Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/3139342e3131362e3232372e302f32342d3234203d3e20313937353337.roa
File:                     3139342e3131362e3232372e302f32342d3234203d3e20313937353337.roa (raw, json)
Hash identifier:          FxihkUiJ4R8huQ88/svk5HoAnBCy/dIUjhTxbyRpuoQ=
Subject key identifier:   88:6B:96:72:DC:11:0F:19:13:17:7A:1D:F9:37:7E:11:AF:A1:05:47
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       4D1E813D9390455A8080D7B17E881AA766396961
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/3139342e3131362e3232372e302f32342d3234203d3e20313937353337.roa
Signing time:             Wed 17 Apr 2024 08:40:07 +0000
ROA not before:           Wed 17 Apr 2024 08:35:07 +0000
ROA not after:            Wed 16 Apr 2025 08:40:07 +0000
asID:                     197537
IP address blocks:        194.116.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:1e:81:3d:93:90:45:5a:80:80:d7:b1:7e:88:1a:a7:66:39:69:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Apr 17 08:35:07 2024 GMT
            Not After : Apr 16 08:40:07 2025 GMT
        Subject: CN=886B9672DC110F1913177A1DF9377E11AFA10547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:86:12:b5:01:e7:7d:9a:f6:e5:e4:69:c6:b2:
                    36:b3:62:40:e2:1f:58:f0:4f:c5:bc:d5:99:2d:bd:
                    d1:fe:5a:c3:48:3b:3f:8d:33:e3:f4:94:57:06:76:
                    ad:ec:aa:1d:9d:9e:f2:0a:ef:b8:d0:d6:17:64:b4:
                    be:08:1d:3e:f2:bb:e7:2d:9f:b3:39:a9:5b:53:e0:
                    61:c9:c9:12:83:f8:bf:30:a3:98:c4:88:3c:4a:06:
                    19:86:e6:7f:eb:03:30:1c:4c:11:0e:b4:19:f0:af:
                    58:d7:88:b4:9f:fa:8d:f0:ea:40:77:f8:30:2a:c0:
                    6a:73:ac:7e:e5:d4:a8:e0:ef:73:a6:f5:35:7c:30:
                    24:23:d5:5e:2f:09:cd:5e:a2:dc:b8:a1:62:7b:01:
                    c8:fc:89:0e:5b:37:1a:00:28:f1:9c:68:b1:b9:59:
                    80:a3:74:56:96:d3:9b:89:d3:fa:e8:12:2d:b4:a2:
                    b7:aa:55:c5:48:84:79:98:33:c6:8a:ae:b8:85:35:
                    29:46:03:ec:6d:01:40:eb:9b:e0:84:db:af:39:9f:
                    09:fd:d3:7c:a5:0b:2c:3e:e6:85:f8:40:00:0d:6c:
                    41:81:2b:61:59:f9:ff:32:18:e6:3e:ab:b1:33:56:
                    a6:26:ac:47:d3:d9:93:b4:72:57:77:22:9b:21:d9:
                    68:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:6B:96:72:DC:11:0F:19:13:17:7A:1D:F9:37:7E:11:AF:A1:05:47
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/3139342e3131362e3232372e302f32342d3234203d3e20313937353337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:13:24:df:ad:f6:72:8f:94:c0:2e:98:db:12:d1:ca:c1:8a:
         8e:1f:66:1b:92:1a:a4:1c:b1:2d:7b:87:7c:23:49:53:11:27:
         9c:6f:d4:b2:30:c8:c0:30:05:a9:0d:bf:73:40:ef:b5:e8:b5:
         1f:96:6d:b5:62:a5:16:74:60:1a:cd:6f:50:e1:e4:a8:9e:9a:
         37:0f:95:cc:2f:46:6b:0a:f6:0a:13:80:fd:89:19:d6:c6:eb:
         c0:10:60:a5:f2:d6:36:63:1c:f6:9a:e1:26:0a:64:fb:5f:59:
         7b:08:e9:78:7a:4d:ab:90:9a:12:56:99:7c:d2:ce:48:f6:b3:
         1f:ab:65:f1:76:bd:d6:86:ba:db:9d:92:0a:38:e4:ac:eb:59:
         19:3b:fe:fc:17:ef:7d:8c:8c:45:16:9e:a0:f4:8b:84:99:74:
         e7:30:95:78:96:a0:ef:7e:99:80:2a:3a:2a:b4:28:4e:e9:ff:
         ce:05:d9:36:65:03:cd:2c:9e:10:e0:e5:94:73:58:59:ca:d7:
         e8:b2:f1:84:8e:90:63:5a:9f:c4:25:7e:26:22:ed:6b:5d:b4:
         91:f8:50:75:42:3b:d3:57:8b:27:a5:94:7d:3a:52:e0:d0:7d:
         c1:21:e5:33:d9:c4:8f:4d:4e:d0:60:eb:e0:15:b4:13:f3:0e:
         7b:3c:ba:04
-----BEGIN CERTIFICATE-----
MIIEwTCCA6mgAwIBAgIUTR6BPZOQRVqAgNexfogap2Y5aWEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yNDA0MTcwODM1MDdaFw0yNTA0MTYwODQwMDdaMDMxMTAvBgNV
BAMTKDg4NkI5NjcyREMxMTBGMTkxMzE3N0ExREY5Mzc3RTExQUZBMTA1NDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+hhK1Aed9mvbl5GnGsjazYkDi
H1jwT8W81ZktvdH+WsNIOz+NM+P0lFcGdq3sqh2dnvIK77jQ1hdktL4IHT7yu+ct
n7M5qVtT4GHJyRKD+L8wo5jEiDxKBhmG5n/rAzAcTBEOtBnwr1jXiLSf+o3w6kB3
+DAqwGpzrH7l1Kjg73Om9TV8MCQj1V4vCc1eoty4oWJ7Acj8iQ5bNxoAKPGcaLG5
WYCjdFaW05uJ0/roEi20oreqVcVIhHmYM8aKrriFNSlGA+xtAUDrm+CE2685nwn9
03ylCyw+5oX4QAANbEGBK2FZ+f8yGOY+q7EzVqYmrEfT2ZO0cld3Ipsh2WhlAgMB
AAGjggHLMIIBxzAdBgNVHQ4EFgQUiGuWctwRDxkTF3od+Td+Ea+hBUcwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMHcG
CCsGAQUFBwELBGswaTBnBggrBgEFBQcwC4ZbcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMTM5MzQyZTMxMzEzNjJlMzIzMjM3MmUzMDJmMzIzNDJkMzIzNDIw
M2QzZTIwMzEzOTM3MzUzMzM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnTjMA0GCSqGSIb3DQEBCwUA
A4IBAQC9EyTfrfZyj5TALpjbEtHKwYqOH2YbkhqkHLEte4d8I0lTESecb9SyMMjA
MAWpDb9zQO+16LUflm21YqUWdGAazW9Q4eSonpo3D5XML0ZrCvYKE4D9iRnWxuvA
EGCl8tY2Yxz2muEmCmT7X1l7COl4ek2rkJoSVpl80s5I9rMfq2Xxdr3WhrrbnZIK
OOSs61kZO/78F+99jIxFFp6g9IuEmXTnMJV4lqDvfpmAKjoqtChO6f/OBdk2ZQPN
LJ4Q4OWUc1hZytfosvGEjpBjWp/EJX4mIu1rXbSR+FB1QjvTV4snpZR9OlLg0H3B
IeUz2cSPTU7QYOvgFbQT8w57PLoE
-----END CERTIFICATE-----