Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/5/326131333a633030373a393030303a3a2f34302d3438203d3e20323135323632.roa
File:                     326131333a633030373a393030303a3a2f34302d3438203d3e20323135323632.roa (raw, json)
Hash identifier:          WUBF1QxQD7vF+9C3VFjx931IZpZV7RkRzFxuKcQbO9Q=
Subject key identifier:   94:69:50:F4:81:FA:6A:A0:64:75:40:B2:74:EB:B5:04:C7:3E:D0:10
Certificate issuer:       /CN=A5B1E05036940FBC80C2944856DC1168E62E2364
Certificate serial:       18BD7E0C612BEEF3797D73BEC0815EB518D3E5C4
Authority key identifier: A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64
Authority info access:    rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
Subject info access:      rsync://dev.tw/rpki/AS945/5/326131333a633030373a393030303a3a2f34302d3438203d3e20323135323632.roa
Signing time:             Fri 11 Oct 2024 10:04:27 +0000
ROA not before:           Fri 11 Oct 2024 09:59:27 +0000
ROA not after:            Fri 10 Oct 2025 10:04:27 +0000
asID:                     215262
IP address blocks:        2a13:c007:9000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl
                          rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.mft
                          rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:50:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:bd:7e:0c:61:2b:ee:f3:79:7d:73:be:c0:81:5e:b5:18:d3:e5:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A5B1E05036940FBC80C2944856DC1168E62E2364
        Validity
            Not Before: Oct 11 09:59:27 2024 GMT
            Not After : Oct 10 10:04:27 2025 GMT
        Subject: CN=946950F481FA6AA0647540B274EBB504C73ED010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b8:79:73:15:9a:aa:7b:51:e2:c5:8b:29:06:
                    a5:20:5e:a2:35:2b:65:5d:8b:b2:40:a3:c0:8a:1b:
                    37:6c:a7:70:89:1d:6a:a6:20:c4:af:32:17:64:14:
                    b3:cb:f1:cf:45:35:9d:9a:9a:00:0f:a8:c6:26:7f:
                    e2:d9:60:34:db:58:de:ba:fd:ab:2b:a1:44:9f:2d:
                    ac:04:18:7c:08:5d:fc:88:22:f5:3c:17:27:73:f8:
                    07:83:b9:a9:c1:80:9d:6f:d8:7f:e2:ab:fc:83:40:
                    5d:6d:f4:49:6d:4d:ac:53:b5:e7:8a:38:ef:52:48:
                    69:57:02:8e:85:85:cc:ed:fa:db:a2:69:00:33:11:
                    04:eb:04:fa:bb:e9:40:a9:10:7a:38:4f:ff:1c:56:
                    78:11:df:f0:6a:c8:d4:82:9a:c3:e9:fc:7f:ce:b9:
                    ab:00:fe:24:88:c6:4f:0e:55:ef:a6:c0:d1:a4:e1:
                    18:5d:e7:f0:90:15:89:25:59:03:99:99:f2:ed:1a:
                    43:87:76:c1:31:81:5b:59:b8:d0:94:70:75:00:8f:
                    b1:41:9e:17:d8:18:2b:f3:62:c0:83:0a:b5:24:cd:
                    f1:1a:45:db:b8:be:89:29:36:91:68:16:02:79:19:
                    ec:ca:ea:fb:fe:4f:df:a1:b2:6d:27:7c:73:c6:a4:
                    f7:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:69:50:F4:81:FA:6A:A0:64:75:40:B2:74:EB:B5:04:C7:3E:D0:10
            X509v3 Authority Key Identifier:
                keyid:A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/5/326131333a633030373a393030303a3a2f34302d3438203d3e20323135323632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8d:43:42:f5:a4:11:01:c2:73:ac:a7:12:2e:4a:6a:ab:c3:e7:
         81:d1:3a:bc:48:95:05:a0:54:ad:66:3a:3e:e1:f4:39:f8:7c:
         92:4b:ff:2b:f9:0d:14:4c:ae:f4:88:75:cc:84:5e:2e:6a:58:
         bd:57:88:7a:74:e2:54:0a:ea:b1:e5:ff:9f:61:93:db:5b:4b:
         83:40:a6:37:6c:47:3c:eb:09:b1:10:0f:d0:1e:04:41:75:58:
         4b:34:db:6f:15:fe:8f:7e:fd:b3:9e:7c:2b:6a:8f:bd:36:19:
         a5:5f:db:6f:9b:e2:68:64:ca:fd:1d:a4:b7:fb:c0:f9:00:34:
         8e:4a:82:f5:a5:b6:c4:38:32:29:21:b2:6c:7c:a2:24:34:20:
         5c:88:0a:45:ad:b5:25:75:a7:bd:d0:ef:30:19:17:9d:7b:3f:
         4b:3e:19:65:c1:77:2b:65:be:14:14:00:c7:fb:27:94:5e:3c:
         b4:8b:de:3a:89:99:2f:c6:dc:3d:b8:1b:bc:43:e7:fc:8e:dc:
         c3:13:da:33:46:c3:76:fd:1b:0f:a2:10:44:9e:8c:88:86:c3:
         cb:76:58:b5:db:e0:8d:72:78:1e:62:04:ca:6c:0b:93:68:1a:
         67:ee:d6:2c:f7:76:b3:54:11:cb:01:f2:4e:d2:2e:b6:91:b7:
         45:35:d3:11
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUGL1+DGEr7vN5fXO+wIFetRjT5cQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhF
NjJFMjM2NDAeFw0yNDEwMTEwOTU5MjdaFw0yNTEwMTAxMDA0MjdaMDMxMTAvBgNV
BAMTKDk0Njk1MEY0ODFGQTZBQTA2NDc1NDBCMjc0RUJCNTA0QzczRUQwMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3uHlzFZqqe1HixYspBqUgXqI1
K2Vdi7JAo8CKGzdsp3CJHWqmIMSvMhdkFLPL8c9FNZ2amgAPqMYmf+LZYDTbWN66
/asroUSfLawEGHwIXfyIIvU8Fydz+AeDuanBgJ1v2H/iq/yDQF1t9EltTaxTteeK
OO9SSGlXAo6Fhczt+tuiaQAzEQTrBPq76UCpEHo4T/8cVngR3/BqyNSCmsPp/H/O
uasA/iSIxk8OVe+mwNGk4Rhd5/CQFYklWQOZmfLtGkOHdsExgVtZuNCUcHUAj7FB
nhfYGCvzYsCDCrUkzfEaRdu4vokpNpFoFgJ5GezK6vv+T9+hsm0nfHPGpPdzAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUlGlQ9IH6aqBkdUCydOu1BMc+0BAwHwYDVR0j
BBgwFoAUpbHgUDaUD7yAwpRIVtwRaOYuI2QwDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvNS9BNUIxRTA1
MDM2OTQwRkJDODBDMjk0NDg1NkRDMTE2OEU2MkUyMzY0LmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzEv
QTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhFNjJFMjM2NC5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzUvMzI2MTMxMzMzYTYzMzAzMDM3M2EzOTMwMzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMyMzEzNTMyMzYzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoTwAeQMA0GCSqGSIb3
DQEBCwUAA4IBAQCNQ0L1pBEBwnOspxIuSmqrw+eB0Tq8SJUFoFStZjo+4fQ5+HyS
S/8r+Q0UTK70iHXMhF4uali9V4h6dOJUCuqx5f+fYZPbW0uDQKY3bEc86wmxEA/Q
HgRBdVhLNNtvFf6Pfv2znnwrao+9NhmlX9tvm+JoZMr9HaS3+8D5ADSOSoL1pbbE
ODIpIbJsfKIkNCBciApFrbUldae90O8wGRedez9LPhllwXcrZb4UFADH+yeUXjy0
i946iZkvxtw9uBu8Q+f8jtzDE9ozRsN2/RsPohBEnoyIhsPLdli12+CNcngeYgTK
bAuTaBpn7tYs93azVBHLAfJO0i62kbdFNdMR
-----END CERTIFICATE-----