:d7:e6:cd:00:9f:
                    bd:d7:43:b1:8e:c4:8b:de:cc:3f:eb:c9:27:f5:25:
                    97:c8:02:94:fa:f1:c8:75:d3:f1:89:be:14:7d:53:
                    f4:81:89:2d:54:25:7c:6a:13:f3:4d:19:19:cf:a5:
                    e2:39:45:aa:e2:0b:1b:8c:21:1a:60:8e:fc:e6:f7:
                    6a:8f:35:ba:07:e6:55:de:22:64:22:86:30:04:ce:
                    a3:61:7c:a1:99:13:be:56:03:62:d1:15:da:16:66:
                    af:74:22:ed:60:eb:1c:d1:26:53:b8:e2:65:cb:52:
                    80:83:04:d4:35:1d:d9:16:77:ab:e9:f2:aa:94:bd:
                    db:ee:d4:f4:1c:8b:ae:7e:6e:7c:46:c1:e5:e7:d0:
                    d4:24:05:f4:7e:d2:87:1a:ae:0f:cb:55:07:ec:78:
                    d4:e8:f5:5b:24:08:bd:53:79:19:4f:a5:00:8c:87:
                    2e:8e:0f:02:2c:e5:30:67:03:50:19:5e:28:5b:5b:
                    2c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:27:E8:60:5C:7C:E2:67:DC:3E:1F:AE:86:C7:8F:EF:FF:E7:55:5A
            X509v3 Authority Key Identifier:
                keyid:A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/5/326131333a633030373a383530303a3a2f34302d3438203d3e20313939313836.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:8500::/40

    Signature Algorithm: sha256WithRSAEncryption
         db:1d:5f:c9:ad:f3:68:8b:32:de:d7:1d:85:7c:08:44:15:78:
         8f:08:34:10:7f:ee:50:36:8e:1a:c2:65:2a:ac:3d:84:ed:ee:
         14:af:13:ce:62:a4:ac:d3:5b:5a:e0:4c:c9:e7:df:4c:54:4d:
         7d:f8:1a:aa:4f:c0:78:22:b5:1a:3a:9a:d0:56:26:78:57:e5:
         e8:2d:3c:b2:9b:15:c8:bc:82:5f:2c:c8:68:4f:71:10:78:b6:
         bc:52:21:c2:ed:70:2f:b1:cf:ac:6d:0d:36:a5:15:ee:c5:34:
         a6:fd:01:9e:25:ef:97:cc:e4:1f:56:63:5f:2e:91:96:8e:08:
         b7:b6:62:c1:10:9e:09:d7:04:2f:7c:53:27:55:53:c7:cc:e2:
         59:85:4c:5e:48:a9:2e:fe:3f:d7:f5:21:40:62:20:d8:a4:ca:
         1a:7e:48:f4:b5:88:68:25:b0:08:04:4a:22:d2:66:f9:c2:9e:
         6e:6a:3c:9f:c5:84:16:70:2a:0f:d6:47:ca:05:ad:46:62:7e:
         52:11:64:b2:f4:13:3f:79:9f:39:f8:c8:3f:52:f1:77:76:bf:
         44:78:1c:92:a2:a5:31:a9:87:48:6d:6e:26:24:5e:5f:ff:a8:
         a1:15:a6:57:16:ed:6d:a4:1f:e8:cb:87:25:93:6e:27:8f:e6:
         f3:74:dc:55
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUG360A+czGCIukted0IXkKcbyeRwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhF
NjJFMjM2NDAeFw0yNDEwMTEwOTU5MjlaFw0yNTEwMTAxMDA0MjlaMDMxMTAvBgNV
BAMTKEY3MjdFODYwNUM3Q0UyNjdEQzNFMUZBRTg2Qzc4RkVGRkZFNzU1NUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuNIDB8gd/SDeWVLzcOpKXsJZH
fQw900lpybGoXV6m6Ijn++kMmMex8w0htknakqRHUMWq2CsKz+JL8xNncMBz9ucK
bhLX5s0An73XQ7GOxIvezD/rySf1JZfIApT68ch10/GJvhR9U/SBiS1UJXxqE/NN
GRnPpeI5RariCxuMIRpgjvzm92qPNboH5lXeImQihjAEzqNhfKGZE75WA2LRFdoW
Zq90Iu1g6xzRJlO44mXLUoCDBNQ1HdkWd6vp8qqUvdvu1PQci65+bnxGweXn0NQk
BfR+0ocarg/LVQfseNTo9VskCL1TeRlPpQCMhy6ODwIs5TBnA1AZXihbWyw1AgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQU9yfoYFx84mfcPh+uhseP7//nVVowHwYDVR0j
BBgwFoAUpbHgUDaUD7yAwpRIVtwRaOYuI2QwDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvNS9BNUIxRTA1
MDM2OTQwRkJDODBDMjk0NDg1NkRDMTE2OEU2MkUyMzY0LmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzEv
QTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhFNjJFMjM2NC5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzUvMzI2MTMxMzMzYTYzMzAzMDM3M2EzODM1MzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMxMzkzOTMxMzgzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoTwAeFMA0GCSqGSIb3
DQEBCwUAA4IBAQDbHV/JrfNoizLe1x2FfAhEFXiPCDQQf+5QNo4awmUqrD2E7e4U
rxPOYqSs01ta4EzJ599MVE19+BqqT8B4IrUaOprQViZ4V+XoLTyymxXIvIJfLMho
T3EQeLa8UiHC7XAvsc+sbQ02pRXuxTSm/QGeJe+XzOQfVmNfLpGWjgi3tmLBEJ4J
1wQvfFMnVVPHzOJZhUxeSKku/j/X9SFAYiDYpMoafkj0tYhoJbAIBEoi0mb5wp5u
ajyfxYQWcCoP1kfKBa1GYn5SEWSy9BM/eZ85+Mg/UvF3dr9EeBySoqUxqYdIbW4m
JF5f/6ihFaZXFu1tpB/oy4clk24nj+bzdNxV
-----END CERTIFICATE-----