Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/August/5/3139342e3131362e3232372e302f32342d3234203d3e20393435.roa
File:                     3139342e3131362e3232372e302f32342d3234203d3e20393435.roa (raw, json)
Hash identifier:          ByGC669kSSLUKCIz9aUzEiPXJ9Keu9dFvopvf2dPqdc=
Subject key identifier:   F8:CC:F1:C3:52:66:F0:56:E9:38:9E:0B:DE:04:8D:56:77:D0:12:EC
Certificate issuer:       /CN=9d620b45c9098506ac4bf1184bee6cdbe9d71c4c
Certificate serial:       3AEDBC25B09A6B181F09D09733BF11EB5A8A7283
Authority key identifier: 9D:62:0B:45:C9:09:85:06:AC:4B:F1:18:4B:EE:6C:DB:E9:D7:1C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
Subject info access:      rsync://dev.tw/rpki/August/5/3139342e3131362e3232372e302f32342d3234203d3e20393435.roa
Signing time:             Tue 17 Oct 2023 16:19:21 +0000
ROA not before:           Tue 17 Oct 2023 16:14:21 +0000
ROA not after:            Tue 15 Oct 2024 16:19:21 +0000
asID:                     945
IP address blocks:        194.116.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:ed:bc:25:b0:9a:6b:18:1f:09:d0:97:33:bf:11:eb:5a:8a:72:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d620b45c9098506ac4bf1184bee6cdbe9d71c4c
        Validity
            Not Before: Oct 17 16:14:21 2023 GMT
            Not After : Oct 15 16:19:21 2024 GMT
        Subject: CN=F8CCF1C35266F056E9389E0BDE048D5677D012EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:52:aa:6c:3f:dd:56:9f:fa:f3:30:a8:2a:dc:
                    d8:66:84:b0:c1:99:e3:e2:4d:14:97:92:31:9f:f0:
                    cd:c1:19:41:27:05:f6:25:fb:e6:7a:03:e7:0f:4b:
                    2e:ae:6c:75:88:40:be:06:9b:c9:34:66:16:81:a0:
                    63:41:16:be:8c:54:f4:08:08:19:e8:06:44:56:0c:
                    5d:c9:7e:94:9c:2e:97:58:27:d1:b3:e5:23:ee:ea:
                    2c:52:93:f0:aa:47:65:3f:4f:9c:79:d6:18:f9:41:
                    4b:96:40:09:38:7c:ff:2f:9b:fc:b9:2b:17:43:ac:
                    05:ce:04:10:85:4b:6c:64:45:b6:a8:67:88:2b:3e:
                    42:e0:24:44:cf:e3:c7:d1:b6:e8:c2:ff:4f:fe:b6:
                    66:ba:0e:09:2c:13:41:4c:72:34:3a:80:9e:90:41:
                    5f:b0:ec:47:48:33:bf:21:35:6a:95:33:1a:83:37:
                    bf:8d:ee:ad:01:9b:66:6e:6f:52:3f:ab:fb:7c:b8:
                    95:b9:92:d3:d2:26:c6:36:a0:bc:33:7a:51:b5:e8:
                    3c:b2:b0:d6:f1:c1:c9:d0:01:16:b0:c2:4a:f3:c6:
                    eb:f3:fc:43:88:49:11:26:ca:d2:d7:2b:58:30:d7:
                    7c:09:66:d0:00:64:51:b9:70:c2:d8:ee:ed:92:c8:
                    b6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:CC:F1:C3:52:66:F0:56:E9:38:9E:0B:DE:04:8D:56:77:D0:12:EC
            X509v3 Authority Key Identifier:
                keyid:9D:62:0B:45:C9:09:85:06:AC:4B:F1:18:4B:EE:6C:DB:E9:D7:1C:4C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/August/5/3139342e3131362e3232372e302f32342d3234203d3e20393435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:46:bc:27:c7:6f:69:1f:ee:ca:66:85:4d:2e:34:f2:51:24:
         06:5b:a1:0d:55:f2:1e:89:4c:07:9a:8b:5e:29:d2:cb:af:97:
         b4:bb:d3:55:e6:bc:c8:9d:ff:0f:49:48:3b:87:0a:c3:ca:29:
         da:ef:94:10:78:7e:94:ca:ce:90:fb:8b:2d:b3:4b:31:b2:76:
         26:f7:1f:dd:5c:43:a1:92:97:1c:16:e3:93:6d:c3:a4:2e:d8:
         de:11:98:07:1a:a4:89:df:a8:80:d5:42:64:cc:16:f3:d8:d7:
         7b:1e:f0:f1:47:35:7a:78:ba:0a:0f:80:a4:72:5e:b3:2c:5b:
         21:45:49:5f:b4:8e:20:35:38:d0:ea:a9:a3:10:de:e9:34:54:
         ce:76:11:2b:d0:2f:27:11:19:95:eb:dd:21:28:19:d6:d9:9c:
         ef:db:f1:c0:48:b1:de:bf:27:1e:de:ef:56:e1:96:14:04:8a:
         8f:46:50:8a:ca:b7:e3:f4:cf:a9:5a:df:e7:61:48:53:a1:5d:
         d9:1e:7b:dc:e9:e6:e4:42:0f:6a:dd:bd:f1:9f:b8:5c:b8:4b:
         0f:d3:ea:58:a9:ad:89:de:53:f4:d2:21:52:58:31:1b:82:50:
         da:b6:d6:b1:ff:cf:28:4c:1a:d2:5e:fe:96:30:21:cf:4a:e4:
         ff:10:81:3a
-----BEGIN CERTIFICATE-----
MIIEujCCA6KgAwIBAgIUOu28JbCaaxgfCdCXM78R61qKcoMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWQ2MjBiNDVjOTA5ODUwNmFjNGJmMTE4NGJlZTZjZGJl
OWQ3MWM0YzAeFw0yMzEwMTcxNjE0MjFaFw0yNDEwMTUxNjE5MjFaMDMxMTAvBgNV
BAMTKEY4Q0NGMUMzNTI2NkYwNTZFOTM4OUUwQkRFMDQ4RDU2NzdEMDEyRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPUqpsP91Wn/rzMKgq3NhmhLDB
mePiTRSXkjGf8M3BGUEnBfYl++Z6A+cPSy6ubHWIQL4Gm8k0ZhaBoGNBFr6MVPQI
CBnoBkRWDF3JfpScLpdYJ9Gz5SPu6ixSk/CqR2U/T5x51hj5QUuWQAk4fP8vm/y5
KxdDrAXOBBCFS2xkRbaoZ4grPkLgJETP48fRtujC/0/+tma6DgksE0FMcjQ6gJ6Q
QV+w7EdIM78hNWqVMxqDN7+N7q0Bm2Zub1I/q/t8uJW5ktPSJsY2oLwzelG16Dyy
sNbxwcnQARawwkrzxuvz/EOISREmytLXK1gw13wJZtAAZFG5cMLY7u2SyLbzAgMB
AAGjggHEMIIBwDAdBgNVHQ4EFgQU+Mzxw1Jm8FbpOJ4L3gSNVnfQEuwwHwYDVR0j
BBgwFoAUnWILRckJhQasS/EYS+5s2+nXHEwwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUvOUQ2MjBC
NDVDOTA5ODUwNkFDNEJGMTE4NEJFRTZDREJFOUQ3MUM0Qy5jcmwwZAYIKwYBBQUH
AQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxUL25XSUxSY2tKaFFhc1NfRVlTLTVzMi1uWEhFdy5jZXIwcQYI
KwYBBQUHAQsEZTBjMGEGCCsGAQUFBzALhlVyc3luYzovL2Rldi50dy9ycGtpL0F1
Z3VzdC81LzMxMzkzNDJlMzEzMTM2MmUzMjMyMzcyZTMwMmYzMjM0MmQzMjM0MjAz
ZDNlMjAzOTM0MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYB
BQUHAQcBAf8EEDAOMAwEAgABMAYDBADCdOMwDQYJKoZIhvcNAQELBQADggEBAFlG
vCfHb2kf7spmhU0uNPJRJAZboQ1V8h6JTAeai14p0suvl7S701XmvMid/w9JSDuH
CsPKKdrvlBB4fpTKzpD7iy2zSzGydib3H91cQ6GSlxwW45Ntw6Qu2N4RmAcapInf
qIDVQmTMFvPY13se8PFHNXp4ugoPgKRyXrMsWyFFSV+0jiA1ONDqqaMQ3uk0VM52
ESvQLycRGZXr3SEoGdbZnO/b8cBIsd6/Jx7e71bhlhQEio9GUIrKt+P0z6la3+dh
SFOhXdkee9zp5uRCD2rdvfGfuFy4Sw/T6liprYneU/TSIVJYMRuCUNq21rH/zyhM
GtJe/pYwIc9K5P8QgTo=
-----END CERTIFICATE-----