Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/5/326131333a633030373a383031343a3a2f34382d3438203d3e20313939323636.roa
File:                     326131333a633030373a383031343a3a2f34382d3438203d3e20313939323636.roa (raw, json)
Hash identifier:          BhsDjAG5BT+s2/eUolZwh735fA5SJ/uMeze1CAQtmsU=
Subject key identifier:   55:B2:F3:59:84:5D:ED:9C:73:1C:2F:EB:9E:E9:63:4F:2D:6A:26:4B
Certificate issuer:       /CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
Certificate serial:       1BA2E63983196610CFFFDCFA253D6E55F78E04D4
Authority key identifier: AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75
Authority info access:    rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
Subject info access:      rsync://rpki.co/repo/AS945/5/326131333a633030373a383031343a3a2f34382d3438203d3e20313939323636.roa
Signing time:             Mon 11 Mar 2024 04:13:51 +0000
ROA not before:           Mon 11 Mar 2024 04:08:51 +0000
ROA not after:            Mon 10 Mar 2025 04:13:51 +0000
asID:                     199266
IP address blocks:        2a13:c007:8014::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl
                          rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.mft
                          rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 15:36:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:a2:e6:39:83:19:66:10:cf:ff:dc:fa:25:3d:6e:55:f7:8e:04:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
        Validity
            Not Before: Mar 11 04:08:51 2024 GMT
            Not After : Mar 10 04:13:51 2025 GMT
        Subject: CN=55B2F359845DED9C731C2FEB9EE9634F2D6A264B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ca:3a:0d:e5:02:eb:69:f9:0b:ed:a6:09:bd:
                    b7:9e:7f:0d:72:c6:5e:cf:59:ea:b6:8e:13:69:a5:
                    8d:db:2b:90:f2:76:38:5a:28:83:c3:42:3f:4f:07:
                    57:e5:dc:ec:73:b6:ff:cd:ad:b1:cd:f1:3e:67:8c:
                    a4:65:73:86:36:d7:04:0c:55:91:20:c4:b5:1c:cb:
                    74:3f:19:77:11:e4:df:43:b5:ae:8c:36:22:a2:38:
                    f6:8e:e1:ba:6d:ee:25:7b:f5:bd:6f:43:ff:ab:f5:
                    b1:1d:15:31:e9:92:18:d2:83:9a:9f:de:40:7d:92:
                    eb:d9:9f:bf:fc:91:e4:9c:83:2c:f3:99:47:08:e2:
                    7d:60:84:fb:5b:b0:2e:87:d7:ab:29:ea:08:39:5c:
                    14:aa:5c:83:4d:94:37:45:61:43:03:ec:8e:f2:dd:
                    b3:b9:67:5d:db:65:18:37:d4:8b:3b:48:51:42:bb:
                    5a:0f:6c:92:41:81:2c:05:4e:05:85:aa:77:01:66:
                    57:d7:16:f1:73:84:1c:e2:45:fb:13:5e:26:02:8d:
                    49:5c:59:25:e8:a8:18:37:1c:e1:3b:bf:bb:b0:6f:
                    c4:49:09:b5:ef:e9:07:cb:49:20:4b:41:ed:08:67:
                    a8:87:95:b1:9b:49:7c:6a:8a:0b:ed:58:03:36:db:
                    71:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:B2:F3:59:84:5D:ED:9C:73:1C:2F:EB:9E:E9:63:4F:2D:6A:26:4B
            X509v3 Authority Key Identifier:
                keyid:AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/5/326131333a633030373a383031343a3a2f34382d3438203d3e20313939323636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:8014::/48

    Signature Algorithm: sha256WithRSAEncryption
         c8:2c:04:18:d5:1e:bc:2d:80:a3:b7:6e:5e:52:55:ec:46:cb:
         62:94:c5:a0:5b:45:ce:11:57:17:26:c8:e1:df:11:0a:f6:ac:
         5d:20:0b:7d:2f:08:89:01:f4:92:04:af:b3:2a:6c:34:f4:b7:
         63:e3:f1:ce:89:d7:22:d8:54:79:24:c9:08:38:7e:19:bd:05:
         b4:8d:cd:ca:7b:36:41:fc:65:6a:20:16:1a:a1:3b:85:11:00:
         39:45:a7:b5:96:72:3a:67:cc:7b:66:31:79:3d:9d:ab:d7:85:
         3a:a3:8a:5c:7e:a2:2c:d7:3c:9e:6f:ee:c0:75:85:f2:24:8c:
         24:0a:16:85:db:14:2e:48:c1:8b:45:b4:4f:01:12:ba:b6:24:
         a5:ac:08:de:55:3b:30:3d:85:88:ac:de:6a:33:46:a5:64:07:
         54:60:d7:13:26:1a:9a:23:6d:fa:be:5e:f4:38:15:15:cd:f4:
         e8:0c:7a:bf:b6:e7:b7:34:55:09:00:83:8f:84:c2:40:31:e8:
         29:0b:13:2c:90:55:87:62:45:c9:03:81:7a:1f:52:87:4b:d2:
         d1:ca:2a:34:f8:e9:d7:31:68:1d:59:f5:3f:ed:31:45:6b:9e:
         82:e4:45:a5:bd:fd:b8:86:44:5a:44:cb:19:3c:8e:eb:48:45:
         ef:ec:23:a8
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUG6LmOYMZZhDP/9z6JT1uVfeOBNQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUQ0QTIyNEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMw
M0M5Qzg3NTAeFw0yNDAzMTEwNDA4NTFaFw0yNTAzMTAwNDEzNTFaMDMxMTAvBgNV
BAMTKDU1QjJGMzU5ODQ1REVEOUM3MzFDMkZFQjlFRTk2MzRGMkQ2QTI2NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0yjoN5QLrafkL7aYJvbeefw1y
xl7PWeq2jhNppY3bK5DydjhaKIPDQj9PB1fl3Oxztv/NrbHN8T5njKRlc4Y21wQM
VZEgxLUcy3Q/GXcR5N9Dta6MNiKiOPaO4bpt7iV79b1vQ/+r9bEdFTHpkhjSg5qf
3kB9kuvZn7/8keScgyzzmUcI4n1ghPtbsC6H16sp6gg5XBSqXINNlDdFYUMD7I7y
3bO5Z13bZRg31Is7SFFCu1oPbJJBgSwFTgWFqncBZlfXFvFzhBziRfsTXiYCjUlc
WSXoqBg3HOE7v7uwb8RJCbXv6QfLSSBLQe0IZ6iHlbGbSXxqigvtWAM223FDAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUVbLzWYRd7ZxzHC/rnuljTy1qJkswHwYDVR0j
BBgwFoAUrUoiSpVl9n5JFOb4wrPDQwPJyHUwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzUvQUQ0QTIy
NEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMwM0M5Qzg3NS5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC8x
L0FENEEyMjRBOTU2NUY2N0U0OTE0RTZGOEMyQjNDMzQzMDNDOUM4NzUuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvNS8zMjYxMzEzMzNhNjMzMDMwMzczYTM4MzAzMTM0M2EzYTJmMzQzODJk
MzQzODIwM2QzZTIwMzEzOTM5MzIzNjM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPAB4AUMA0GCSqG
SIb3DQEBCwUAA4IBAQDILAQY1R68LYCjt25eUlXsRstilMWgW0XOEVcXJsjh3xEK
9qxdIAt9LwiJAfSSBK+zKmw09Ldj4/HOidci2FR5JMkIOH4ZvQW0jc3KezZB/GVq
IBYaoTuFEQA5Rae1lnI6Z8x7ZjF5PZ2r14U6o4pcfqIs1zyeb+7AdYXyJIwkChaF
2xQuSMGLRbRPARK6tiSlrAjeVTswPYWIrN5qM0alZAdUYNcTJhqaI236vl70OBUV
zfToDHq/tue3NFUJAIOPhMJAMegpCxMskFWHYkXJA4F6H1KHS9LRyio0+OnXMWgd
WfU/7TFFa56C5EWlvf24hkRaRMsZPI7rSEXv7COo
-----END CERTIFICATE-----