Route Origin Authorization

$ rpki-client -vvf repo.kagl.me/rpki/KeatonAGLair-TEST/1/326131323a646434373a383630373a3a2f34382d3438203d3e203530353535.roa
File:                     326131323a646434373a383630373a3a2f34382d3438203d3e203530353535.roa (raw, json)
Hash identifier:          Rd+dhCr5rYQwNoo+Nfmrr7x2WYwry9aUIha3WakJOtM=
Subject key identifier:   B5:54:70:BC:AA:DB:69:82:F4:CD:7F:EF:50:D2:2D:55:98:04:7C:83
Certificate issuer:       /CN=02876C11924CBDA01BE1AD39A3206CFACDCC58A3
Certificate serial:       0A5486AE0182DF06F668C7D302768FD5639B0BFC
Authority key identifier: 02:87:6C:11:92:4C:BD:A0:1B:E1:AD:39:A3:20:6C:FA:CD:CC:58:A3
Authority info access:    rsync://rpki.co/repo/AS945/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.cer
Subject info access:      rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/326131323a646434373a383630373a3a2f34382d3438203d3e203530353535.roa
Signing time:             Mon 11 Mar 2024 07:12:19 +0000
ROA not before:           Mon 11 Mar 2024 07:07:19 +0000
ROA not after:            Mon 10 Mar 2025 07:12:19 +0000
asID:                     50555
IP address blocks:        2a12:dd47:8607::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.crl
                          rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.mft
                          rsync://rpki.co/repo/AS945/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.cer
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 16:50:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:54:86:ae:01:82:df:06:f6:68:c7:d3:02:76:8f:d5:63:9b:0b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02876C11924CBDA01BE1AD39A3206CFACDCC58A3
        Validity
            Not Before: Mar 11 07:07:19 2024 GMT
            Not After : Mar 10 07:12:19 2025 GMT
        Subject: CN=B55470BCAADB6982F4CD7FEF50D22D5598047C83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:76:a0:c8:5b:37:16:13:3c:df:81:97:b2:80:
                    d7:e5:a5:19:44:21:10:d7:f0:cd:b3:1e:0d:e9:9c:
                    06:2d:7e:b3:37:07:d8:1e:a5:1f:8d:49:93:6a:fc:
                    51:a9:d0:02:e4:20:0d:55:22:ac:79:5a:21:9b:9c:
                    1e:56:90:21:0b:93:a4:36:30:b1:f1:c3:4a:21:45:
                    04:9b:21:e2:b7:58:3b:e7:ca:20:97:9d:3b:ed:3f:
                    62:00:57:41:8a:17:a1:8a:53:a5:b8:1b:48:f5:43:
                    e0:49:83:7b:de:11:c1:0a:dd:06:cb:17:f8:09:3e:
                    93:42:a8:32:c7:be:6d:6f:43:d6:bf:51:fb:df:0e:
                    51:f1:e0:cb:cc:9f:c4:5b:69:75:e2:11:c8:ba:48:
                    f8:a4:19:bf:c2:ed:c3:fa:3e:17:1d:47:89:50:75:
                    b9:0b:5b:d4:9d:db:2f:ba:84:b8:ab:8e:6c:73:3b:
                    6b:03:5c:44:de:41:ce:5a:43:02:4a:82:2a:a9:ee:
                    a9:11:7e:55:8b:a8:88:fd:92:eb:43:27:c6:8c:d5:
                    a9:59:6a:85:7a:5f:87:67:1c:7f:f9:5a:a7:4b:08:
                    cf:c5:64:69:c5:20:a1:0f:84:cb:45:49:e8:f9:71:
                    68:6a:84:9f:64:3f:f7:2d:48:72:8b:03:82:69:42:
                    91:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:54:70:BC:AA:DB:69:82:F4:CD:7F:EF:50:D2:2D:55:98:04:7C:83
            X509v3 Authority Key Identifier:
                keyid:02:87:6C:11:92:4C:BD:A0:1B:E1:AD:39:A3:20:6C:FA:CD:CC:58:A3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.co/repo/AS945/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/326131323a646434373a383630373a3a2f34382d3438203d3e203530353535.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8607::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:d4:3f:75:e3:50:c9:bc:1f:fa:78:78:90:e8:5c:ba:03:db:
         d7:75:0a:24:3c:77:fe:4e:80:75:99:d7:cf:30:b1:cb:55:9a:
         69:58:f2:0f:8f:d1:2c:4f:53:8f:95:63:85:10:28:00:17:b6:
         75:c5:ed:7c:df:df:29:68:5a:6a:a4:98:f1:15:a5:b2:62:d5:
         6c:e0:4c:3b:a1:56:ab:0e:3a:43:01:f8:8e:38:d7:ef:11:27:
         1a:56:80:72:fc:21:17:aa:0a:cb:08:91:2f:7d:6f:62:6d:02:
         5e:3b:1d:56:7a:0a:4f:76:b7:8e:b3:d2:2c:ce:0e:d7:f2:ca:
         80:6e:0e:02:ea:63:ba:a7:df:dd:46:b7:f1:e9:f6:a7:bb:f8:
         bf:ba:9b:af:bb:da:39:b6:fc:95:27:ca:b4:79:66:ac:1b:f7:
         f2:eb:08:49:9d:80:49:0a:25:55:b0:bb:65:bb:1c:79:3f:7d:
         3b:d0:18:c7:18:63:7b:d5:ab:2f:b6:c6:53:ba:9c:71:2e:69:
         86:fc:18:ee:f3:7f:a6:f7:5b:4f:6d:84:a0:95:05:c5:9c:65:
         4c:7e:7c:8a:d7:07:62:61:84:e7:7f:72:5e:14:dd:3d:7c:88:
         cb:30:b0:14:2a:79:73:cc:66:ec:00:86:fe:c6:74:40:c4:bf:
         03:44:2e:71
-----BEGIN CERTIFICATE-----
MIIE7DCCA9SgAwIBAgIUClSGrgGC3wb2aMfTAnaP1WObC/wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDI4NzZDMTE5MjRDQkRBMDFCRTFBRDM5QTMyMDZDRkFD
RENDNThBMzAeFw0yNDAzMTEwNzA3MTlaFw0yNTAzMTAwNzEyMTlaMDMxMTAvBgNV
BAMTKEI1NTQ3MEJDQUFEQjY5ODJGNENEN0ZFRjUwRDIyRDU1OTgwNDdDODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChdqDIWzcWEzzfgZeygNflpRlE
IRDX8M2zHg3pnAYtfrM3B9gepR+NSZNq/FGp0ALkIA1VIqx5WiGbnB5WkCELk6Q2
MLHxw0ohRQSbIeK3WDvnyiCXnTvtP2IAV0GKF6GKU6W4G0j1Q+BJg3veEcEK3QbL
F/gJPpNCqDLHvm1vQ9a/UfvfDlHx4MvMn8RbaXXiEci6SPikGb/C7cP6PhcdR4lQ
dbkLW9Sd2y+6hLirjmxzO2sDXETeQc5aQwJKgiqp7qkRflWLqIj9kutDJ8aM1alZ
aoV6X4dnHH/5WqdLCM/FZGnFIKEPhMtFSej5cWhqhJ9kP/ctSHKLA4JpQpEvAgMB
AAGjggH2MIIB8jAdBgNVHQ4EFgQUtVRwvKrbaYL0zX/vUNItVZgEfIMwHwYDVR0j
BBgwFoAUAodsEZJMvaAb4a05oyBs+s3MWKMwDgYDVR0PAQH/BAQDAgeAMGsGA1Ud
HwRkMGIwYKBeoFyGWnJzeW5jOi8vcmVwby5rYWdsLm1lL3Jwa2kvS2VhdG9uQUdM
YWlyLVRFU1QvMS8wMjg3NkMxMTkyNENCREEwMUJFMUFEMzlBMzIwNkNGQUNEQ0M1
OEEzLmNybDBlBggrBgEFBQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBr
aS5jby9yZXBvL0FTOTQ1LzEvMDI4NzZDMTE5MjRDQkRBMDFCRTFBRDM5QTMyMDZD
RkFDRENDNThBMy5jZXIwgY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJz
eW5jOi8vcmVwby5rYWdsLm1lL3Jwa2kvS2VhdG9uQUdMYWlyLVRFU1QvMS8zMjYx
MzEzMjNhNjQ2NDM0MzczYTM4MzYzMDM3M2EzYTJmMzQzODJkMzQzODIwM2QzZTIw
MzUzMDM1MzUzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEF
BQcBBwEB/wQTMBEwDwQCAAIwCQMHACoS3UeGBzANBgkqhkiG9w0BAQsFAAOCAQEA
fNQ/deNQybwf+nh4kOhcugPb13UKJDx3/k6AdZnXzzCxy1WaaVjyD4/RLE9Tj5Vj
hRAoABe2dcXtfN/fKWhaaqSY8RWlsmLVbOBMO6FWqw46QwH4jjjX7xEnGlaAcvwh
F6oKywiRL31vYm0CXjsdVnoKT3a3jrPSLM4O1/LKgG4OAupjuqff3Ua38en2p7v4
v7qbr7vaObb8lSfKtHlmrBv38usISZ2ASQolVbC7ZbsceT99O9AYxxhje9WrL7bG
U7qccS5phvwY7vN/pvdbT22EoJUFxZxlTH58itcHYmGE539yXhTdPXyIyzCwFCp5
c8xm7ACG/sZ0QMS/A0QucQ==
-----END CERTIFICATE-----
Generated at Thu Mar 28 03:53:04 2024 by rpki-client on console-fra.rpki-client.org