Route Origin Authorization

$ rpki-client -vvf repo.kagl.me/rpki/KeatonAGLair-TEST/1/326131323a646434373a383630303a3a2f34342d3434203d3e203530353535.roa
File:                     326131323a646434373a383630303a3a2f34342d3434203d3e203530353535.roa (raw, json)
Hash identifier:          Y30p0MzCB2JiuAvDBKLSZwu+ZD8hbij5EEaa/uw9slo=
Subject key identifier:   E1:C9:CD:34:8F:C0:E3:24:1C:79:7C:DC:FD:AA:B3:14:0C:24:0D:C2
Certificate issuer:       /CN=02876C11924CBDA01BE1AD39A3206CFACDCC58A3
Certificate serial:       10698B75E3E98B924CA6B7B5E8B6490D2363C7B7
Authority key identifier: 02:87:6C:11:92:4C:BD:A0:1B:E1:AD:39:A3:20:6C:FA:CD:CC:58:A3
Authority info access:    rsync://rpki.co/repo/AS945/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.cer
Subject info access:      rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/326131323a646434373a383630303a3a2f34342d3434203d3e203530353535.roa
Signing time:             Mon 11 Mar 2024 07:12:32 +0000
ROA not before:           Mon 11 Mar 2024 07:07:32 +0000
ROA not after:            Mon 10 Mar 2025 07:12:32 +0000
asID:                     50555
IP address blocks:        2a12:dd47:8600::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.crl
                          rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.mft
                          rsync://rpki.co/repo/AS945/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.cer
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 12:15:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:69:8b:75:e3:e9:8b:92:4c:a6:b7:b5:e8:b6:49:0d:23:63:c7:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02876C11924CBDA01BE1AD39A3206CFACDCC58A3
        Validity
            Not Before: Mar 11 07:07:32 2024 GMT
            Not After : Mar 10 07:12:32 2025 GMT
        Subject: CN=E1C9CD348FC0E3241C797CDCFDAAB3140C240DC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:46:2f:72:ed:dd:f8:fd:51:f8:f5:4d:97:7b:
                    2b:0d:7f:0b:20:5e:77:7e:0f:64:2e:af:52:0a:2e:
                    64:c6:ce:2f:bd:50:9c:ad:e9:18:fb:08:82:76:26:
                    4e:14:88:92:01:c1:f1:2f:e4:c8:dc:74:77:1d:a9:
                    67:55:0b:fe:c7:af:76:1d:93:35:d3:76:97:c6:e3:
                    d0:d7:b6:37:fd:74:dd:d9:34:8d:1e:36:45:90:cd:
                    ed:a9:4b:63:16:fc:1a:83:91:f6:b3:29:48:13:ca:
                    ee:13:f6:77:b5:45:0a:ee:49:0b:ab:87:bb:97:5d:
                    6a:58:b2:63:94:78:c0:90:de:82:cd:19:03:ca:5c:
                    05:c5:48:48:00:51:3b:19:91:fd:3b:9b:af:a6:c7:
                    ca:3f:60:42:dc:68:a9:f1:2d:5e:79:c9:32:72:14:
                    06:0c:7f:9f:2d:67:dd:d5:eb:d8:75:bd:66:21:10:
                    9f:af:a2:c2:49:de:b0:6f:56:61:97:25:3b:31:a4:
                    85:0a:1d:95:90:d1:21:c6:af:8b:a3:49:af:98:aa:
                    51:96:e5:d3:bb:41:53:52:86:8c:c5:03:9a:58:88:
                    d8:f6:cf:6f:5e:d0:8d:56:dc:6e:c3:24:62:f0:6f:
                    14:11:43:2c:bf:26:68:cf:ae:41:2e:5b:09:84:ae:
                    a5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:C9:CD:34:8F:C0:E3:24:1C:79:7C:DC:FD:AA:B3:14:0C:24:0D:C2
            X509v3 Authority Key Identifier:
                keyid:02:87:6C:11:92:4C:BD:A0:1B:E1:AD:39:A3:20:6C:FA:CD:CC:58:A3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.co/repo/AS945/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/326131323a646434373a383630303a3a2f34342d3434203d3e203530353535.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8600::/44

    Signature Algorithm: sha256WithRSAEncryption
         a5:ba:5e:a1:17:45:44:4d:be:af:af:52:3b:73:d4:64:46:85:
         1c:5c:8b:e6:a1:6f:16:f1:9e:f5:6b:7a:a7:cd:75:98:a6:92:
         92:81:a2:a7:36:48:37:a1:fe:09:0f:c6:fe:6a:28:b8:77:9b:
         82:4e:8f:f6:bb:3c:4a:f9:85:9f:0c:c0:b2:5f:5f:c6:a5:69:
         c5:90:59:6d:c3:07:ee:d4:03:b3:9d:7e:ed:1c:48:6d:00:03:
         6e:ad:a4:84:a0:2d:24:14:8a:a4:d0:6c:5a:ff:b0:34:dc:89:
         6a:85:b3:d8:6f:ba:ed:59:77:15:ed:6e:98:7d:22:0d:79:e8:
         61:2d:8c:6e:f7:ae:38:81:6e:d7:d6:69:65:3e:7a:4c:0b:a3:
         0a:8a:44:ac:03:49:44:ec:d6:75:41:d4:f1:23:f9:a5:a3:20:
         5a:06:a2:0b:8b:19:2f:b8:5f:a2:f3:1f:07:44:a8:cd:cc:63:
         1c:9f:8e:91:79:3b:11:51:7f:0d:b6:a8:fe:29:ac:64:04:c7:
         61:2b:18:54:46:c8:e2:4e:7d:b6:f8:a2:10:52:bc:0b:69:e9:
         4f:91:1d:81:bd:6b:1a:a8:dc:76:02:ae:1b:7f:cc:bb:64:30:
         47:5a:73:7c:36:ee:4d:48:fe:fc:79:c3:03:f8:46:ad:cd:ae:
         e7:6d:0f:6d
-----BEGIN CERTIFICATE-----
MIIE7DCCA9SgAwIBAgIUEGmLdePpi5JMpre16LZJDSNjx7cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDI4NzZDMTE5MjRDQkRBMDFCRTFBRDM5QTMyMDZDRkFD
RENDNThBMzAeFw0yNDAzMTEwNzA3MzJaFw0yNTAzMTAwNzEyMzJaMDMxMTAvBgNV
BAMTKEUxQzlDRDM0OEZDMEUzMjQxQzc5N0NEQ0ZEQUFCMzE0MEMyNDBEQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLRi9y7d34/VH49U2XeysNfwsg
Xnd+D2Qur1IKLmTGzi+9UJyt6Rj7CIJ2Jk4UiJIBwfEv5MjcdHcdqWdVC/7Hr3Yd
kzXTdpfG49DXtjf9dN3ZNI0eNkWQze2pS2MW/BqDkfazKUgTyu4T9ne1RQruSQur
h7uXXWpYsmOUeMCQ3oLNGQPKXAXFSEgAUTsZkf07m6+mx8o/YELcaKnxLV55yTJy
FAYMf58tZ93V69h1vWYhEJ+vosJJ3rBvVmGXJTsxpIUKHZWQ0SHGr4ujSa+YqlGW
5dO7QVNShozFA5pYiNj2z29e0I1W3G7DJGLwbxQRQyy/JmjPrkEuWwmErqWhAgMB
AAGjggH2MIIB8jAdBgNVHQ4EFgQU4cnNNI/A4yQceXzc/aqzFAwkDcIwHwYDVR0j
BBgwFoAUAodsEZJMvaAb4a05oyBs+s3MWKMwDgYDVR0PAQH/BAQDAgeAMGsGA1Ud
HwRkMGIwYKBeoFyGWnJzeW5jOi8vcmVwby5rYWdsLm1lL3Jwa2kvS2VhdG9uQUdM
YWlyLVRFU1QvMS8wMjg3NkMxMTkyNENCREEwMUJFMUFEMzlBMzIwNkNGQUNEQ0M1
OEEzLmNybDBlBggrBgEFBQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBr
aS5jby9yZXBvL0FTOTQ1LzEvMDI4NzZDMTE5MjRDQkRBMDFCRTFBRDM5QTMyMDZD
RkFDRENDNThBMy5jZXIwgY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJz
eW5jOi8vcmVwby5rYWdsLm1lL3Jwa2kvS2VhdG9uQUdMYWlyLVRFU1QvMS8zMjYx
MzEzMjNhNjQ2NDM0MzczYTM4MzYzMDMwM2EzYTJmMzQzNDJkMzQzNDIwM2QzZTIw
MzUzMDM1MzUzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEF
BQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeGADANBgkqhkiG9w0BAQsFAAOCAQEA
pbpeoRdFRE2+r69SO3PUZEaFHFyL5qFvFvGe9Wt6p811mKaSkoGipzZIN6H+CQ/G
/moouHebgk6P9rs8SvmFnwzAsl9fxqVpxZBZbcMH7tQDs51+7RxIbQADbq2khKAt
JBSKpNBsWv+wNNyJaoWz2G+67Vl3Fe1umH0iDXnoYS2MbveuOIFu19ZpZT56TAuj
CopErANJROzWdUHU8SP5paMgWgaiC4sZL7hfovMfB0SozcxjHJ+OkXk7EVF/Dbao
/imsZATHYSsYVEbI4k59tviiEFK8C2npT5Edgb1rGqjcdgKuG3/Mu2QwR1pzfDbu
TUj+/HnDA/hGrc2u520PbQ==
-----END CERTIFICATE-----
Generated at Sun May 26 19:08:42 2024 by rpki-client on console-ams.rpki-client.org