Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/August/1/323030313a3766383a323a3a2f34382d3438203d3e20393435.roa
File:                     323030313a3766383a323a3a2f34382d3438203d3e20393435.roa (raw, json)
Hash identifier:          pQVzXz+x4w7J/85NbAGdG92s9gYeAY/Hgf0DVGD2GE4=
Subject key identifier:   38:A2:2C:6C:9E:7A:FB:7F:BB:FD:B8:9D:F9:EB:E0:96:84:B0:7F:75
Certificate issuer:       /CN=442c354a483a8b70d839d3f798cd870684f02186
Certificate serial:       6755F7F9DE3EB75F9065C040D5F0E6BA211D95C3
Authority key identifier: 44:2C:35:4A:48:3A:8B:70:D8:39:D3:F7:98:CD:87:06:84:F0:21:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
Subject info access:      rsync://dev.tw/rpki/August/1/323030313a3766383a323a3a2f34382d3438203d3e20393435.roa
Signing time:             Thu 25 Apr 2024 22:55:47 +0000
ROA not before:           Thu 25 Apr 2024 22:50:47 +0000
ROA not after:            Thu 24 Apr 2025 22:55:47 +0000
asID:                     945
IP address blocks:        2001:7f8:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:55:f7:f9:de:3e:b7:5f:90:65:c0:40:d5:f0:e6:ba:21:1d:95:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=442c354a483a8b70d839d3f798cd870684f02186
        Validity
            Not Before: Apr 25 22:50:47 2024 GMT
            Not After : Apr 24 22:55:47 2025 GMT
        Subject: CN=38A22C6C9E7AFB7FBBFDB89DF9EBE09684B07F75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:87:a4:5a:e8:e9:4d:83:06:b7:f6:cd:c3:c3:
                    ab:a0:da:66:c3:5e:9e:26:14:60:7b:d6:4b:1c:05:
                    51:c2:bd:eb:34:2f:e6:57:ac:24:1b:0f:21:20:5f:
                    59:aa:6c:36:12:7e:ca:43:91:47:7b:ac:40:36:64:
                    c3:4a:0e:b5:d3:4b:3e:9d:72:94:b2:3a:e0:bf:1a:
                    18:5b:47:48:5a:13:14:16:00:68:84:52:1d:c1:75:
                    25:98:95:c8:22:f8:59:6c:2e:9a:57:0f:be:96:c4:
                    08:c6:1e:96:34:90:86:73:4c:89:5c:49:57:9f:31:
                    bd:46:67:46:a7:94:17:c5:97:6d:00:99:43:22:6a:
                    93:c4:2f:b3:10:75:7c:bc:97:dd:79:a9:6a:2c:36:
                    c9:07:fc:18:07:57:8a:ba:ac:95:fc:0b:52:6c:56:
                    92:5e:c0:3e:18:0b:7c:a4:4e:1e:8b:e6:78:07:50:
                    92:17:64:90:4c:68:9b:10:ae:a2:94:17:eb:38:ca:
                    45:3d:e6:4d:1f:c8:66:7e:f8:83:a8:ee:fd:21:2c:
                    b3:57:56:5d:7f:45:0d:3e:ef:01:6c:67:b1:d1:64:
                    ce:88:85:0c:90:1c:f2:09:78:78:39:37:27:04:19:
                    6f:ea:ac:d4:c0:f8:d1:10:cb:15:d5:f5:6a:8e:8e:
                    98:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:A2:2C:6C:9E:7A:FB:7F:BB:FD:B8:9D:F9:EB:E0:96:84:B0:7F:75
            X509v3 Authority Key Identifier:
                keyid:44:2C:35:4A:48:3A:8B:70:D8:39:D3:F7:98:CD:87:06:84:F0:21:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/August/1/323030313a3766383a323a3a2f34382d3438203d3e20393435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         c9:ce:3d:b0:1d:f1:30:d5:ce:5d:70:71:69:b9:91:b9:a2:a3:
         af:1f:6a:f4:31:bb:04:bc:7a:b7:e9:65:ee:a7:71:3f:13:bb:
         ee:48:9c:1a:6f:d2:24:46:1c:13:52:e0:18:0f:03:e7:42:8c:
         a6:ea:ec:4d:bd:3d:02:0b:03:62:e9:be:c9:10:a5:c6:32:63:
         2d:be:29:f9:80:f0:38:6f:07:85:bc:9f:80:fc:79:d4:d2:ac:
         b6:9b:0d:8f:87:08:c1:0d:b3:bd:86:53:cd:a0:ad:a3:12:92:
         92:6a:c6:a7:9a:9a:d6:71:10:96:6b:65:0d:96:3b:92:94:7d:
         fb:12:fa:c1:cf:13:b4:14:35:8d:8d:d7:66:da:09:02:ff:26:
         1b:a5:bd:f5:45:b1:17:14:8d:e8:a3:eb:45:eb:e5:14:02:5e:
         e9:26:6f:5e:e2:ee:d6:b1:f1:01:3e:ba:d9:92:4a:02:e3:76:
         2c:ad:8f:cf:c9:8a:5a:57:5b:3e:f0:0a:75:c9:2c:5b:90:7b:
         42:64:6c:5e:59:75:51:56:6f:a4:df:bb:f1:e2:66:d6:a9:99:
         46:da:75:70:a1:53:72:5e:83:7a:19:7e:0d:a7:1e:ae:61:a1:
         23:d0:c3:0a:4d:70:f6:04:d6:cc:2d:9c:dd:eb:66:4c:ab:93:
         58:19:a7:77
-----BEGIN CERTIFICATE-----
MIIEuzCCA6OgAwIBAgIUZ1X3+d4+t1+QZcBA1fDmuiEdlcMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDQyYzM1NGE0ODNhOGI3MGQ4MzlkM2Y3OThjZDg3MDY4
NGYwMjE4NjAeFw0yNDA0MjUyMjUwNDdaFw0yNTA0MjQyMjU1NDdaMDMxMTAvBgNV
BAMTKDM4QTIyQzZDOUU3QUZCN0ZCQkZEQjg5REY5RUJFMDk2ODRCMDdGNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClh6Ra6OlNgwa39s3Dw6ug2mbD
Xp4mFGB71kscBVHCves0L+ZXrCQbDyEgX1mqbDYSfspDkUd7rEA2ZMNKDrXTSz6d
cpSyOuC/GhhbR0haExQWAGiEUh3BdSWYlcgi+FlsLppXD76WxAjGHpY0kIZzTIlc
SVefMb1GZ0anlBfFl20AmUMiapPEL7MQdXy8l915qWosNskH/BgHV4q6rJX8C1Js
VpJewD4YC3ykTh6L5ngHUJIXZJBMaJsQrqKUF+s4ykU95k0fyGZ++IOo7v0hLLNX
Vl1/RQ0+7wFsZ7HRZM6IhQyQHPIJeHg5NycEGW/qrNTA+NEQyxXV9WqOjpg1AgMB
AAGjggHFMIIBwTAdBgNVHQ4EFgQUOKIsbJ56+3+7/bid+evgloSwf3UwHwYDVR0j
BBgwFoAURCw1Skg6i3DYOdP3mM2HBoTwIYYwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzEvNDQyQzM1
NEE0ODNBOEI3MEQ4MzlEM0Y3OThDRDg3MDY4NEYwMjE4Ni5jcmwwZAYIKwYBBQUH
AQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxUL1JDdzFTa2c2aTNEWU9kUDNtTTJIQm9Ud0lZWS5jZXIwbwYI
KwYBBQUHAQsEYzBhMF8GCCsGAQUFBzALhlNyc3luYzovL2Rldi50dy9ycGtpL0F1
Z3VzdC8xLzMyMzAzMDMxM2EzNzY2MzgzYTMyM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzkzNDM1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEH+AACMA0GCSqGSIb3DQEBCwUAA4IBAQDJ
zj2wHfEw1c5dcHFpuZG5oqOvH2r0MbsEvHq36WXup3E/E7vuSJwab9IkRhwTUuAY
DwPnQoym6uxNvT0CCwNi6b7JEKXGMmMtvin5gPA4bweFvJ+A/HnU0qy2mw2PhwjB
DbO9hlPNoK2jEpKSasanmprWcRCWa2UNljuSlH37EvrBzxO0FDWNjddm2gkC/yYb
pb31RbEXFI3oo+tF6+UUAl7pJm9e4u7WsfEBPrrZkkoC43YsrY/PyYpaV1s+8Ap1
ySxbkHtCZGxeWXVRVm+k37vx4mbWqZlG2nVwoVNyXoN6GX4Npx6uYaEj0MMKTXD2
BNbMLZzd62ZMq5NYGad3
-----END CERTIFICATE-----