Route Origin Authorization

$ rpki-client -vvf repo.kagl.me/rpki/KeatonAGLair-TEST/1/326131323a646434373a383630643a3a2f34382d3438203d3e203530353535.roa
File:                     326131323a646434373a383630643a3a2f34382d3438203d3e203530353535.roa (raw, json)
Hash identifier:          pSS9lyg/r63hrLK6N28zfZCmJTpAFyPUHcuhnyC7Nds=
Subject key identifier:   72:FA:64:A4:6B:FA:BC:FC:89:0F:02:74:3D:B0:24:C7:BB:A3:E8:AD
Certificate issuer:       /CN=02876C11924CBDA01BE1AD39A3206CFACDCC58A3
Certificate serial:       089A48B0252FAE4677F4F34D99E130FD0AA15C31
Authority key identifier: 02:87:6C:11:92:4C:BD:A0:1B:E1:AD:39:A3:20:6C:FA:CD:CC:58:A3
Authority info access:    rsync://rpki.co/repo/AS945/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.cer
Subject info access:      rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/326131323a646434373a383630643a3a2f34382d3438203d3e203530353535.roa
Signing time:             Mon 11 Mar 2024 07:12:35 +0000
ROA not before:           Mon 11 Mar 2024 07:07:35 +0000
ROA not after:            Mon 10 Mar 2025 07:12:35 +0000
asID:                     50555
IP address blocks:        2a12:dd47:860d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.crl
                          rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.mft
                          rsync://rpki.co/repo/AS945/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.cer
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 12:15:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:9a:48:b0:25:2f:ae:46:77:f4:f3:4d:99:e1:30:fd:0a:a1:5c:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02876C11924CBDA01BE1AD39A3206CFACDCC58A3
        Validity
            Not Before: Mar 11 07:07:35 2024 GMT
            Not After : Mar 10 07:12:35 2025 GMT
        Subject: CN=72FA64A46BFABCFC890F02743DB024C7BBA3E8AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:88:9e:e8:06:b9:24:df:c5:e4:22:36:0c:8a:
                    e8:34:78:fd:e8:7d:6f:48:3b:9d:c0:3f:bd:bb:3b:
                    df:35:9b:b6:2f:dc:4c:9e:66:e1:c2:79:4f:93:91:
                    aa:0b:7b:f9:e3:d5:fb:4f:23:9b:3f:a9:cc:9a:c9:
                    2f:d3:fb:d8:5e:8f:45:39:8c:03:28:40:4d:08:f5:
                    5a:20:de:b9:5f:96:fe:19:5a:98:3f:28:49:29:87:
                    5d:80:18:cc:9e:21:96:e5:ec:44:d4:8a:e2:d7:a2:
                    97:0c:7a:b0:1b:fa:d3:b1:53:3b:31:d8:d5:fb:76:
                    43:c4:45:d7:ce:ba:c3:18:d9:f5:58:54:fe:e3:ad:
                    64:07:e0:93:63:c1:76:ab:15:a6:3d:f1:fd:29:6c:
                    5f:00:4a:81:43:ee:ed:2e:17:25:5c:a2:74:eb:b4:
                    c0:9e:2d:c1:f1:bb:51:bc:08:f4:2b:be:c1:5f:37:
                    eb:fe:53:db:7f:c0:10:11:8e:55:41:ef:a9:fd:96:
                    ad:ee:06:22:59:9e:02:1d:6c:f2:1d:a0:e0:0d:4d:
                    c8:df:70:08:b5:68:89:57:43:a4:31:ba:f6:23:96:
                    42:79:ad:76:f9:60:8a:e4:71:1a:60:69:62:14:c5:
                    0c:a6:f4:09:bd:02:18:94:ce:e9:17:98:e5:72:3b:
                    58:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:FA:64:A4:6B:FA:BC:FC:89:0F:02:74:3D:B0:24:C7:BB:A3:E8:AD
            X509v3 Authority Key Identifier:
                keyid:02:87:6C:11:92:4C:BD:A0:1B:E1:AD:39:A3:20:6C:FA:CD:CC:58:A3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.co/repo/AS945/1/02876C11924CBDA01BE1AD39A3206CFACDCC58A3.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/1/326131323a646434373a383630643a3a2f34382d3438203d3e203530353535.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:860d::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:87:ed:70:67:6c:a5:69:54:23:52:e9:b1:e1:4f:2d:31:1e:
         ea:82:ed:79:1f:8d:2c:12:8a:21:6a:df:43:fa:85:a7:8c:d7:
         84:00:f0:a1:f8:5e:be:99:64:0f:4c:0c:fd:48:4e:60:62:3e:
         6d:5f:b1:f8:b4:89:dd:c0:a2:e2:8c:b7:2a:0e:4d:94:28:5b:
         a1:68:33:a4:e6:20:24:80:ef:22:9f:45:16:c5:3a:95:ef:f3:
         69:3d:aa:c5:47:5d:f5:a0:79:d3:51:b4:a3:17:95:74:79:ad:
         a3:38:df:7f:7c:b6:e9:52:b5:72:ab:96:ac:83:c4:ca:ac:75:
         48:bb:8c:6b:e3:a7:41:37:73:4c:a5:66:4f:90:c7:55:5b:65:
         ee:81:b1:f8:02:25:48:f8:c8:44:eb:5c:bf:9d:56:52:68:69:
         42:89:13:2f:2e:b2:ab:ec:fc:45:ac:d2:e8:b4:89:21:d4:b4:
         7e:70:ac:07:5e:fb:0b:04:cb:22:48:85:ee:bc:48:e9:5b:7a:
         51:8e:95:a8:7f:11:ac:00:69:7d:76:05:01:94:fe:17:72:dd:
         ed:00:21:2f:7d:09:a7:c9:36:29:f9:52:95:73:90:87:e4:59:
         07:c8:3b:c7:fb:a9:60:60:b3:cb:0a:fa:20:ae:e6:55:07:40:
         33:59:45:51
-----BEGIN CERTIFICATE-----
MIIE7DCCA9SgAwIBAgIUCJpIsCUvrkZ39PNNmeEw/QqhXDEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDI4NzZDMTE5MjRDQkRBMDFCRTFBRDM5QTMyMDZDRkFD
RENDNThBMzAeFw0yNDAzMTEwNzA3MzVaFw0yNTAzMTAwNzEyMzVaMDMxMTAvBgNV
BAMTKDcyRkE2NEE0NkJGQUJDRkM4OTBGMDI3NDNEQjAyNEM3QkJBM0U4QUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3iJ7oBrkk38XkIjYMiug0eP3o
fW9IO53AP727O981m7Yv3EyeZuHCeU+TkaoLe/nj1ftPI5s/qcyayS/T+9hej0U5
jAMoQE0I9Vog3rlflv4ZWpg/KEkph12AGMyeIZbl7ETUiuLXopcMerAb+tOxUzsx
2NX7dkPERdfOusMY2fVYVP7jrWQH4JNjwXarFaY98f0pbF8ASoFD7u0uFyVconTr
tMCeLcHxu1G8CPQrvsFfN+v+U9t/wBARjlVB76n9lq3uBiJZngIdbPIdoOANTcjf
cAi1aIlXQ6QxuvYjlkJ5rXb5YIrkcRpgaWIUxQym9Am9AhiUzukXmOVyO1j5AgMB
AAGjggH2MIIB8jAdBgNVHQ4EFgQUcvpkpGv6vPyJDwJ0PbAkx7uj6K0wHwYDVR0j
BBgwFoAUAodsEZJMvaAb4a05oyBs+s3MWKMwDgYDVR0PAQH/BAQDAgeAMGsGA1Ud
HwRkMGIwYKBeoFyGWnJzeW5jOi8vcmVwby5rYWdsLm1lL3Jwa2kvS2VhdG9uQUdM
YWlyLVRFU1QvMS8wMjg3NkMxMTkyNENCREEwMUJFMUFEMzlBMzIwNkNGQUNEQ0M1
OEEzLmNybDBlBggrBgEFBQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBr
aS5jby9yZXBvL0FTOTQ1LzEvMDI4NzZDMTE5MjRDQkRBMDFCRTFBRDM5QTMyMDZD
RkFDRENDNThBMy5jZXIwgY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJz
eW5jOi8vcmVwby5rYWdsLm1lL3Jwa2kvS2VhdG9uQUdMYWlyLVRFU1QvMS8zMjYx
MzEzMjNhNjQ2NDM0MzczYTM4MzYzMDY0M2EzYTJmMzQzODJkMzQzODIwM2QzZTIw
MzUzMDM1MzUzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEF
BQcBBwEB/wQTMBEwDwQCAAIwCQMHACoS3UeGDTANBgkqhkiG9w0BAQsFAAOCAQEA
NYftcGdspWlUI1LpseFPLTEe6oLteR+NLBKKIWrfQ/qFp4zXhADwofhevplkD0wM
/UhOYGI+bV+x+LSJ3cCi4oy3Kg5NlChboWgzpOYgJIDvIp9FFsU6le/zaT2qxUdd
9aB501G0oxeVdHmtozjff3y26VK1cquWrIPEyqx1SLuMa+OnQTdzTKVmT5DHVVtl
7oGx+AIlSPjIROtcv51WUmhpQokTLy6yq+z8RazS6LSJIdS0fnCsB177CwTLIkiF
7rxI6Vt6UY6VqH8RrABpfXYFAZT+F3Ld7QAhL30Jp8k2KflSlXOQh+RZB8g7x/up
YGCzywr6IK7mVQdAM1lFUQ==
-----END CERTIFICATE-----
Generated at Sun May 26 19:08:42 2024 by rpki-client on console-ams.rpki-client.org